Newbie
Hi, i have posted before but i thought i would give it one more try, before i reformat!!!!!!!! my hard drive. Constant virus warnings constant pop ups..CiD
Please help!!!!!
Here is my log:::Logfile of HijackThis v1.99.1
Scan saved at 16:20:52, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\NAV\NAVW32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Paula\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\lvabwhgv.dll",realset
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Thx
Paul UK
Senior Member (Canada)
Finally, a new clue and a basis for a new direction (CiD and Vundo are both popup based infections - only CiD had been apparent):O4 - HKLM\..\Run: [WINDOWSUPDATE] rundll32.exe "C:\WINDOWS\system32\lvabwhgv.dll",realset
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Fix the following items in HijackThis (close all active running applications):
O4 - HKLM\..\Run: [WINDOWSUPDATE] rundll32.exe "C:\WINDOWS\system32\lvabwhgv.dll",realset
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Newbie
Hi,
Thankyou, seems it is well knackered!!!
Combo fix
may1506"Paula" - 07-05-15 18:18:32 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Paula\Desktop\Anti Spyware"
((((((((((((((((((((((((((((((( Files Created from 2007-04-15 to 2007-05-15 ))))))))))))))))))))))))))))))))))
2007-05-15 14:39 71,680 --a------ C:\WINDOWS\g25625234.exe
2007-05-15 13:34 71,680 --a------ C:\WINDOWS\g21704031.exe
2007-05-15 13:12 71,680 --a------ C:\WINDOWS\g20360015.exe
2007-05-15 13:02 71,680 --a------ C:\WINDOWS\g19772125.exe
2007-05-15 12:32 71,680 --a------ C:\WINDOWS\g17964000.exe
2007-05-15 08:49 71,680 --a------ C:\WINDOWS\g4627687.exe
2007-05-14 22:07 71,680 --a------ C:\WINDOWS\g117919218.exe
2007-05-14 21:45 71,680 --a------ C:\WINDOWS\g116608328.exe
2007-05-14 17:02 955,505 ---hs---- C:\WINDOWS\system32\jjkmp.ini2
2007-05-14 15:58 71,680 --a------ C:\WINDOWS\g95777359.exe
2007-05-14 14:58 71,680 --a------ C:\WINDOWS\g92220781.exe
2007-05-14 14:36 71,680 --a------ C:\WINDOWS\g90881171.exe
2007-05-14 10:36 71,680 --a------ C:\WINDOWS\g76505843.exe
2007-05-14 10:17 71,680 --a------ C:\WINDOWS\g75330984.exe
2007-05-14 09:21 71,680 --a------ C:\WINDOWS\g71949890.exe
2007-05-14 08:51 71,680 --a------ C:\WINDOWS\g70191531.exe
2007-05-14 07:53 71,680 --a------ C:\WINDOWS\g66719890.exe
2007-05-13 23:37 71,680 --a------ C:\WINDOWS\g36932765.exe
2007-05-13 23:15 71,680 --a------ C:\WINDOWS\g35611187.exe
2007-05-13 23:02 71,680 --a------ C:\WINDOWS\g34866062.exe
2007-05-13 22:20 71,680 --a------ C:\WINDOWS\g32309953.exe
2007-05-13 21:59 71,680 --a------ C:\WINDOWS\g31042656.exe
2007-05-13 21:27 71,680 --a------ C:\WINDOWS\g29123375.exe
2007-05-13 19:11 71,680 --a------ C:\WINDOWS\g20993218.exe
2007-05-13 17:45 71,680 --a------ C:\WINDOWS\g15843093.exe
2007-05-13 17:17 71,680 --a------ C:\WINDOWS\g14124406.exe
2007-05-13 16:57 71,680 --a------ C:\WINDOWS\g12917968.exe
2007-05-13 16:35 71,680 --a------ C:\WINDOWS\g11598281.exe
2007-05-13 16:15 71,680 --a------ C:\WINDOWS\g10396781.exe
2007-05-13 15:58 71,680 --a------ C:\WINDOWS\g9397234.exe
2007-05-13 15:33 71,680 --a------ C:\WINDOWS\g7871031.exe
2007-05-13 15:11 71,680 --a------ C:\WINDOWS\g6551187.exe
2007-05-13 14:51 71,680 --a------ C:\WINDOWS\g5388093.exe
2007-05-13 14:28 71,680 --a------ C:\WINDOWS\g4023671.exe
2007-05-13 14:08 71,680 --a------ C:\WINDOWS\g2821500.exe
2007-05-13 13:51 71,680 --a------ C:\WINDOWS\g1765703.exe
2007-05-13 11:52 71,680 --a------ C:\WINDOWS\g8839484.exe
2007-05-13 10:26 71,680 --a------ C:\WINDOWS\g3709578.exe
2007-05-13 09:33 945,102 ---hs---- C:\WINDOWS\system32\jjkmp.bak2
