Jump to content

Chris

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Chris
    many thanks jean, you've been a real help. it seems to running okay now thanks again Chris
  2. Chris
    Hi Jean, apologies have been out of the country for the week. The computer seems to be running much better now, the popups have disappeared. Although Norton comes up with Virus messages about Trojan.Packed.7 now and again. Just now for instance it came up with about 10 messages in a row saying a virus file had just been deleted. I did uninstall the poker programs and they no longer appear in my add/remove programs or applications list. Here are my new logs for Panda Activescan and HJT Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.2o7.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.advertising.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.adviva.net/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\gahokaik.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Angela\Cookies\angela@advertising[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Angela\Cookies\angela@anm.co[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Angela\Cookies\angela@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Angela\Cookies\angela@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Angela\Cookies\angela@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Angela\Cookies\angela@azjmp[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Cookies\angela@bs.serving-sys[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Angela\Cookies\angela@did-it[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Angela\Cookies\angela@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Angela\Cookies\angela@drivecleaner[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Angela\Cookies\angela@go[1].txt Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Angela\Cookies\angela@malwarewiped[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Angela\Cookies\angela@media.adrevolver[3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Angela\Cookies\angela@mediaplex[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Angela\Cookies\angela@questionmarket[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Angela\Cookies\angela@serving-sys[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Angela\Cookies\angela@stats.drivecleaner[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Angela\Cookies\angela@xiti[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adtech.de/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.advertising.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.xiti.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.go.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.atwola.com/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Mozilla\Firefox\Profiles\1jkf0tk0.default\cookies.txt[.adserver.easyad.info/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@atdmt[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@bs.serving-sys[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Cookies\christopher@serving-sys[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix\restart.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix.exe Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.2o7.net/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter9.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter12.sextracker.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[counter16.sextracker.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.revenue.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.advertising.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.toplist.cz/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.paycounter.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.gostats.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.xiti.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adtech.de/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.com.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ktykfzf4.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Application Data\SpywareBot\Quarantine\07-04-2007-23-33-33\10004.qit Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\HP_Owner\Application Data\SpywareBot\Quarantine\14-04-2007-08-58-07\10056.qit Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[bnnnnBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[VaannnaaBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3983298d-520ad264.zip[bnnnnn.class] Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@66.246.209[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anm.co[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ccbill[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@drivecleaner[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go.drivecleaner[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@klik.klikadvertising[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.drivecleaner[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@systemdoctor[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.drivecleaner[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.systemdoctor[2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\John\Cookies\john@anm.co[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Cookies\john@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@belnk[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@bs.serving-sys[2].txt Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\John\Cookies\john@c.fsx[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\john@ccbill[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt Spyware:Cookie/FreshAuditionsDating Not disinfected C:\Documents and Settings\John\Cookies\john@freshauditionsdating[1].txt Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\John\Cookies\john@gammae[2].txt Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\John\Cookies\john@gangbangsquad[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John\Cookies\john@gostats[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\John\Cookies\john@teensforcash[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Cookies\john@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\John\Cookies\john@xmts[1].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Adware:Adware/Itbill Not disinfected C:\Program Files\fsupport\notifier.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\HaxFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Virus:Trj/Zlob.GW Disinfected C:\qoobox\Quarantine\C\WINDOWS\kthemup.exe.vir Adware:Adware/SecurityError Not disinfected C:\RECYCLER\S-1-5-21-3317490835-1029835935-1643116051-1007\Dc1.exe[
