Pc infected through IE pop-ups & more(RESOLVED)

**sox** · 01-12-2007

Yes I changed the name of the file as instructed and drug it over the ComboFix icon. Combofix started up automatically and then left that log......I just did it again, and here are the results:

ComboFix 07-11-19.4C - Judy 2007-11-29 17:25:45.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT -6:00]
Running from: C:\Documents and Settings\Judy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Judy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-28 12:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 12:10 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SUPERAntiSpyware.com
2007-11-28 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 06:00 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\URSE Games
2007-11-28 04:57 <DIR> d-------- C:\Program Files\Holiday Bonus
2007-11-27 20:27 <DIR> d-------- C:\VundoFix Backups
2007-11-27 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 06:16 354 --ahs---- C:\WINDOWS\system32\pprfxoak.ini
2007-11-25 06:22 294 --ahs---- C:\WINDOWS\system32\vnwjghew.ini
2007-11-24 20:19 85,056 --a------ C:\WINDOWS\system32\fnnhrnpn.dll.ren
2007-11-24 20:19 414 --a------ C:\WINDOWS\system32\npnrhnnf.ini.ren
2007-11-23 21:00 <DIR> d-------- C:\Documents and Settings\Judy\Goett Family Photos
2007-11-23 20:19 354 --ahs---- C:\WINDOWS\system32\yilirqcs.ini
2007-11-23 20:18 85,056 --a------ C:\WINDOWS\system32\scqriliy.dll.ren
2007-11-21 22:20 354 --a------ C:\WINDOWS\system32\qfodbged.ini.ren
2007-11-21 22:19 85,056 --a------ C:\WINDOWS\system32\degbdofq.dll.ren
2007-11-21 20:08 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2007-11-21 19:53 85,056 --a------ C:\WINDOWS\system32\ixobdpry.dll.ren
2007-11-21 19:53 354 --ahs---- C:\WINDOWS\system32\yrpdboxi.ini
2007-11-21 17:20 <DIR> d-------- C:\Program Files\7 Artifacts
2007-11-21 16:20 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-21 16:20 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-21 16:20 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-21 16:20 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-21 16:20 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-21 16:20 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-19 06:39 85,056 --a------ C:\WINDOWS\system32\obrhvjyw.dll.ren
2007-11-19 06:39 1,374 --ahs---- C:\WINDOWS\system32\wyjvhrbo.ini
2007-11-18 06:40 1,134 --ahs---- C:\WINDOWS\system32\npvlcuye.ini
2007-11-17 05:16 1,014 --ahs---- C:\WINDOWS\system32\wwhuoihl.ini
2007-11-14 05:40 534 --ahs---- C:\WINDOWS\system32\mpythbqg.ini
2007-11-13 05:19 414 --ahs---- C:\WINDOWS\system32\rrxyaaga.ini
2007-11-13 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-11-13 05:06 <DIR> d-------- C:\Program Files\Cool
2007-11-11 15:08 <DIR> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-11 15:00 434,225 --a------ C:\WINDOWS\system32\ayadd.ini2.ren
2007-11-11 15:00 434,225 --ahs---- C:\WINDOWS\system32\ayadd.ini.ren
2007-11-11 14:52 <DIR> d-------- C:\WINDOWS\system32\rMa02yy
2007-11-11 14:52 <DIR> d-------- C:\Temp\abW9
2007-11-11 14:52 <DIR> d-------- C:\Temp
2007-11-03 07:16 <DIR> d-------- C:\Program Files\Picasa2
2007-11-03 07:16 <DIR> d-------- C:\Program Files\Google
2007-11-03 06:53 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-03 06:53 <DIR> d-------- C:\Program Files\Jewel Match
2007-11-02 22:51 <DIR> d-------- C:\WINDOWS\Sun
2007-11-02 18:44 <DIR> d-------- C:\Program Files\Nero
2007-11-02 18:44 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-02 17:54 <DIR> d-------- C:\Program Files\Limewire
2007-11-02 17:54 <DIR> d-------- C:\Documents and Settings\Judy\Shared
2007-11-02 17:50 <DIR> d-------- C:\Documents and Settings\Judy\Incomplete
2007-11-02 17:50 <DIR> d-------- C:\Documents and Settings\Judy\.limewire
2007-11-02 16:53 <DIR> dr------- C:\Program Files\Dazzle
2007-11-02 16:53 <DIR> d-------- C:\Program Files\Common Files\SCM
2007-11-02 16:53 36,864 --a------ C:\WINDOWS\system32\Stlhook.dll
2007-11-02 16:53 13,325 --------- C:\WINDOWS\system32\drivers\Stltrk2k.sys
2007-11-02 16:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-02 16:47 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-02 16:45 <DIR> d-------- C:\EPSONREG
2007-11-02 16:44 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-02 16:44 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-11-02 16:43 <DIR> d-------- C:\Program Files\Common Files\Python