2007-05-13 09:06 972,952 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-05-13 09:06 132,660 --a------ C:\WINDOWS\system32\lvabwhgv.dll
2007-05-13 09:05 262,708 ---hs---- C:\WINDOWS\system32\pmkjj.dll
2007-05-13 08:52 29,206 --a------ C:\WINDOWS\system32\mljjiif.dll
2007-05-12 18:35 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-12 18:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-12 10:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Bluetooth
2007-05-11 17:40 <DIR> d-------- C:\Program Files\Xilisoft
2007-05-11 17:25 <DIR> d-------- C:\Program Files\IVT Corporation
2007-05-10 03:18 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 23:06 71,680 --a------ C:\WINDOWS\g38539562.exe
2007-05-06 21:15 71,680 --a------ C:\WINDOWS\g31867812.exe
2007-05-06 20:53 71,680 --a------ C:\WINDOWS\g30547703.exe
2007-05-06 20:36 71,680 --a------ C:\WINDOWS\g29557328.exe
2007-05-06 20:11 71,680 --a------ C:\WINDOWS\g28026546.exe
2007-05-06 19:49 71,680 --a------ C:\WINDOWS\g26739234.exe
2007-05-06 19:29 71,680 --a------ C:\WINDOWS\g25504015.exe
2007-05-06 19:10 71,680 --a------ C:\WINDOWS\g24411531.exe
2007-05-06 19:01 71,680 --a------ C:\WINDOWS\g23832078.exe
2007-05-06 18:35 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-06 18:26 71,680 --a------ C:\WINDOWS\g21725140.exe
2007-05-06 18:26 33,792 --a------ C:\WINDOWS\system32\wudb.dll
2007-05-06 12:31 909,312 --------- C:\WINDOWS\system32\AegisE5.dll
2007-05-06 12:31 7,040 --------- C:\WINDOWS\system32\bcmwlntp.sys
2007-05-06 12:31 69,632 --------- C:\WINDOWS\system32\BCMLogon.dll
2007-05-06 12:31 651,264 --------- C:\WINDOWS\system32\libeay32.dll
2007-05-06 12:31 61,440 --------- C:\WINDOWS\system32\bcmwld2k.exe
2007-05-06 12:31 593,920 --------- C:\WINDOWS\system32\bcmwltry.exe
2007-05-06 12:31 49,152 --------- C:\WINDOWS\system32\bcmwlhom.exe
2007-05-06 12:31 45,056 --------- C:\WINDOWS\system32\wltrysvc.exe
2007-05-06 12:31 338,176 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2007-05-06 12:31 266,240 --------- C:\WINDOWS\system32\PlugPlayPCIDevice.exe
2007-05-06 12:31 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-05-06 12:31 147,456 --------- C:\WINDOWS\system32\ssleay32.dll
2007-05-06 12:31 147,456 --------- C:\WINDOWS\system32\bcmwlu00.exe
2007-05-06 12:31 110,592 --------- C:\WINDOWS\system32\AegisI5.exe
2007-05-06 12:31 <DIR> d-------- C:\Program Files\BT Voyager
2007-05-05 14:55 17,408 --a------ C:\WINDOWS\system32\winuns32.dll
2007-04-29 10:37 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-04-29 10:37 <DIR> d-------- C:\DOCUME~1\Paula\Application Data\ArcSoft
2007-04-29 10:28 61,440 --a------ C:\WINDOWS\system32\rsnpstd.dll
2007-04-29 10:28 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
2007-04-29 10:28 390,784 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2007-04-29 10:28 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2007-04-29 10:28 339,968 --a------ C:\WINDOWS\vsnpstd.exe
2007-04-29 10:28 20,480 --a------ C:\WINDOWS\usnpstd.exe
2007-04-27 20:05 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-27 20:02 <DIR> d-------- C:\Program Files\Audible
2007-04-27 18:48 <DIR> d-------- C:\Program Files\Trust
2007-04-26 15:03 <DIR> d-------- C:\WINDOWS\ERDNT
2007-04-26 14:57 <DIR> d-------- C:\Deckard
2007-04-19 15:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-19 15:05 <DIR> d-------- C:\Program Files\Grisoft
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-05-15 18:16 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-05-15 16:09 -------- d-------- C:\Program Files\dc++
2007-05-15 07:33 -------- d-------- C:\Program Files\creative
2007-05-14 16:16 -------- d-------- C:\Program Files\ea games
2007-05-12 14:09 530 --a------ C:\delete.bat
