Hi. When I launch IE the initial page is very slow to come up. I scanned my system with AVG and it showed trojans downloader.agent.aatk and downloader.generic6.agde which it says it deleted. AVG will do a manual scan, but I don't think it is running in the background like it is supposed to (the icon is not in the system tray, also when I click on Control Center it says it can not launch). I have scanned with Ad-aware and Spybot S&D. Here's my Hijack this log. Any help will be appreciated. -Kim
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:54 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8214 bytes
Full Version: Trojan infection
I don't see anything glaring in the HJT log, so lets run a generic cleaner that will give more information.
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Here are my logs:
ComboFix 08-02.03.1 - Kim 2008-02-03 18:30:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT -5:00]
Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-02 22:15 . 2008-02-02 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 22:15 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 09:08 . 2004-08-10 04:04 59,392 --a------ C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-30 21:24 . 2008-01-30 21:24 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-30 21:24 . 2008-01-30 21:24 <DIR> d-------- C:\WINDOWS\bak
2008-01-12 21:20 . 2008-01-12 21:20 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 13:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-03 03:16 --------- d-----w C:\Program Files\Lavasoft
2008-02-03 03:16 --------- d-----w C:\Documents and Settings\Kim\Application Data\Lavasoft
2008-02-03 00:54 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
2008-02-02 14:31 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2008-02-02 14:05 --------- d-----w C:\Program Files\Windows Defender
2008-02-02 00:33 11,092 ----a-w C:\Documents and Settings\Mike\Application Data\wklnhst.dat
2008-02-01 23:52 2,160 ----a-w C:\Documents and Settings\Kim\Application Data\wklnhst.dat
2008-01-31 02:41 --------- d-----w C:\Program Files\QuickTime
2008-01-31 02:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-31 02:41 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-20 04:23 --------- d-----w C:\Program Files\Quicken
2008-01-02 19:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Intuit
2008-01-02 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 19:30 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-02 19:18 --------- d-----w C:\Program Files\TurboTax
2007-12-26 01:22 --------- d-----w C:\Program Files\PhoTags Express
2007-12-25 19:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 19:42 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-25 19:28 --------- d-----w C:\Program Files\Encore
2007-12-24 00:49 --------- d-----w C:\Program Files\Sonic
2007-12-16 18:15 --------- d-----w C:\Documents and Settings\Mike\Application Data\Snapfish
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 00:17 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2007-12-11 11:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Yahoo!
2007-12-10 02:20 --------- d-----w C:\Documents and Settings\Keith\Application Data\Yahoo!
2007-12-05 02:32 --------- d-----w C:\Program Files\CrossLoop
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-08-15 03:03 1,514 ----a-w C:\Documents and Settings\Keith\Application Data\wklnhst.dat
2006-12-20 02:31 251 ----a-w C:\Program Files\wt3d.ini
2007-09-15 04:28 104 --sh--r C:\WINDOWS\system32\D13A69AC77.sys
2007-09-15 04:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,792 2007-10-10 23:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 249,856 2005-08-11 20:30:30 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
----a-w 278,528 2006-03-08 13:56:00 C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe
----a-w 53,248 2005-02-23 22:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
----a-w 202,544 2007-10-09 22:56:24 C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe
----a-w 16,384 2007-10-09 22:57:14 C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe
----a-w 168,448 2005-12-28 02:11:56 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe
----a-w 68,856 2007-06-20 03:41:38 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 579,072 2007-12-21 14:54:07 C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe
----a-w 45,056 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbckver.exe
----a-w 24,626 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
----a-w 20,530 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
----a-w 20,530 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
----a-w 221,184 2003-09-04 02:12:44 C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe
----a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
----a-w 279,912 2007-05-17 21:45:32 C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe
----a-w 8,720,384 2007-12-07 07:33:26 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
----a-w 98,304 2005-12-28 02:04:04 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 26,112 2005-12-28 02:03:50 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
----a-w 163,840 2005-01-22 00:04:42 C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe
----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe
----a-w 709,992 2007-04-10 21:46:52 C:\WINDOWS\bak\vVX1000.exe
----a-w 67,584 2005-09-29 20:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 77,824 2005-07-20 05:06:12 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 114,688 2005-07-20 05:10:06 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 94,208 2005-07-20 05:09:26 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 122,941 2005-05-31 10:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 08:54 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-16 20:39:34 113664]
Event Reminder.lnk - C:\PROGRA~1\BRODER~1\PrintMaster\pmremind.exe [2006-11-15 15:27:10 331776]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-06 111376]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 14:08:08 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - AAWSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 07:05:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 18:35:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 18:37:38
ComboFix-quarantined-files.txt 2008-02-03 23:37:34
.