2007-11-02 16:43 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-11-02 16:43 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-11-02 16:43 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-11-02 16:42 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-11-02 16:42 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-11-02 16:41 <DIR> d-------- C:\Program Files\EPSON
2007-11-02 16:41 <DIR> d-------- C:\EPSON
2007-11-02 16:33 <DIR> d-------- C:\WINDOWS\I9900
2007-11-02 16:33 113,152 --a------ C:\WINDOWS\system32\CNMLM5p.DLL
2007-11-02 16:33 86,016 -ra------ C:\WINDOWS\system32\CNMCP5p.exe
2007-11-02 16:33 7,680 --a------ C:\WINDOWS\system32\CNMVS5p.DLL
2007-11-02 16:32 <DIR> d-------- C:\Program Files\Canon
2007-11-02 16:23 73,728 -ra------ C:\WINDOWS\system32\cnm6C.tmp
2007-11-02 16:21 73,728 -ra------ C:\WINDOWS\system32\cnm32.tmp
2007-11-02 16:19 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-11-02 16:19 <DIR> d-------- C:\WINDOWS\I900D
2007-11-02 16:19 105,984 --a------ C:\WINDOWS\system32\CNMLM5e.DLL
2007-11-02 16:19 73,728 -ra------ C:\WINDOWS\system32\CNMCP5e.exe
2007-11-02 16:19 6,656 --a------ C:\WINDOWS\system32\CNMVS5e.DLL
2007-11-02 16:19 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2007-11-02 16:16 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-02 16:16 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-02 16:13 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-02 16:13 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-11-02 16:13 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-11-02 16:13 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-02 16:13 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-11-02 16:06 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2007-11-02 16:06 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-02 16:06 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-02 16:06 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2007-11-02 16:06 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2007-11-02 16:06 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2007-11-02 16:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-02 16:05 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-02 16:05 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-02 16:05 21,138 --a------ C:\WINDOWS\system32\Repository.reg
2007-11-02 16:04 <DIR> d-------- C:\Program Files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-17 09:29 35,840 ----a-w C:\WINDOWS\mrofinu572.exe.ren
2007-11-02 07:26 512,000 ----a-w C:\WINDOWS\SERVER-NME.EXE
2007-11-01 20:20 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-22 00:51 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
2007-10-19 19:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 02:00 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 01:57 195,096 ----a-w C:\WINDOWS\system32\lvci1150.dll
2007-10-12 01:55 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
2007-10-12 01:55 1,279,000 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-10-12 00:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-12 00:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-12 00:15 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2007-10-12 00:15 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2007-10-12 00:15 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2007-10-12 00:15 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2007-09-20 15:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 15:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 15:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_19.47.51.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-28 18:10:23 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-28 18:10:23 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-28 18:10:23 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-29 15:36:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_368.dat
+ 2007-11-29 23:22:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF}]
C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C7D86B7-A9BF-4E98-B05C-7CEA4444007E}]
C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1676B83-B850-4289-AB1C-FD59E7EF6CAB}]
C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [2007-09-22 07:40]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 05:06]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"{7A-A7-7C-C4-ZN}"="C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe" []
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"4487a76b"="C:\WINDOWS\system32\srsxmire.dll" []

[hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system3 2\DRIVERS\iteraid.sys
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{96DEEE3E-4F2A-C3E1-1707-E35CA017F612}]
C:\WINDOWS\system32:calc.exe
.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 17:27:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-11-29 17:27:48
C:\ComboFix2.txt ... 2007-11-29 09:48
C:\ComboFix3.txt ... 2007-11-28 14:45
.
--- E O F ---

############################

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:56 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cool\X_cool.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF} - C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C7D86B7-A9BF-4E98-B05C-7CEA4444007E} - C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll (file missing)
O2 - BHO: (no name) - {A1676B83-B850-4289-AB1C-FD59E7EF6CAB} - C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [{7A-A7-7C-C4-ZN}] C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [4487a76b] rundll32.exe "C:\WINDOWS\system32\srsxmire.dll",b
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'Default user')
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8121 bytes

Please advise.

**Neal** · 01-12-2007

for some reason it isn't working, combofix would show the files that were deleted. Strange!! Let's try a different way.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\pprfxoak.ini
C:\WINDOWS\system32\vnwjghew.ini
C:\WINDOWS\system32\fnnhrnpn.dll.ren
C:\WINDOWS\system32\npnrhnnf.ini.ren
C:\WINDOWS\system32\yilirqcs.ini
C:\WINDOWS\system32\scqriliy.dll.ren
C:\WINDOWS\system32\qfodbged.ini.ren
C:\WINDOWS\system32\degbdofq.dll.ren
C:\WINDOWS\system32\ixobdpry.dll.ren
C:\WINDOWS\system32\yrpdboxi.ini
C:\WINDOWS\system32\obrhvjyw.dll.ren
C:\WINDOWS\system32\wyjvhrbo.ini
C:\WINDOWS\system32\npvlcuye.ini
C:\WINDOWS\system32\wwhuoihl.ini
C:\WINDOWS\system32\mpythbqg.ini
C:\WINDOWS\system32\rrxyaaga.ini
C:\WINDOWS\system32\ayadd.ini2.ren
C:\WINDOWS\system32\ayadd.ini.ren
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\ADE.DLL
C:\WINDOWS\Ade001.bin
C:\WINDOWS\mrofinu572.exe.ren
C:\VundoFix Backups
C:\Program Files\Cool
C:\WINDOWS\system32\rMa01yy
C:\Temp\abW9
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**sox** · 01-12-2007

it did ask to reboot so i got this information from the cleanup button: (?) i hope this is good.

[nobackups]
avenger.zip <Avenger by Swandog46>
Avenger
avenger.txt
bfu.zip <BFU by Merijn>
BFU
combofix.exe <ComboFix by sUBs>
QooBox
ComboFix*.txt
catchme.exe
nircmd.exe
swreg.exe
Swxcacls.exe
Swsc.exe
dss.exe <Deckard's System Scanner by Deckard>
Deckard
FindAWF.exe <FindAWF by noahdfear>
AWF.txt
fixwareout.exe <FixWareout by LonnyRJones>
fixwareout
fsbl.exe <F-Secure BlackLight>
fsbl*.log
gmer.exe <GMER by Gmer>
gmer.dll
gmer.ini
gmer.log
gmer_uninstall.cmd
gmer.sys
gmer <delete service>
haxfix.exe <Haxfix by Markie>
haxfix.txt
killbox.exe <Killbox by Option^Explicit>
!Killbox
NoLop.exe <NoLop by ?>
NoLop.txt
NoLopOLD.txt
delete.bat
OTMoveIt.exe <OTMoveIt by OldTimer>
_OTMoveIt
rustbfix.exe <Rustbfix by Ejvindh>
Rustbfix
sdfix.exe <SDFix by Andy_Manchesta>
SDFix
SmitfraudFix.exe <SmitfraudFix by S!Ri>
SmitfraudFix
rapport.txt
SysInsite <System Insite by Bobbi Flekman>
VundoFix.exe <VundoFix by Atribune>
VundoFix Backups
vundofix.txt
win32delfkil.exe <WinDelfKil by Markie>
_backupD
windelf.txt
winpfind.exe <WinPfind by OldTimer>
WinPfind
winpfind3u.exe <WinPFind3 by OldTimer>
WinPFind3u
cleanup.txt
[deleteself]

#########################
i put the information in again and this is what is in the right pane now:

File/Folder C:\WINDOWS\system32\pprfxoak.ini not found.
File/Folder C:\WINDOWS\system32\vnwjghew.ini not found.
File/Folder C:\WINDOWS\system32\fnnhrnpn.dll.ren not found.
File/Folder C:\WINDOWS\system32\npnrhnnf.ini.ren not found.
File/Folder C:\WINDOWS\system32\yilirqcs.ini not found.
File/Folder C:\WINDOWS\system32\scqriliy.dll.ren not found.
File/Folder C:\WINDOWS\system32\qfodbged.ini.ren not found.
File/Folder C:\WINDOWS\system32\degbdofq.dll.ren not found.
File/Folder C:\WINDOWS\system32\ixobdpry.dll.ren not found.
File/Folder C:\WINDOWS\system32\yrpdboxi.ini not found.
File/Folder C:\WINDOWS\system32\obrhvjyw.dll.ren not found.
File/Folder C:\WINDOWS\system32\wyjvhrbo.ini not found.
File/Folder C:\WINDOWS\system32\npvlcuye.ini not found.
File/Folder C:\WINDOWS\system32\wwhuoihl.ini not found.
File/Folder C:\WINDOWS\system32\mpythbqg.ini not found.
File/Folder C:\WINDOWS\system32\rrxyaaga.ini not found.
File/Folder C:\WINDOWS\system32\ayadd.ini2.ren not found.
File/Folder C:\WINDOWS\system32\ayadd.ini.ren not found.
File/Folder C:\WINDOWS\system32\rMa02yy not found.
File/Folder C:\WINDOWS\ADE.DLL not found.
File/Folder C:\WINDOWS\Ade001.bin not found.
File/Folder C:\WINDOWS\mrofinu572.exe.ren not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\Program Files\Cool not found.
File/Folder C:\WINDOWS\system32\rMa01yy not found.
File/Folder C:\Temp\abW9 not found.

Created on 11/29/2007 19:59:32

################################################## ##
the new highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:47 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF} - C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C7D86B7-A9BF-4E98-B05C-7CEA4444007E} - C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll (file missing)
O2 - BHO: (no name) - {A1676B83-B850-4289-AB1C-FD59E7EF6CAB} - C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [{7A-A7-7C-C4-ZN}] C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [4487a76b] rundll32.exe "C:\WINDOWS\system32\srsxmire.dll",b
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'Default user')
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8054 bytes

**Neal** · 01-12-2007

I found a new version of combofix, the version you had is probably gone now since you clicked cleanup, what it does delete all known tools used to fix malware infections and is a good idea as in the wrong hands bad things could happen.

If you have previously downloaded ComboFix,please delete that version now.

Now download COMBOFIX and save to your desktop:

Note:

If you use Firefox you may have to right click COMBOFIX and click open link in new window

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

**sox** · 01-12-2007

Combofix results:

ComboFix 07-12-01.2 - Judy 2007-11-29 21:02:36.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.206 [GMT -6:00]
Running from: C:\Documents and Settings\Judy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-28 12:10 . 2007-11-28 14:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 12:10 . 2007-11-28 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 12:10 . 2007-11-28 12:10 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SUPERAntiSpyware.com
2007-11-28 12:10 . 2007-11-28 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 06:00 . 2007-11-28 06:00 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\URSE Games
2007-11-28 04:57 . 2007-11-28 14:36 <DIR> d-------- C:\Program Files\Holiday Bonus
2007-11-27 20:15 . 2007-11-27 20:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-27 06:20 . 2007-11-28 12:08 793,192 ---hs---- C:\WINDOWS\system32\erimxsrs.ini
2007-11-23 21:00 . 2007-11-23 21:32 <DIR> d-------- C:\Documents and Settings\Judy\Goett Family Photos
2007-11-21 20:08 . 2007-11-27 19:31 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2007-11-21 17:20 . 2007-11-21 17:24 <DIR> d-------- C:\Program Files\7 Artifacts
2007-11-21 16:20 . 2007-11-27 19:51 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-21 16:20 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-21 16:20 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-21 16:20 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-21 16:20 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-21 16:20 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-20 06:45 . 2007-11-21 06:43 1,434 --a------ C:\WINDOWS\system32\kxwgjdpp.ini.ren
2007-11-16 05:15 . 2007-11-17 03:10 954 --ahs---- C:\WINDOWS\system32\lleqroeh.ini
2007-11-15 05:13 . 2007-11-16 05:13 834 --ahs---- C:\WINDOWS\system32\lmtyblpw.ini
2007-11-13 07:51 . 2007-11-13 14:52 314 --a------ C:\WINDOWS\wininit.ini
2007-11-13 05:09 . 2007-11-28 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-11-11 15:08 . 2007-11-17 03:28 35,840 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2007-11-11 14:52 . 2007-11-29 19:46 <DIR> d-------- C:\Temp
2007-11-03 07:16 . 2007-11-03 07:16 <DIR> d-------- C:\Program Files\Picasa2
2007-11-03 07:16 . 2007-11-03 07:16 <DIR> d-------- C:\Program Files\Google
2007-11-03 07:16 . 2006-10-04 20:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-03 07:16 . 2006-10-04 20:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-03 06:53 . 2007-11-03 06:53 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-03 06:53 . 2007-11-23 21:40 <DIR> d-------- C:\Program Files\Jewel Match
2007-11-02 22:51 . 2007-11-02 22:51 <DIR> d-------- C:\WINDOWS\Sun
2007-11-02 19:15 . 2007-11-27 05:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-02 18:44 . 2007-11-02 18:44 <DIR> d-------- C:\Program Files\Nero
2007-11-02 18:44 . 2007-11-02 18:45 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-02 17:54 . 2007-11-02 17:54 <DIR> d-------- C:\Program Files\Limewire
2007-11-02 17:54 . 2007-11-02 17:55 <DIR> d-------- C:\Documents and Settings\Judy\Shared
2007-11-02 17:50 . 2007-11-02 17:55 <DIR> d-------- C:\Documents and Settings\Judy\Incomplete
2007-11-02 17:50 . 2007-11-02 18:05 <DIR> d-------- C:\Documents and Settings\Judy\.limewire
2007-11-02 16:53 . 2007-11-02 18:00 <DIR> dr------- C:\Program Files\Dazzle
2007-11-02 16:53 . 2007-11-02 16:53 <DIR> d-------- C:\Program Files\Common Files\SCM
2007-11-02 16:53 . 2001-06-15 06:35 36,864 --a------ C:\WINDOWS\system32\Stlhook.dll
2007-11-02 16:53 . 2001-10-03 02:00 13,325 --------- C:\WINDOWS\system32\drivers\Stltrk2k.sys
2007-11-02 16:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-02 16:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-02 16:45 . 2007-11-02 16:45 <DIR> d-------- C:\EPSONREG
2007-11-02 16:45 . 2007-11-02 16:45 436 --a------ C:\WINDOWS\PowerReg.dat
2007-11-02 16:44 . 2007-11-02 16:44 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-02 16:44 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-11-02 16:44 . 2001-10-16 10:23 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-11-02 16:43 . 2007-11-02 16:43 <DIR> d-------- C:\Program Files\Common Files\Python
2007-11-02 16:43 . 2001-10-19 12:18 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-11-02 16:43 . 2001-10-19 12:18 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-11-02 16:43 . 2001-10-19 12:19 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-11-02 16:42 . 1999-06-15 11:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-11-02 16:42 . 1999-08-09 23:50 72 --a------ C:\WINDOWS\system32\epDPE.ini
2007-11-02 16:41 . 2007-11-02 16:44 <DIR> d-------- C:\Program Files\EPSON
2007-11-02 16:40 . 2007-11-02 16:45 196 --a------ C:\WINDOWS\EPSON 1260_1660 Installer.ini
2007-11-02 16:35 . 2007-11-02 16:35 0 --a------ C:\WINDOWS\OpPrintServer.INI
2007-11-02 16:33 . 2007-11-02 16:33 <DIR> d-------- C:\WINDOWS\I9900
2007-11-02 16:33 . 2003-12-23 23:00 113,152 --a------ C:\WINDOWS\system32\CNMLM5p.DLL
2007-11-02 16:33 . 2003-08-27 06:11 86,016 -ra------ C:\WINDOWS\system32\CNMCP5p.exe