  3. Chris
    ComboFix 07-11-08.1 - Christopher 2007-11-12 19:27:00.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.114 [GMT 0:00]Running from: C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Angela\Desktop\Error Cleaner.url C:\Documents and Settings\Angela\Desktop\Privacy Protector.url C:\Documents and Settings\Angela\Favorites\Error Cleaner.url C:\Documents and Settings\Angela\Favorites\Privacy Protector.url C:\Documents and Settings\Angela\Favorites\Spyware&Malware Protection.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Error Cleaner.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Privacy Protector.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Error Cleaner.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Privacy Protector.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Spyware&Malware Protection.url C:\WINDOWS\bxsbang.dll C:\WINDOWS\kthemup.exe C:\WINDOWS\ocgrep.dll . ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))) . 2007-11-09 23:02 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-07 21:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Teleca 2007-11-06 21:06 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Teleca 2007-11-06 19:35 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Teleca 2007-11-06 19:33 <DIR> d-------- C:\Program Files\Sony Ericsson 2007-11-06 19:33 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2007-11-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2007-11-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-11-06 19:28 94,064 --a------ C:\WINDOWS\system32\drivers\w810mdm.sys 2007-11-06 19:28 8,336 --a------ C:\WINDOWS\system32\drivers\w810mdfl.sys 2007-11-06 18:52 <DIR> d-------- C:\Program Files\iTunes 2007-11-06 18:52 <DIR> d-------- C:\Program Files\iPod 2007-11-06 18:43 <DIR> d-------- C:\Program Files\QuickTime 2007-11-06 18:38 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-06 18:38 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2007-11-06 18:37 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-11-06 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-11-05 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 18:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-30 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-30 18:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-29 14:40 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\vlc 2007-10-29 14:37 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\AVG7 2007-10-29 07:43 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\AVG7 2007-10-28 21:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-10-25 22:24 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Sports Interactive 2007-10-25 22:23 <DIR> dr-h----- C:\Documents and Settings\Angela\Application Data\SecuROM 2007-10-17 17:08 <DIR> dr-h----- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\SecuROM 2007-10-17 02:55 <DIR> d-------- C:\PollManager 2007-10-15 19:57 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Move Networks 2007-10-13 14:26 <DIR> d-------- C:\Program Files\Windows Live 2007-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 18:12 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Apple Computer 2007-11-11 11:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-06 19:28 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cmnt.sys 2007-11-06 19:28 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys 2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming 2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars 2007-11-02 18:36 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-01 00:43 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-30 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-30 19:05 --------- d-----w C:\Program Files\Bonjour 2007-10-30 19:02 --------- d-----w C:\Program Files\John Hinde 2007-10-28 19:17 --------- d-----w C:\Program Files\RogueRemover 2007-10-28 15:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-28 15:42 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-28 15:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-28 15:42 --------- d-----w C:\Program Files\Symantec 2007-10-25 19:16 --------- d-----w C:\Program Files\ArtMoney 2007-10-23 00:24 471,040 ----a-w C:\WINDOWS\queensaver.scr 2007-10-23 00:24 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-10-17 17:09 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Sports Interactive 2007-10-17 17:03 --------- d-----w C:\Program Files\Sports Interactive 2007-10-07 19:03 --------- d--h--w C:\Program Files\Zero G Registry 2007-10-01 14:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-10-01 14:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-10-01 14:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-10-01 14:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-01 14:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-01 14:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-09-15 19:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 01:46] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02] "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 10:34] "WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 10:41] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "VTTimer"="VTTimer.exe" [] "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10] "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-26 23:11] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 C:\WINDOWS\system32\bthprops.cpl] "SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 C:\WINDOWS\ALCWZRD.EXE] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19] "RegistryMechanic"="" [] "dmpti.exe"="C:\WINDOWS\system32\dmpti.exe" [] "WP.exe"="C:\PROGRA~1\JOHNHI~1\wp.exe" [2001-11-10 15:07] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 19:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-02 