huge problem!!!

**Neal** · 03-07-2007

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Uncheck cookies

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)

Any better?

**devanb3** · 04-07-2007

nope no change

**Neal** · 04-07-2007

Two Things:

Please download http://siri.urz.free.fr/Fix/SmitfraudFix.zip (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Please do not run any other option until asked to do so, Thanks

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post the smitfraudfix log. Thanks.

1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post a new hijackthis log also please.

**devanb3** · 28-07-2007

sorry about the delay been outta town
SmitFraudFix v2.207

Scan done at 23:15:06.26, Fri 07/27/2007
Run from C:\Documents and Settings\DEVAN BOGAN\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32

C:\windows\system32\ot.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DEVAN BOGAN

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DEVAN BOGAN\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

"DEVAN BOGAN" - 2007-07-27 23:17:27 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))

C:\windows\system32\jkkljhi.dll
C:\windows\system32\jkkljhi.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\EUQBZMWC\www.broadcaster.com
C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\EUQBZMWC\www.broadcaster.com\BCLUserPrefs.sol
C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\EUQBZMWC\www.broadcaster.com\played_list.sol
C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\EUQBZMWC\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\DEVANB~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\{E000E~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\windows\system32\atwsettl
C:\windows\system32\atwsettl\atwsettl1.exe
C:\windows\system32\atwsettl\bg1.gif
C:\windows\system32\atwsettl\bgtop.gif
C:\windows\system32\atwsettl\bottom1.gif
C:\windows\system32\atwsettl\essentials.gif
C:\windows\system32\atwsettl\icon1.ico
C:\windows\system32\atwsettl\install1.gif
C:\windows\system32\atwsettl\left1.gif
C:\windows\system32\atwsettl\li.gif
C:\windows\system32\atwsettl\logo.gif
C:\windows\system32\atwsettl\main.htm
C:\windows\system32\atwsettl\mainframe.htm
C:\windows\system32\atwsettl\reinstall1.gif
C:\windows\system32\atwsettl\right1.gif
C:\windows\system32\atwsettl\s1.htm
C:\windows\system32\atwsettl\s2.htm
C:\windows\system32\atwsettl\s3.htm
C:\windows\system32\atwsettl\SMTop1.gif
C:\windows\system32\atwsettl\SMTop2.gif
C:\windows\system32\atwsettl\SMTop3.gif
C:\windows\system32\atwsettl\SMTop4.gif
C:\windows\system32\atwsettl\soft1_off.gif
C:\windows\system32\atwsettl\soft1_off_ext.gif
C:\windows\system32\atwsettl\soft1_on.gif
C:\windows\system32\atwsettl\soft1_on_ext.gif
C:\windows\system32\atwsettl\soft2_off.gif
C:\windows\system32\atwsettl\soft2_off_ext.gif
C:\windows\system32\atwsettl\soft2_on.gif
C:\windows\system32\atwsettl\soft2_on_ext.gif
C:\windows\system32\atwsettl\soft3_off.gif
C:\windows\system32\atwsettl\soft3_off_ext.gif
C:\windows\system32\atwsettl\soft3_on.gif
C:\windows\system32\atwsettl\soft3_on_ext.gif
C:\windows\system32\atwsettl\softbottom_off.gif
C:\windows\system32\atwsettl\softbottom_on.gif
C:\windows\system32\atwsettl\softleft_off.gif
C:\windows\system32\atwsettl\softleft_on.gif
C:\windows\system32\atwsettl\top1.gif
C:\windows\system32\atwsettl\top2.gif
C:\windows\system32\atwsettl\turnoff1.gif
C:\windows\system32\atwsettl\turnon1.gif

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_COM+_MESSAGES
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

2007-07-27 23:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 23:15 1,740 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-27 23:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-27 23:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-27 23:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-27 23:50:31 -------- d-----w C:\Program Files\Mozilla Sunbird
2007-07-14 23:12:08 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\LimeWire
2007-07-05 17:32:56 -------- d-----w C:\Program Files\WarRock
2007-07-05 00:05:32 4,212 ---h--w C:\windows\system32\zllictbl.dat
2007-07-02 03:34:51 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\Morpheus
2007-07-02 03:09:38 -------- d-----w C:\Program Files\Morpheus
2007-06-26 04:32:22 -------- d-----w C:\Program Files\Lavasoft
2007-06-26 04:32:04 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-22 05:19:13 249,856 ------w C:\windows\Setup1.exe
2007-06-22 05:19:03 73,216 ----a-w C:\windows\ST6UNST.EXE
2007-06-20 14:05:59 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\Viewpoint
2007-06-19 19:45:39 -------- d-----w C:\Program Files\RogueRemover
2007-06-15 02:15:12 -------- d-----w C:\Program Files\AIM6
2007-06-15 02:13:45 -------- d-----w C:\Program Files\Viewpoint
2007-06-14 22:22:06 -------- d-----w C:\Program Files\Common Files\Real
2007-06-14 22