2008-02-01 09:02:41 --- E O F ---
---------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:20 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8230 bytes
ComboFix 08-02.03.1 - Kim 2008-02-03 18:30:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT -5:00]
Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\A2QRVERG\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-02 22:15 . 2008-02-02 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 22:15 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 09:08 . 2004-08-10 04:04 59,392 --a------ C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-30 21:24 . 2008-01-30 21:24 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-30 21:24 . 2008-01-30 21:24 <DIR> d-------- C:\WINDOWS\bak
2008-01-12 21:20 . 2008-01-12 21:20 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 13:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-03 03:16 --------- d-----w C:\Program Files\Lavasoft
2008-02-03 03:16 --------- d-----w C:\Documents and Settings\Kim\Application Data\Lavasoft
2008-02-03 00:54 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
2008-02-02 14:31 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2008-02-02 14:05 --------- d-----w C:\Program Files\Windows Defender
2008-02-02 00:33 11,092 ----a-w C:\Documents and Settings\Mike\Application Data\wklnhst.dat
2008-02-01 23:52 2,160 ----a-w C:\Documents and Settings\Kim\Application Data\wklnhst.dat
2008-01-31 02:41 --------- d-----w C:\Program Files\QuickTime
2008-01-31 02:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-31 02:41 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-20 04:23 --------- d-----w C:\Program Files\Quicken
2008-01-02 19:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Intuit
2008-01-02 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 19:30 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-02 19:18 --------- d-----w C:\Program Files\TurboTax
2007-12-26 01:22 --------- d-----w C:\Program Files\PhoTags Express
2007-12-25 19:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 19:42 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-25 19:28 --------- d-----w C:\Program Files\Encore
2007-12-24 00:49 --------- d-----w C:\Program Files\Sonic
2007-12-16 18:15 --------- d-----w C:\Documents and Settings\Mike\Application Data\Snapfish
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 00:17 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2007-12-11 11:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Yahoo!
2007-12-10 02:20 --------- d-----w C:\Documents and Settings\Keith\Application Data\Yahoo!
2007-12-05 02:32 --------- d-----w C:\Program Files\CrossLoop
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-08-15 03:03 1,514 ----a-w C:\Documents and Settings\Keith\Application Data\wklnhst.dat
2006-12-20 02:31 251 ----a-w C:\Program Files\wt3d.ini
2007-09-15 04:28 104 --sh--r C:\WINDOWS\system32\D13A69AC77.sys
2007-09-15 04:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,792 2007-10-10 23:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 249,856 2005-08-11 20:30:30 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
----a-w 278,528 2006-03-08 13:56:00 C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe
----a-w 53,248 2005-02-23 22:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
----a-w 202,544 2007-10-09 22:56:24 C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe
----a-w 16,384 2007-10-09 22:57:14 C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe
----a-w 168,448 2005-12-28 02:11:56 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe
----a-w 68,856 2007-06-20 03:41:38 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 579,072 2007-12-21 14:54:07 C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe
----a-w 45,056 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbckver.exe
----a-w 24,626 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
----a-w 20,530 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
----a-w 20,530 2002-05-07 10:20:00 C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
----a-w 221,184 2003-09-04 02:12:44 C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe
----a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
----a-w 279,912 2007-05-17 21:45:32 C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe
----a-w 8,720,384 2007-12-07 07:33:26 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
----a-w 98,304 2005-12-28 02:04:04 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 26,112 2005-12-28 02:03:50 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
----a-w 163,840 2005-01-22 00:04:42 C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe
----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe
----a-w 709,992 2007-04-10 21:46:52 C:\WINDOWS\bak\vVX1000.exe
----a-w 67,584 2005-09-29 20:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 77,824 2005-07-20 05:06:12 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 114,688 2005-07-20 05:10:06 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 94,208 2005-07-20 05:09:26 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 122,941 2005-05-31 10:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 08:54 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-16 20:39:34 113664]
Event Reminder.lnk - C:\PROGRA~1\BRODER~1\PrintMaster\pmremind.exe [2006-11-15 15:27:10 331776]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-06 111376]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 14:08:08 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - AAWSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 07:05:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 18:35:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 18:37:38
ComboFix-quarantined-files.txt 2008-02-03 23:37:34
.