2007-05-11 17:34 -------- d-------- C:\DOCUME~1\Paula\Application Data\nokia multimedia player
2007-05-11 17:25 -------- d--h----- C:\Program Files\installshield installation information
2007-05-10 11:14 -------- d-------- C:\Program Files\java
2007-05-10 11:03 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-05-10 11:03 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-10 11:03 -------- d-------- C:\Program Files\symantec
2007-05-08 15:22 -------- d-------- C:\DOCUME~1\Paula\Application Data\screenshot sender
2007-05-05 14:54 -------- d-------- C:\DOCUME~1\Paula\Application Data\utorrent
2007-05-01 18:26 -------- d-------- C:\Program Files\windows live toolbar
2007-05-01 18:25 -------- d-------- C:\Program Files\macrogaming
2007-05-01 18:19 -------- d-------- C:\Program Files\google
2007-04-29 10:36 -------- d-------- C:\Program Files\arcsoft
2007-04-27 20:54 -------- d-------- C:\DOCUME~1\Paula\Application Data\creative
2007-04-19 08:38 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-15 18:18 -------- d-------- C:\Program Files\Common Files\scanner
2007-04-12 15:23 -------- d-------- C:\Program Files\msn messenger
2007-04-11 14:37 -------- d-------- C:\Program Files\Common Files\motive
2007-04-11 06:09 -------- d-------- C:\Program Files\bt home hub
2007-04-11 05:47 -------- d-------- C:\Program Files\bt broadband 2091
2007-04-10 20:55 -------- d-------- C:\DOCUME~1\Paula\Application Data\yahoo!
2007-04-07 14:42 -------- d-------- C:\Program Files\quicktime
2007-04-07 14:42 -------- d-------- C:\Program Files\apple software update
2007-04-06 16:33 -------- d-------- C:\Program Files\xoftspy
2007-04-06 16:33 -------- d-------- C:\Program Files\noadware5.0
2007-04-06 12:45 -------- d-------- C:\DOCUME~1\Paula\Application Data\adobe
2007-04-06 10:00 -------- d-------- C:\Program Files\option dead
2007-04-06 10:00 -------- d-------- C:\DOCUME~1\Paula\Application Data\option dead
2007-04-05 20:24 -------- d-------- C:\Program Files\simaquarium2
2007-04-05 12:16 -------- d---s---- C:\DOCUME~1\Paula\Application Data\microsoft
2007-04-04 11:30 -------- d-------- C:\Program Files\thq
2007-04-03 22:33 -------- d-------- C:\Program Files\clonedvd
2007-04-03 20:49 -------- d-------- C:\Program Files\pc connectivity solution
2007-04-03 20:49 -------- d-------- C:\Program Files\nokia
2007-04-03 20:49 -------- d-------- C:\Program Files\Common Files\pcsuite
2007-04-03 20:49 -------- d-------- C:\Program Files\Common Files\nokia
2007-04-03 15:46 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-04-02 14:44 -------- d-------- C:\Program Files\Common Files\ahead
2007-04-02 12:27 -------- d-------- C:\Program Files\paltalk messenger
2007-03-28 18:51 97936 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:51 538256 --a------ C:\WINDOWS\system32\symneti.dll
2007-03-28 18:51 31888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:51 28304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:51 24208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:51 189584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:51 161424 --a------ C:\WINDOWS\system32\symredir.dll
2007-03-28 18:51 12944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-03-25 20:50 -------- d-------- C:\DOCUME~1\Paula\Application Data\avg7
2007-03-23 16:38 -------- d-------- C:\Program Files\irfanview
2007-03-22 10:42 -------- d-------- C:\Program Files\ccleaner
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-11 14:35 44239 --a------ C:\sound32.dll