2007-11-02 16:33 . 2003-12-23 23:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5p.DLL
2007-11-02 16:32 . 2007-11-02 16:36 <DIR> d-------- C:\Program Files\Canon
2007-11-02 16:23 . 2003-05-13 12:50 73,728 -ra------ C:\WINDOWS\system32\cnm6C.tmp
2007-11-02 16:21 . 2003-05-13 12:50 73,728 -ra------ C:\WINDOWS\system32\cnm32.tmp
2007-11-02 16:19 . 2007-11-02 16:33 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-11-02 16:19 . 2007-11-02 16:19 <DIR> d-------- C:\WINDOWS\I900D
2007-11-02 16:19 . 2003-06-11 23:00 105,984 --a------ C:\WINDOWS\system32\CNMLM5e.DLL
2007-11-02 16:19 . 2003-05-13 12:50 73,728 -ra------ C:\WINDOWS\system32\CNMCP5e.exe
2007-11-02 16:19 . 2003-06-11 23:00 6,656 --a------ C:\WINDOWS\system32\CNMVS5e.DLL
2007-11-02 16:19 . 2003-02-27 15:10 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2007-11-02 16:16 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-02 16:16 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-02 16:06 . 2007-10-11 19:55 1,279,000 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-11-02 16:05 . 2007-11-02 16:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-02 16:05 . 2007-10-11 19:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2007-11-02 16:05 . 2007-10-11 19:11 59,500 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-11-02 16:05 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-02 16:05 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-02 16:05 . 2007-10-11 20:00 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-11-02 16:05 . 2007-10-11 19:18 21,138 --a------ C:\WINDOWS\system32\Repository.reg
2007-11-02 16:05 . 2007-10-11 19:55 13,848 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2007-11-02 16:04 . 2007-11-02 16:04 <DIR> d-------- C:\Program Files\Logitech
2007-11-02 16:04 . 2007-11-02 16:06 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-11-02 16:04 . 2007-11-02 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-02 16:04 . 2007-11-02 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-02 15:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-02 15:44 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-02 14:38 . 2007-11-02 11:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-02 14:09 . 2007-11-02 14:09 <DIR> d---s---- C:\Documents and Settings\Judy\UserData
2007-11-02 14:08 . 2004-08-04 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-02 13:55 . 2007-11-02 08:54 <DIR> d-------- C:\Program Files\GIGABYTE
2007-11-02 13:33 . 2007-11-02 13:33 <DIR> d-------- C:\Program Files\Java
2007-11-02 13:33 . 2007-11-02 13:33 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-02 13:33 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-02 13:33 . 2004-06-01 10:19 24,971 -ra------ C:\WINDOWS\system32\drivers\iteraid.sys
2007-11-02 13:33 . 2007-11-02 07:32 2,271 --a------ C:\WINDOWS\mozver.dat
2007-11-02 13:30 . 2007-11-02 11:22 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-02 13:16 . 2007-11-02 13:16 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-11-02 13:16 . 2007-11-02 13:16 <DIR> d-------- C:\Program Files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-01 20:20 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-22 00:51 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
2007-10-19 19:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 00:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-12 00:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-12 00:15 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2007-10-12 00:15 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2007-10-12 00:15 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2007-10-12 00:15 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2007-09-20 15:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 15:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 15:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_19.47.51.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 22:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 09:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-28 18:10:23 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-28 18:10:23 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-28 18:10:23 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-30 01:47:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_594.dat
+ 2007-11-30 01:47:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_70.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF}]
C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C7D86B7-A9BF-4E98-B05C-7CEA4444007E}]
C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1676B83-B850-4289-AB1C-FD59E7EF6CAB}]
C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [2007-09-22 07:40]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 05:06]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
"{7A-A7-7C-C4-ZN}"="C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe" []
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"4487a76b"="C:\WINDOWS\system32\srsxmire.dll" []