2008-02-01 09:02:41 --- E O F ---
---------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:20 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8230 bytes
Download FindAWF.exe by noahdfear and save to your desktop.
* Double-click on FindAWF.exe to start.
* If a "Security Alert" shows, allow the program to run.
* Select option #1 - Scan for bak folders by typing 1 and press 'Enter'.
* When complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop.
* Copy and paste the contents of the awf.txt file in your next reply.
* Double-click on FindAWF.exe to start.
* If a "Security Alert" shows, allow the program to run.
* Select option #1 - Scan for bak folders by typing 1 and press 'Enter'.
* When complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop.
* Copy and paste the contents of the awf.txt file in your next reply.
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Mon 02/04/2008
The current time is: 15:28:34.33
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK
04/10/2007 04:46 PM 709,992 vVX1000.exe
1 File(s) 709,992 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes
Directory of C:\PROGRA~1\MI6669~1\BAK
05/17/2007 04:45 PM 279,912 LifeExp.exe
1 File(s) 279,912 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
12/27/2005 09:04 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/10/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes
Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\BAK
03/08/2006 08:56 AM 278,528 MtdAcqu.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\DELLSU~1\BIN\BAK
10/09/2007 05:56 PM 202,544 sprtcmd.exe
1 File(s) 202,544 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
12/27/2005 09:11 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/19/2007 10:41 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
12/21/2007 09:54 AM 579,072 avgcc.exe
1 File(s) 579,072 bytes
Directory of C:\PROGRA~1\IBM\CLIENT~1\BAK
05/07/2002 05:20 AM 45,056 cwbckver.exe
05/07/2002 05:20 AM 24,626 cwbinhlp.exe
05/07/2002 05:20 AM 20,530 cwbsvstr.exe
05/07/2002 05:20 AM 20,530 cwbwlwiz.exe
4 File(s) 110,742 bytes
Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK
09/03/2003 09:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes
Directory of C:\PROGRA~1\MYSPACE\IM\BAK
12/07/2007 02:33 AM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes
Directory of C:\PROGRA~1\REAL\REALPL~1\BAK
12/27/2005 09:03 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
08/11/2005 03:30 PM 249,856 isuspm.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\DELLSU~1\GS_AGENT\CUSTOM\BAK
10/09/2007 05:57 PM 16,384 dsca.exe
1 File(s) 16,384 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK
09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK
01/21/2005 07:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
709992 Apr 10 2007 "C:\WINDOWS\bak\vVX1000.exe"
709992 Apr 10 2007 "C:\Program Files\Microsoft LifeCam\Driver32\VX1000\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
end of report
Version 1.40
The current date is: Mon 02/04/2008
The current time is: 15:28:34.33
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK
04/10/2007 04:46 PM 709,992 vVX1000.exe
1 File(s) 709,992 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes
Directory of C:\PROGRA~1\MI6669~1\BAK
05/17/2007 04:45 PM 279,912 LifeExp.exe
1 File(s) 279,912 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
12/27/2005 09:04 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/10/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes
Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\BAK
03/08/2006 08:56 AM 278,528 MtdAcqu.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\DELLSU~1\BIN\BAK
10/09/2007 05:56 PM 202,544 sprtcmd.exe
1 File(s) 202,544 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
12/27/2005 09:11 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/19/2007 10:41 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
12/21/2007 09:54 AM 579,072 avgcc.exe
1 File(s) 579,072 bytes
Directory of C:\PROGRA~1\IBM\CLIENT~1\BAK
05/07/2002 05:20 AM 45,056 cwbckver.exe
05/07/2002 05:20 AM 24,626 cwbinhlp.exe
05/07/2002 05:20 AM 20,530 cwbsvstr.exe
05/07/2002 05:20 AM 20,530 cwbwlwiz.exe
4 File(s) 110,742 bytes
Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK
09/03/2003 09:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes
Directory of C:\PROGRA~1\MYSPACE\IM\BAK
12/07/2007 02:33 AM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes
Directory of C:\PROGRA~1\REAL\REALPL~1\BAK
12/27/2005 09:03 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
08/11/2005 03:30 PM 249,856 isuspm.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\DELLSU~1\GS_AGENT\CUSTOM\BAK
10/09/2007 05:57 PM 16,384 dsca.exe
1 File(s) 16,384 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK
09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK
01/21/2005 07:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
709992 Apr 10 2007 "C:\WINDOWS\bak\vVX1000.exe"
709992 Apr 10 2007 "C:\Program Files\Microsoft LifeCam\Driver32\VX1000\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
end of report
Start FindAWF.exe Select Option 2 by pressing [/b]2[/b] and then Enter. A text file will open (files.txt). In that files.txt, copy and paste the following list of files to be restored: (be sure to includie the quotes)