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 18:45 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-03-07 18:45 51712 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2007-03-07 18:45 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-03-07 18:45 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-03-07 18:45 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-03-07 18:45 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-03-07 18:45 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-03-07 18:45 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-03-07 18:45 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-03-07 18:45 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-03-07 18:45 105984 --a------ C:\WINDOWS\system32\url.dll
2007-03-07 18:45 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-03-07 09:28 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-02-27 09:20 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-02-21 09:00 161792 --a------ C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Yahoo! Pager"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"
"Cdrom wait"="C:\\DOCUME~1\\Paula\\APPLIC~1\\OPTION~1\\WA RN ENC.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.ex e"
"NWEReboot"=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"WindowsUpdate"="rundll32.exe \"C:\\WINDOWS\\system32\\lvabwhgv.dll\",realset "
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"DJSNetCN"="C:\\Program Files\\Common Files\\Symantec Shared\\DJSNETCN.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOEAD5~1\\GOOGLE~ 1.EXE -systray -startup"
"item"="Google Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="BTSoftphone"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="BTHelpNotifier"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\ \BTHelpNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.ex e"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="LaunchApplication"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon .exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="yop"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{BFA1273D-F878-4B6D-911D-32731F1FE6AE}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MIC ROS~1\\DW\\dwtrig20.exe\" -t"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MIC ROS~1\\DW\\dwtrig20.exe\" -t"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjiif
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{3a08827f-8d5e-11d9-9cc2-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{3a088280-8d5e-11d9-9cc2-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Paula.job
C:\WINDOWS\tasks\XoftSpy.job
Completion time: 07-05-15 18:27:48
C:\ComboFix2.txt ... 07-05-15 07:51
C:\ComboFix3.txt ... 07-05-13 09:42
HJT
Logfile of HijackThis v1.99.1
Scan saved at 18:54:13, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Paula\Desktop\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\lvabwhgv.dll",realset
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Thx again....beyond repair?
Senior Member (Canada)
There is always hope if we can fix what is showing. Some of the tools that you are using may be of questionable effectiveness and hindering matters (noadware and xoftspy) with removals that may be incomplete but leaving no clue that certain infections may be present. If you ran 'combofix' several times, I now have no indication of what may have been fixed which could have suggested needed additional steps.Thx again....beyond repair?
You definately have a 'vundo' infection for which I had requested that you run 'vundofix' in my last set of procedures.
Submit several sample files to VirusTotal for their evaluation:
2007-05-15 14:39 71,680 --a------ C:\WINDOWS\g25625234.exe
2007-05-15 13:34 71,680 --a------ C:\WINDOWS\g21704031.exe
Newbie
Hi again, run Vundo this time!