03:14] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 16:34] "kdx"="C:\WINDOWS\kdx\KHost.exe" [2005-12-12 11:23] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-15 15:53:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 16:34:39] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bxsbang"= {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll [ ] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94db7b77-4ad1-11db-ada5-0090d0766074}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-12 19:23:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2005-01-23 20:55:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe "2007-11-09 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2007-11-12 19:38:31 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-09 23:02:53 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 19:39:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-12 19:44:03 - machine was rebooted C:\ComboFix2.txt ... 2007-11-11 20:41 C:\ComboFix3.txt ... 2007-11-07 18:50 . --- E O F --- ----------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:50, on 12/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\keyhook.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\JOHNHI~1\wp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\kdx\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O21 - SSODL: bxsbang - {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 15496 bytes I have uninstalled the two programs you note, although these scans were run before these actions were taken. Thanks
  4. Chris
    Hi Jean, my new logs are below: SmitFraudFix v2.195 Scan done at 20:13:26.96, 11/11/2007 Run from C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode
  5. Chris
    SmitFraudFix v2.195 Scan done at 19:02:52.59, 06/11/2007 Run from C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode
  6. Chris
    Jean thank you so much - The popups have disappeared, that program worked magic - my logs are below. How is it looking now?: ComboFix 07-11-01.1** - Christopher 2007-11-05 18:17:02.1 - NTFSx86 Running from: C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Angela\Desktop\Error Cleaner.url C:\Documents and Settings\Angela\Desktop\Privacy Protector.url C:\Documents and Settings\Angela\Favorites\Error Cleaner.url C:\Documents and Settings\Angela\Favorites\Privacy Protector.url C:\Documents and Settings\Angela\Favorites\Spyware&Malware Protection.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Error Cleaner.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Privacy Protector.url C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Error Cleaner.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Privacy Protector.url C:\Documents and Settings\Christopher.NOVEMBER2004\Favorites\Spyware&Malware Protection.url C:\Documents and Settings\HP_Owner\Desktop\Error Cleaner.url C:\Documents and Settings\HP_Owner\Desktop\Privacy Protector.url C:\Documents and Settings\HP_Owner\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\HP_Owner\Favorites\Error Cleaner.url C:\Documents and Settings\HP_Owner\Favorites\Privacy Protector.url C:\Documents and Settings\HP_Owner\Favorites\Spyware&Malware Protection.url C:\Program Files\SC C:\WINDOWS\dat.txt C:\WINDOWS\movctrlwxq.dll C:\WINDOWS\nssfrch.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\system32\u2g.f . ((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))) . 2007-11-05 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 18:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-30 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-30 18:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-29 14:40 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\vlc 2007-10-29 14:37 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\AVG7 2007-10-29 07:43 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\AVG7 2007-10-28 21:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-28 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-10-27 00:08 274,432 --a------ C:\WINDOWS\ocgrep.dll 2007-10-27 00:08 221,184 --a------ C:\WINDOWS\bxsbang.dll 2007-10-27 00:08 107,520 --a------ C:\WINDOWS\kthemup.exe 2007-10-25 22:24 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Sports Interactive 2007-10-25 22:23 <DIR> dr-h----- C:\Documents and Settings\Angela\Application Data\SecuROM 2007-10-17 17:08 <DIR> dr-h----- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\SecuROM 2007-10-17 02:55 <DIR> d-------- C:\PollManager 2007-10-15 19:57 <DIR> d-------- C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Move Networks 2007-10-13 14:26 <DIR> d-------- C:\Program Files\Windows Live 2007-10-13 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-10-07 19:41 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-07 19:02 <DIR> d--h----- C:\Program Files\Zero G Registry 2007-10-07 19:02 <DIR> d--h----- C:\Documents and Settings\Christopher.NOVEMBER2004\InstallAnywhere . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming 2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars 2007-11-03 13:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-02 18:36 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-01 00:43 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-30 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-30 19:05 --------- d-----w C:\Program Files\Bonjour 2007-10-30 19:02 --------- d-----w C:\Program Files\QuickTime 2007-10-30 19:02 --------- d-----w C:\Program Files\John Hinde 2007-10-30 19:02 --------- d-----w C:\Program Files\iTunes 2007-10-28 19:17 --------- d-----w C:\Program Files\RogueRemover 2007-10-28 15:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-28 15:42 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-28 15:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-28 15:42 --------- d-----w C:\Program Files\Symantec 2007-10-25 19:16 --------- d-----w C:\Program Files\ArtMoney 2007-10-23 00:24 471,040 ----a-w C:\WINDOWS\queensaver.scr 2007-10-23 00:24 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-10-17 17:09 --------- d-----w C:\Documents and Settings\Christopher.NOVEMBER2004\Application Data\Sports Interactive 2007-10-17 17:03 --------- d-----w C:\Program Files\Sports Interactive 2007-10-01 14:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-10-01 14:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-10-01 14:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-10-01 14:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-01 14:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-01 14:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-09-15 19:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 01:46] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02] "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 10:34] "WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 10:41] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "VTTimer"="VTTimer.exe" [] "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10] "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-26 23:11] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 C:\WINDOWS\system32\bthprops.cpl] "SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 C:\WINDOWS\ALCWZRD.EXE] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19] "RegistryMechanic"="" [] "dmpti.exe"="C:\WINDOWS\system32\dmpti.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05] "WP.exe"="C:\PROGRA~1\JOHNHI~1\wp.exe" [2001-11-10 15:07] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 19:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-02 03:14] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 16:34] "kdx"="C:\WINDOWS\kdx\KHost.exe" [2005-12-12 11:23] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-15 15:53:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 16:34:39] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bxsbang"= {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll [2007-10-26 17:20 221184] "ocgrep"= {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll [2007-10-26 17:20 274432] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94db7b77-4ad1-11db-ada5-0090d0766074}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-05 18:23:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2005-01-23 20:55:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe "2007-11-03 00:21:07 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-05 18:28:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-05 18:31:39 - machine was rebooted . --- E O F --- --------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:33:31, on 05/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\JOHNHI~1\wp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\kdx\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 15100 bytes
  7. Chris
    Hi Jean, Spywarebot isn't showing in my Add/Remove Programs. My new logs are below, Many thanks, Chris SmitFraudFix v2.195 Scan done at 19:03:37.09, 04/11/2007 Run from C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode
  8. Chris
    Hi Jean, thanks very much for responding, i really appreciate it. Apologies for not responding with the precise logs you asked for. I ran an AVG scan and it resulted in No Threats Found, but did not give me the option of producing a log. The panda scan refuses to work for me at the moment but i will try and post that as soon as it does. For now I have the hijackthis log, let me know if you need anything additional. Thanks again... Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:41:11, on 31/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\JOHNHI~1\wp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\kdx\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\HiJackThis_v2.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSVPS System - {90CF5384-7C70-4CD6-A30D-B2F14537B5C3} - C:\WINDOWS\movctrlwxq.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The nssfrch - {7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC} - C:\WINDOWS\nssfrch.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Angela') O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all (User 'Angela') O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User 'Angela') O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Angela') O4 - HKUS\S-1-5-21-3317490835-1029835935-1643116051-1009\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot (User 'Angela') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 16843 bytes
  9. Chris
    Hi there, I've been having problems for days now with popups. One reads: "Worm.Win32.Netsky detected on your machine...." etc.... and says click yes to remove it from my PC immediately. I don't trust this message, and the other one says Windows Security Alert trying to get me to download spyware remover for total protection. My active windows are also being minimized and internet explorer keeps trying to open to a site. Would anyone be able to help me - i would be most greatful? I have hijack this v2, should i post a log off that? Thanks, Chris
  10. Chris
    hey, sorry to bother you, i see you've helped many people get rid of spylocked you obviously know what you're doing! i have downloaded hijackthis and rogueremover, i have updated RR and it deleted some spylocked files however it's still in the system tray. my log from hijackthis is as follows, hopefully it might identify the problem.. Logfile of HijackThis v1.99.1 Scan saved at 21:14:04, on 15/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\kdx\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Christopher.NOVEMBER2004\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [WP.exe] C:\PROGRA~1\JOHNHI~1\wp.exe O4 - HKLM\..\Run: [dmpti.exe] C:\WINDOWS\system32\dmpti.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{092CDE84-0211-4FB1-BC99-CBCA980B8CEF}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{2B179456-F338-4343-B5C5-DD858DBFFE1D}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF609A5-CB24-4003-8B0C-D44DD87053BE}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{91DE04BA-3A9D-4FD7-8F0E-97AFB77DB5EF}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{96073C9B-38F4-40E6-BCB2-C5936B98D828}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\..\{A01EA6FB-F8EE-4AD4-A376-BAB4DA7ED3C6}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190 O17 - HKLM\System\CS1\Services\Tcpip\..\{092CDE84-0211-4FB1-BC99-CBCA980B8CEF}: NameServer = 85.255.114.21,85.255.112.190 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.21 85.255.112.190 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.