Close the files.txt and click Yes to save the changes. FindAWF wil now terminate the bad processes if running, delete the bad files and restore/replace them with the good files. Then it will open a log. Copy and paste the contents of that log in your next reply along with a new HijackThis log.
CODE
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
"C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
"C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
"C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
"C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
"C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
"C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
"C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\bak\vVX1000.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
"C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
"C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
"C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
"C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
"C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
"C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
"C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\bak\vVX1000.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
Close the files.txt and click Yes to save the changes. FindAWF wil now terminate the bad processes if running, delete the bad files and restore/replace them with the good files. Then it will open a log. Copy and paste the contents of that log in your next reply along with a new HijackThis log.
Done. Here are my logs:
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Mon 02/04/2008
The current time is: 21:07:27.87
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK
04/10/2007 04:46 PM 709,992 vVX1000.exe
1 File(s) 709,992 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes
Directory of C:\PROGRA~1\MI6669~1\BAK
05/17/2007 04:45 PM 279,912 LifeExp.exe
1 File(s) 279,912 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
12/27/2005 09:04 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/10/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes
Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\BAK
03/08/2006 08:56 AM 278,528 MtdAcqu.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\DELLSU~1\BIN\BAK
10/09/2007 05:56 PM 202,544 sprtcmd.exe
1 File(s) 202,544 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
12/27/2005 09:11 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/19/2007 10:41 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
12/21/2007 09:54 AM 579,072 avgcc.exe
1 File(s) 579,072 bytes
Directory of C:\PROGRA~1\IBM\CLIENT~1\BAK
05/07/2002 05:20 AM 45,056 cwbckver.exe
05/07/2002 05:20 AM 24,626 cwbinhlp.exe
05/07/2002 05:20 AM 20,530 cwbsvstr.exe
05/07/2002 05:20 AM 20,530 cwbwlwiz.exe
4 File(s) 110,742 bytes
Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK
09/03/2003 09:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes
Directory of C:\PROGRA~1\MYSPACE\IM\BAK
12/07/2007 02:33 AM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes
Directory of C:\PROGRA~1\REAL\REALPL~1\BAK
12/27/2005 09:03 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
08/11/2005 03:30 PM 249,856 isuspm.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\DELLSU~1\GS_AGENT\CUSTOM\BAK
10/09/2007 05:57 PM 16,384 dsca.exe
1 File(s) 16,384 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK
09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK
01/21/2005 07:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
709992 Apr 10 2007 "C:\WINDOWS\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\bak\vVX1000.exe"
709992 Apr 10 2007 "C:\Program Files\Microsoft LifeCam\Driver32\VX1000\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\qttask.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
59392 Aug 10 2004 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\sprtcmd.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\cwbckver.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\MySpaceIM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
end of report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:09 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mike')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8869 bytes
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Mon 02/04/2008
The current time is: 21:07:27.87
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK
04/10/2007 04:46 PM 709,992 vVX1000.exe
1 File(s) 709,992 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes
Directory of C:\PROGRA~1\MI6669~1\BAK
05/17/2007 04:45 PM 279,912 LifeExp.exe
1 File(s) 279,912 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
12/27/2005 09:04 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/10/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes
Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\BAK
03/08/2006 08:56 AM 278,528 MtdAcqu.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\DELLSU~1\BIN\BAK
10/09/2007 05:56 PM 202,544 sprtcmd.exe
1 File(s) 202,544 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
12/27/2005 09:11 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/19/2007 10:41 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
12/21/2007 09:54 AM 579,072 avgcc.exe
1 File(s) 579,072 bytes