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system3 2\DRIVERS\iteraid.sys
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{96DEEE3E-4F2A-C3E1-1707-E35CA017F612}]
C:\WINDOWS\system32:calc.exe
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 21:03:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-01 21:04:02
C:\ComboFix2.txt ... 2007-11-29 17:27
C:\ComboFix3.txt ... 2007-11-29 09:48
.
--- E O F ---

##############
highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:59 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF} - C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C7D86B7-A9BF-4E98-B05C-7CEA4444007E} - C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll (file missing)
O2 - BHO: (no name) - {A1676B83-B850-4289-AB1C-FD59E7EF6CAB} - C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [{7A-A7-7C-C4-ZN}] C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [4487a76b] rundll32.exe "C:\WINDOWS\system32\srsxmire.dll",b
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe (User 'Default user')
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7980 bytes

I hope this is what you need. Thank you for your continuing help!

**Neal** · 01-12-2007

Looking some better. Perform in this order please.

Disable or uninstall anti trojan elite it is interfering with the fix

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: (no name) - {2CDA9E4B-DD82-4C9A-86B6-FF154E5B06AF} - C:\Program Files\ComPlus Applications\mepovyjC:\DOCUME~1\Judy\LOCALS~1\Temp \CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {7C7D86B7-A9BF-4E98-B05C-7CEA4444007E} - C:\Program Files\ComPlus Applications\mepovyjC:\Program Files\InetGet2\gm3-24418.exe.dll (file missing)
O2 - BHO: (no name) - {A1676B83-B850-4289-AB1C-FD59E7EF6CAB} - C:\Program Files\ComPlus Applications\mepovyjC:\WINDOWS\system32\h2\jumper8 3122.exe.dll (file missing)

O4 - HKLM\..\Run: [{7A-A7-7C-C4-ZN}] C:\Documents and Settings\Judy\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [4487a76b] rundll32.exe "C:\WINDOWS\system32\srsxmire.dll",b

Everything closed out but hijackthis and click on "fix checked"

Reboot your PC

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the quote(not word quote) box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\kxwgjdpp.ini.ren
C:\WINDOWS\system32\lleqroeh.ini
C:\WINDOWS\system32\lmtyblpw.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SlantAdj.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4) but not the word quote

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"{7A-A7-7C-C4-ZN}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"4487a76b"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot

You may want to printout the following instructions:

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All checkboxes should be ticked.
  - Under Possibly unwanted software:
    - All checkboxes should be ticked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.If you can't go to safe mode or run from safe mode, use NORMAL MODE.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

new hijackthis log and all this may take two posts

**sox** · 01-12-2007

Anti trojan eleite was deleted several days ago through Your Uninstaller - it does not show up in Windows add/remove programs either. I find nothing when I do a search for it either.....do we need to do something to remove this first before I proceed further????

**Neal** · 02-12-2007

Fix this with hijackthis

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

Delete this folder:

C:\Program Files\Anti Trojan Elite

If you can't find folder that is ok just procede please with the fix. Thanks.

**sox** · 02-12-2007

Avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\oitbiwuf

*******************

Script file located at: \??\C:\Program Files\jewebmab.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\kxwgjdpp.ini.ren deleted successfully.
File C:\WINDOWS\system32\lleqroeh.ini deleted successfully.
File C:\WINDOWS\system32\lmtyblpw.ini deleted successfully.

File C:\WINDOWS\mrofinu572.exe.tmp not found!
Deletion of file C:\WINDOWS\mrofinu572.exe.tmp failed!

Could not process line:
C:\WINDOWS\mrofinu572.exe.tmp
Status: 0xc0000034

File C:\WINDOWS\SlantAdj.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

###########################
Unfortunately I was unable to get a report from the AVG Anti-Spyware...I apologize, but I inadvertently clicked do not automatically generate reports while changing the only if threats were found - thus no report. I changed that setting and ran it again, but it still shows "no reports available" under that tab. If there is any way to duplicate the information please let me know and I will gladly provide. I do know that it found some "downloader agents" adware and one trojan agent. Sorry.

#############################
Here is the latest Highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:36 AM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7296 bytes

Please advise. Thank you!!!

**Neal** · 03-12-2007

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

fix this with hijackthis while in safe mode:

O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe

Close everything out but hijackthis, click fix checked.

Delete folder if present

C:\Program Files\Cool

Reboot back to normal mode and...

Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Double-click ATF-Cleaner.exe to run the program.

If you would like to keep your cookies don't check that item

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Reboot and tell me how your PC is doing now please.

Pc infected through IE pop-ups & more(RESOLVED)

Re: Pc infected through IE pop-ups & more

Similar Threads

Infected PC

Infected IE

Can you tell me if I'm infected?

Infected PC?

Infected computer