52 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\Real
2007-06-14 22

48 8,413 ----a-w C:\windows\system32\drivers\mcstrm.sys
2007-06-14 22

41 -------- d-----w C:\Program Files\Best Buy Rhapsody
2007-06-14 22:08:23 -------- d-----w C:\Program Files\Real
2007-06-14 21:59:51 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\ArcSoft
2007-06-14 21:48:48 -------- d-----w C:\Program Files\Common Files\ArcSoft
2007-06-14 21:48:40 -------- d-----w C:\Program Files\ArcSoft
2007-06-14 21:48:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-14 03:49:25 -------- d-----w C:\Program Files\MSN Messenger
2007-06-09 22:03:26 -------- d-----w C:\DOCUME~1\DEVANB~1\APPLIC~1\InstallShield
2007-06-08 16:42:24 -------- d-----w C:\Program Files\Microsoft Games
2007-06-04 19:18:48 9,344 ----a-w C:\windows\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\windows\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\windows\system32\drivers\AWRTPD.sys
2007-06-04 01:49:44 -------- d-----w C:\Program Files\LimeWire
2007-05-16 15:12:02 683,520 ----a-w C:\windows\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\windows\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\windows\system32\AVASTSS.scr
2005-12-15 23:42:53 80 --sh--r C:\windows\system32\5FA2F35E96.dll
2006-03-11 04:41:32 104 --sh--r C:\windows\system32\5FA2F35E96.sys
2006-03-10 21:04:46 88 --sh--r C:\windows\system32\965EF3A25F.sys
2005-03-31 02:31:02 56 --sh--r C:\windows\system32\A21701612C.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-04-30 11:42]
"Lwinst Run Profiler"="C:\Program Files\Common Files\Logitech\LGS440Inst\Profiler\LWTest.exe" [2004-04-23 15:24]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoSecurityTab"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-3666186597-4113636562-2537564288-1006\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Privacy Shield\xp.cmd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
backup=C:\WINDOWS\pss\svchost.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DEVAN BOGAN^Start Menu^Programs^StartUp^Morpheus.lnk]
path=C:\Documents and Settings\DEVAN BOGAN\Start Menu\Programs\StartUp\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvgop.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
rundll32.exe "C:\WINDOWS\system32\uwlckcvx.dll",setvm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\windows\system32\ptrtwnnl.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtcfaxaz.exe]
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guitar Tips Messenger]
C:\WINDOWS\Guitar Tips Messenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1145922625\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
C:\Program Files\RAM Idle LE\RAM_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slyfgji.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\slyfgji.dll,qoyqraf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"C:\Program Files\Logitech\WingMan Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartFoxie]
C:\Program Files\Foxie Suite\StartFoxie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System: PPFSYS.EXE Don`t remove it!]
ppfsys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syswin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Usrr]
"C:\DOCUME~1\DEVANB~1\APPLIC~1\YSTEM3~1\ntvdm. exe" -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
winlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zjuzc]
"C:\Documents and Settings\DEVAN BOGAN\Application Data\?ystem\lsass.exe" 99001162

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E000E1C3-09E5-1033-0512-040312040001}]
"C:\Program Files\Common Files\{E000E1C3-09E5-1033-0512-040312040001}\Update.exe" mc-110-12-0000272

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command- D:\NCDSTART.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e4b5111-87f7-11d9-925c-000cf1eee38c}]
AutoRun\command- J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e4b5112-87f7-11d9-925c-000cf1eee38c}]
AutoRun\command- J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e4b5113-87f7-11d9-925c-000cf1eee38c}]
AutoRun\command- J:\JDSecure\Windows\JDSecure31.exe

Contents of the 'Scheduled Tasks' folder
2007-07-20 09:01:00 C:\windows\tasks\defrag.job
2007-07-20 07

00 C:\windows\tasks\Disk Cleanup.job
2007-07-28 03:32:00 C:\windows\tasks\MP Scheduled Scan.job

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 23:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-27 23:36:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 23:35

--- E O F ---

**devanb3** · 28-07-2007

Logfile of HijackThis v1.99.1
Scan saved at 11:43:34 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Common Files\Logitech\LGS440Inst\Profiler\LWTest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edge...oadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125194918140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139960576718
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PurgPro XP Service (PurgProService) - Unknown owner - C:\Program Files\PurgeIE\PurgPro_Service.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Neal** · 28-07-2007

You have quite a bit of malware turned off in msconfig, that doesn't remove it from your computer, it is still there. Your call on that.