Directory of C:\PROGRA~1\IBM\CLIENT~1\BAK
05/07/2002 05:20 AM 45,056 cwbckver.exe
05/07/2002 05:20 AM 24,626 cwbinhlp.exe
05/07/2002 05:20 AM 20,530 cwbsvstr.exe
05/07/2002 05:20 AM 20,530 cwbwlwiz.exe
4 File(s) 110,742 bytes
Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK
09/03/2003 09:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes
Directory of C:\PROGRA~1\MYSPACE\IM\BAK
12/07/2007 02:33 AM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes
Directory of C:\PROGRA~1\REAL\REALPL~1\BAK
12/27/2005 09:03 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
08/11/2005 03:30 PM 249,856 isuspm.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\DELLSU~1\GS_AGENT\CUSTOM\BAK
10/09/2007 05:57 PM 16,384 dsca.exe
1 File(s) 16,384 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK
09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK
01/21/2005 07:04 PM 163,840 mssysmgr.exe
1 File(s) 163,840 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
709992 Apr 10 2007 "C:\WINDOWS\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\bak\vVX1000.exe"
709992 Apr 10 2007 "C:\Program Files\Microsoft LifeCam\Driver32\VX1000\vVX1000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX1000_E963F99BA6CBC696BC000CB6C33CB48A5D65C964\vVX1000.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\qttask.exe"
98304 Dec 27 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
59392 Aug 10 2004 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe"
278528 Mar 8 2006 "C:\Program Files\Creative\MediaSource5\bak\MtdAcqu.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\sprtcmd.exe"
202544 Oct 9 2007 "C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 May 24 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jun 19 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26694 Jun 12 2007 "C:\Documents and Settings\Keith\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
579072 Dec 21 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\cwbckver.exe"
45056 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbckver.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
24626 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
20530 May 7 2002 "C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\MySpaceIM.exe"
8720384 Dec 7 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Aug 11 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
16384 Oct 9 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe"
163840 Jan 21 2005 "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak\mssysmgr.exe"
end of report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:09 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mike')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8869 bytes
Start FindAWF, select Option 3, by pressing 3 and then enter. This will open the text file folders.txt Copy and paste the following list in it: (no quotes this time)
Then close folders.txt and click Yes to save the changes. FindAWF will now remove the bak folders and open a log aferwards. Copy and paste the contents of that log in your next reply along with a new HijackThis log.[/code]
CODE
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Creative\MediaSource5\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell Support Center\bin\bak
C:\Program Files\Dell Support Center\gs_agent\custom\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\IBM\Client Access\bak
C:\Program Files\Intel\Modem Event Monitor\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Messenger\bak
C:\Program Files\Microsoft LifeCam\bak
C:\Program Files\MySpace\IM\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Creative\MediaSource5\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell Support Center\bin\bak
C:\Program Files\Dell Support Center\gs_agent\custom\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\IBM\Client Access\bak
C:\Program Files\Intel\Modem Event Monitor\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Messenger\bak
C:\Program Files\Microsoft LifeCam\bak
C:\Program Files\MySpace\IM\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
Then close folders.txt and click Yes to save the changes. FindAWF will now remove the bak folders and open a log aferwards. Copy and paste the contents of that log in your next reply along with a new HijackThis log.[/code]
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Mon 02/04/2008
The current time is: 22:44:27.20
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
122941 May 31 2005 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
end of report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:15 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mike')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 9072 bytes
Version 1.40
Option 3 run successfully
The current date is: Mon 02/04/2008
The current time is: 22:44:27.20
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
122941 May 31 2005 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
end of report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:15 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4253497420-2286746614-281417820-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mike')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 9072 bytes
First:
Start FindAWF, select Option 4 and enter. When done, Press E then Enter to EXIT.