Here isthe first file analysis from virus total:
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.18.2007 no virus found
BitDefender 7.2 05.19.2007 Dropped:Trojan.Downloader.Agent.BFO
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.19.2007 no virus found
DrWeb 4.33 05.19.2007 no virus found
eSafe 7.0.15.0 05.17.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.18.2007 no virus found
FileAdvisor 1 05.19.2007 no virus found
Fortinet 2.85.0.0 05.18.2007 no virus found
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.19.2007 no virus found
Kaspersky 4.0.2.24 05.19.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.18.2007 no virus found
NOD32v2 2277 05.18.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.18.2007 no virus found
Prevx1 V2 05.19.2007 Dialer.GlobalAccess
Sophos 4.17.0 05.18.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.19.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.18.2007 no virus found
VirusBuster 4.3.7:9 05.18.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 Worm.Win32.ModifiedUPX.gen!90 (suspicious)
Aditional Information
File size: 71680 bytes
MD5: 885e8e69dc801a021ec60439203b88d5
SHA1: 5a8b2558ab019bedffc0afbd78e35e8c2e043a45
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=794295889737
Second File
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.18.2007 no virus found
BitDefender 7.2 05.19.2007 Dropped:Trojan.Downloader.Agent.BFO
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.19.2007 no virus found
DrWeb 4.33 05.19.2007 no virus found
eSafe 7.0.15.0 05.17.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.18.2007 no virus found
FileAdvisor 1 05.19.2007 no virus found
Fortinet 2.85.0.0 05.18.2007 no virus found
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.19.2007 no virus found
Kaspersky 4.0.2.24 05.19.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.18.2007 no virus found
NOD32v2 2277 05.18.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.18.2007 no virus found
Prevx1 V2 05.19.2007 Dialer.GlobalAccess
Sophos 4.17.0 05.18.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.19.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.18.2007 no virus found
VirusBuster 4.3.7:9 05.18.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 Worm.Win32.ModifiedUPX.gen!90 (suspicious)
Aditional Information
File size: 71680 bytes
MD5: 885e8e69dc801a021ec60439203b88d5
SHA1: 5a8b2558ab019bedffc0afbd78e35e8c2e043a45
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=794295889737
HJT
Logfile of HijackThis v1.99.1
Scan saved at 09:03:43, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\SXV0H2X3\VundoFix[1].exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Paula\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\loibvudc.dll",realset
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Thanks again!!! Paul
Senior Member (Canada)
It greatly assists the fix process if you can follow instruction exactly as given and post the requested LOG feedback. Running vundofix from a TEMPORARY FILE location may have made the locating of LOG feedback difficult for you and thus unavailable for posting:
C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\SXV0H2X3\VundoFix[1].exe
Such feedback could have a critical impact on creating an improved and more timely resolution.
Please download the OTMoveIt by OldTimer.If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\g25625234.exe
C:\WINDOWS\g21704031.exe
C:\WINDOWS\g20360015.exe
C:\WINDOWS\g19772125.exe
C:\WINDOWS\g17964000.exe
C:\WINDOWS\g4627687.exe
C:\WINDOWS\g117919218.exe
C:\WINDOWS\g116608328.exe
C:\WINDOWS\g95777359.exe
C:\WINDOWS\g92220781.exe
C:\WINDOWS\g90881171.exe
C:\WINDOWS\g76505843.exe
C:\WINDOWS\g75330984.exe
C:\WINDOWS\g71949890.exe
C:\WINDOWS\g70191531.exe
C:\WINDOWS\g66719890.exe
C:\WINDOWS\g36932765.exe
C:\WINDOWS\g35611187.exe
C:\WINDOWS\g34866062.exe
C:\WINDOWS\g32309953.exe
C:\WINDOWS\g31042656.exe
C:\WINDOWS\g29123375.exe
C:\WINDOWS\g20993218.exe
C:\WINDOWS\g15843093.exe
C:\WINDOWS\g14124406.exe
C:\WINDOWS\g12917968.exe
C:\WINDOWS\g11598281.exe
C:\WINDOWS\g10396781.exe
C:\WINDOWS\g9397234.exe
C:\WINDOWS\g7871031.exe
C:\WINDOWS\g6551187.exe
C:\WINDOWS\g5388093.exe
C:\WINDOWS\g4023671.exe
C:\WINDOWS\g2821500.exe
C:\WINDOWS\g1765703.exe
C:\WINDOWS\g8839484.exe
C:\WINDOWS\g3709578.exe
C:\WINDOWS\g38539562.exe
C:\WINDOWS\g31867812.exe
C:\WINDOWS\g30547703.exe
C:\WINDOWS\g29557328.exe
C:\WINDOWS\g28026546.exe
C:\WINDOWS\g26739234.exe
C:\WINDOWS\g25504015.exe
C:\WINDOWS\g24411531.exe
C:\WINDOWS\g23832078.exe
C:\WINDOWS\g21725140.exe
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
- Close OTMoveIt
Fix the following items in HijackThis:
O4 - HKLM\..\Run: [SETUP] rundll32.exe "C:\WINDOWS\system32\loibvudc.dll",realset
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
REBOOT.