These files below need to be scanned one at a time to find out what they are:

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\Process.exe
C:\windows\system32\5FA2F35E96.dll
C:\windows\system32\5FA2F35E96.sys
C:\windows\system32\965EF3A25F.sys
C:\windows\system32\A21701612C.sys

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\tmp.reg

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

If that one is to busy here is another option:

http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html

Do each file one at a time and post results back here please by copy/paste.

New hijackthis log also please.

**devanb3** · 28-07-2007

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 1740 bytes
MD5: 6b9aeb4a58870381c79a01eb0c22c1a1
SHA1: 2c8379a01777a684002f07f0c5576cb0e9a936cd
packers: Unicode
packers: Unicode
Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 Win-AppCare/PrcViewer.53248
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 High threat detected
Fortinet 2.91.0.0 2007.07.28 Misc/PrcViewer
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 potentially unwanted program PrcViewer
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 Win32/PrcView
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 Application/Processor
Prevx1 V2 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 Aplicacion/Processor.20
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 53248 bytes
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA1: 890368473ecbc404dcd42ff0c6c38397102f59c0
Bit9 info: http://fileadvisor.bit9.com/services...b645c0cd428017
Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Prevx1 V2 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 80 bytes
MD5: 9f433af84ea9ec2eb8d2043c19f3361b
SHA1: 06fbaea5748bbb39d5bcccca33df1394c627ef99
Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Prevx1 V2 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 104 bytes
MD5: 36a2529bcd0736e0b2543d3b38ad2133
SHA1: 35d2e16be905b88bd6c7ef4e305f195d3e8b1be8
Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Additional information
File size: 88 bytes
MD5: b307fb7417db3ce746c9b4ded69676bb
SHA1: 23c61805822b1690cad8217cc7e5890b97f4e4fd
Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Additional information
File size: 56 bytes
MD5: bddf4f08858fb8f4f9a39b8eab6ebfc2
SHA1: de9f510a3abd8cc984a384ec7dba073c033c531d
Logfile of HijackThis v1.99.1
Scan saved at 6:03:15 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Common Files\Logitech\LGS440Inst\Profiler\LWTest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edge...oadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125194918140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139960576718
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PurgPro XP Service (PurgProService) - Unknown owner - C:\Program Files\PurgeIE\PurgPro_Service.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Neal** · 29-07-2007

All that doesn't tell me anything. It is all mashed together and no file name is showing for the results. Each file scan result needs to have a space or two between them so it is readable.

Do again please.

In the meantime you can do this also to clear up an infection:

[*]Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

[*]Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

[*]Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Post the needed logs please and scan results and a new hijackthis log.

**devanb3** · 30-07-2007

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 1740 bytes
MD5: 6b9aeb4a58870381c79a01eb0c22c1a1
SHA1: 2c8379a01777a684002f07f0c5576cb0e9a936cd
packers: Unicode
packers: Unicode

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 Win-AppCare/PrcViewer.53248
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 High threat detected
Fortinet 2.91.0.0 2007.07.28 Misc/PrcViewer
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 potentially unwanted program PrcViewer
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 Win32/PrcView
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 Application/Processor
Prevx1 V2 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 Aplicacion/Processor.20
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 53248 bytes
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA1: 890368473ecbc404dcd42ff0c6c38397102f59c0
Bit9 info: http://fileadvisor.bit9.com/services...b645c0cd428017

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Prevx1 V2 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 80 bytes
MD5: 9f433af84ea9ec2eb8d2043c19f3361b
SHA1: 06fbaea5748bbb39d5bcccca33df1394c627ef99

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Rising 19.33.52.00 2007.07.28 -
Prevx1 V2 2007.07.28 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.28 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.28 -
Additional information
File size: 104 bytes
MD5: 36a2529bcd0736e0b2543d3b38ad2133
SHA1: 35d2e16be905b88bd6c7ef4e305f195d3e8b1be8

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Additional information
File size: 88 bytes
MD5: b307fb7417db3ce746c9b4ded69676bb
SHA1: 23c61805822b1690cad8217cc7e5890b97f4e4fd

Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.28 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.28 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.28 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.28 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.28 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.28 -
Additional information
File size: 56 bytes
MD5: bddf4f08858fb8f4f9a39b8eab6ebfc2
SHA1: de9f510a3abd8cc984a384ec7dba073c033c531d

Logfile of HijackThis v1.99.1
Scan saved at 6:03:15 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Common Files\Logitech\LGS440Inst\Profiler\LWTest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edge...oadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125194918140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139960576718
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PurgPro XP Service (PurgProService) - Unknown owner - C:\Program Files\PurgeIE\PurgPro_Service.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote

**Neal** · 30-07-2007

How is your computer behaving now?

huge problem!!!

Re: huge problem!!!

Similar Threads

Asking to log on? HUGE PROBLEM

huge problem!!!

Huge problem (NTFS)

Huge problem

Got a HUGE problem (HiJack Log This)