Second:
Please download ATF Cleaner by Atribune.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Third:
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Start FindAWF, select Option 4 and enter. When done, Press E then Enter to EXIT.
Second:
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Third:
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
I hope it's starting to look better. Thanks for all the time you've put in helping me out. Here are my logs.
ComboFix 08-02.03.1 - Kim 2008-02-05 18:42:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.123 [GMT -5:00]
Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.
2008-02-04 21:07 . 2007-04-10 16:46 709,992 --a------ C:\WINDOWS\vVX1000.exe
2008-02-04 21:07 . 2005-07-20 00:10 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-02-04 21:07 . 2005-07-20 00:09 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-02-04 21:07 . 2005-07-20 00:06 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-02-03 20:30 . 2004-08-10 06:00 260,272 -r-hs---- C:\cmldr
2008-02-03 20:30 . 2005-12-30 15:13 209 -rahs---- C:\BOOT.BAK
2008-02-03 19:48 . 2008-02-03 19:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 22:15 . 2008-02-02 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 22:15 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 09:08 . 2004-08-10 04:04 59,392 --a------ C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-12 21:20 . 2008-01-12 21:20 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 03:44 --------- d-----w C:\Program Files\Windows Defender
2008-02-05 03:44 --------- d-----w C:\Program Files\QuickTime
2008-02-05 03:44 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-02-04 01:15 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
2008-02-03 03:16 --------- d-----w C:\Program Files\Lavasoft
2008-02-03 03:16 --------- d-----w C:\Documents and Settings\Kim\Application Data\Lavasoft
2008-02-02 14:31 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2008-02-02 00:33 11,092 ----a-w C:\Documents and Settings\Mike\Application Data\wklnhst.dat
2008-02-01 23:52 2,160 ----a-w C:\Documents and Settings\Kim\Application Data\wklnhst.dat
2008-01-31 02:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-20 04:23 --------- d-----w C:\Program Files\Quicken
2008-01-02 19:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Intuit
2008-01-02 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 19:30 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-02 19:18 --------- d-----w C:\Program Files\TurboTax
2007-12-26 01:22 --------- d-----w C:\Program Files\PhoTags Express
2007-12-25 19:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 19:42 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-25 19:28 --------- d-----w C:\Program Files\Encore
2007-12-24 00:49 --------- d-----w C:\Program Files\Sonic
2007-12-16 18:15 --------- d-----w C:\Documents and Settings\Mike\Application Data\Snapfish
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 00:17 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2007-12-11 11:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Yahoo!
2007-12-10 02:20 --------- d-----w C:\Documents and Settings\Keith\Application Data\Yahoo!
2007-12-05 02:32 --------- d-----w C:\Program Files\CrossLoop
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-08-15 03:03 1,514 ----a-w C:\Documents and Settings\Keith\Application Data\wklnhst.dat
2006-12-20 02:31 251 ----a-w C:\Program Files\wt3d.ini
2007-09-15 04:28 104 --sh--r C:\WINDOWS\system32\D13A69AC77.sys
2007-09-15 04:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 19:04 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 22:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 08:54 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-16 20:39:34 113664]
Event Reminder.lnk - C:\PROGRA~1\BRODER~1\PrintMaster\pmremind.exe [2006-11-15 15:27:10 331776]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-06 111376]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 14:08:08 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - WINDEFEND
.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 07:24:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 18:47:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-05 18:50:06
ComboFix-quarantined-files.txt 2008-02-05 23:50:03
ComboFix2.txt 2008-02-03 23:37:38
.