Run combofix and post its logs and a new HijackThis LOG.
Last edited by VopThis; 20-05-2007 at 10:06 PM.
Newbie
Hopefully i am slowly getting to grips with this now, i will follow your instructions to the word.
Move it
C:\WINDOWS\g25625234.exe moved successfully.
C:\WINDOWS\g21704031.exe moved successfully.
C:\WINDOWS\g20360015.exe moved successfully.
C:\WINDOWS\g19772125.exe moved successfully.
C:\WINDOWS\g17964000.exe moved successfully.
C:\WINDOWS\g4627687.exe moved successfully.
C:\WINDOWS\g117919218.exe moved successfully.
C:\WINDOWS\g116608328.exe moved successfully.
C:\WINDOWS\g95777359.exe moved successfully.
C:\WINDOWS\g92220781.exe moved successfully.
C:\WINDOWS\g90881171.exe moved successfully.
C:\WINDOWS\g76505843.exe moved successfully.
C:\WINDOWS\g75330984.exe moved successfully.
C:\WINDOWS\g71949890.exe moved successfully.
C:\WINDOWS\g70191531.exe moved successfully.
C:\WINDOWS\g66719890.exe moved successfully.
C:\WINDOWS\g36932765.exe moved successfully.
C:\WINDOWS\g35611187.exe moved successfully.
C:\WINDOWS\g34866062.exe moved successfully.
C:\WINDOWS\g32309953.exe moved successfully.
C:\WINDOWS\g31042656.exe moved successfully.
C:\WINDOWS\g29123375.exe moved successfully.
C:\WINDOWS\g20993218.exe moved successfully.
C:\WINDOWS\g15843093.exe moved successfully.
C:\WINDOWS\g14124406.exe moved successfully.
C:\WINDOWS\g12917968.exe moved successfully.
C:\WINDOWS\g11598281.exe moved successfully.
C:\WINDOWS\g10396781.exe moved successfully.
C:\WINDOWS\g9397234.exe moved successfully.
C:\WINDOWS\g7871031.exe moved successfully.
C:\WINDOWS\g6551187.exe moved successfully.
C:\WINDOWS\g5388093.exe moved successfully.
C:\WINDOWS\g4023671.exe moved successfully.
C:\WINDOWS\g2821500.exe moved successfully.
C:\WINDOWS\g1765703.exe moved successfully.
C:\WINDOWS\g8839484.exe moved successfully.
C:\WINDOWS\g3709578.exe moved successfully.
C:\WINDOWS\g38539562.exe moved successfully.
C:\WINDOWS\g31867812.exe moved successfully.
C:\WINDOWS\g30547703.exe moved successfully.
C:\WINDOWS\g29557328.exe moved successfully.
C:\WINDOWS\g28026546.exe moved successfully.
C:\WINDOWS\g26739234.exe moved successfully.
C:\WINDOWS\g25504015.exe moved successfully.
C:\WINDOWS\g24411531.exe moved successfully.
C:\WINDOWS\g23832078.exe moved successfully.
C:\WINDOWS\g21725140.exe moved successfully.
I cannot run HJT, it appears that something is switching it off, as soon as i double click it opens i click on scan etc it pulls up a log then immediately shuts down, sometimes it does not even get this far! I ran it several times and managed to get a copy of the log just before it shut down! I did not remove the items you said because it wont stay open.
Sorry but this is all i can do, i will try to reboot and do it again soon
Thanks
Paul
PS if you are ever over in ther UK, i owe you a pint or two!!!