2008-02-01 09:02:41 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:33 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8613 bytes
ComboFix 08-02.03.1 - Kim 2008-02-05 18:42:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.123 [GMT -5:00]
Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.
2008-02-04 21:07 . 2007-04-10 16:46 709,992 --a------ C:\WINDOWS\vVX1000.exe
2008-02-04 21:07 . 2005-07-20 00:10 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-02-04 21:07 . 2005-07-20 00:09 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-02-04 21:07 . 2005-07-20 00:06 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-02-03 20:30 . 2004-08-10 06:00 260,272 -r-hs---- C:\cmldr
2008-02-03 20:30 . 2005-12-30 15:13 209 -rahs---- C:\BOOT.BAK
2008-02-03 19:48 . 2008-02-03 19:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 22:15 . 2008-02-02 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 22:15 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 09:08 . 2004-08-10 04:04 59,392 --a------ C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-12 21:20 . 2008-01-12 21:20 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 03:44 --------- d-----w C:\Program Files\Windows Defender
2008-02-05 03:44 --------- d-----w C:\Program Files\QuickTime
2008-02-05 03:44 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-02-04 01:15 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
2008-02-03 03:16 --------- d-----w C:\Program Files\Lavasoft
2008-02-03 03:16 --------- d-----w C:\Documents and Settings\Kim\Application Data\Lavasoft
2008-02-02 14:31 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2008-02-02 00:33 11,092 ----a-w C:\Documents and Settings\Mike\Application Data\wklnhst.dat
2008-02-01 23:52 2,160 ----a-w C:\Documents and Settings\Kim\Application Data\wklnhst.dat
2008-01-31 02:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-20 04:23 --------- d-----w C:\Program Files\Quicken
2008-01-02 19:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Intuit
2008-01-02 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 19:30 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-02 19:18 --------- d-----w C:\Program Files\TurboTax
2007-12-26 01:22 --------- d-----w C:\Program Files\PhoTags Express
2007-12-25 19:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 19:42 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-25 19:28 --------- d-----w C:\Program Files\Encore
2007-12-24 00:49 --------- d-----w C:\Program Files\Sonic
2007-12-16 18:15 --------- d-----w C:\Documents and Settings\Mike\Application Data\Snapfish
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 00:17 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2007-12-11 11:34 --------- d-----w C:\Documents and Settings\Kim\Application Data\Yahoo!
2007-12-10 02:20 --------- d-----w C:\Documents and Settings\Keith\Application Data\Yahoo!
2007-12-05 02:32 --------- d-----w C:\Program Files\CrossLoop
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-08-15 03:03 1,514 ----a-w C:\Documents and Settings\Keith\Application Data\wklnhst.dat
2006-12-20 02:31 251 ----a-w C:\Program Files\wt3d.ini
2007-09-15 04:28 104 --sh--r C:\WINDOWS\system32\D13A69AC77.sys
2007-09-15 04:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 19:04 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 22:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 08:54 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-16 20:39:34 113664]
Event Reminder.lnk - C:\PROGRA~1\BRODER~1\PrintMaster\pmremind.exe [2006-11-15 15:27:10 331776]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-06 111376]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 14:08:08 57344]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - WINDEFEND
.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 07:24:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 18:47:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-05 18:50:06
ComboFix-quarantined-files.txt 2008-02-05 23:50:03
ComboFix2.txt 2008-02-03 23:37:38
.
2008-02-01 09:02:41 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:33 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187141216234
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 8613 bytes
Hi. Are my logs clean now? Computer seems to be much better. Thanks!
Everything appears clean now. Watch your system for the next few days and post back if any issues develop.
Great. 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.