texaspete

i have that devil virus zlob.pornadvertiser.ba and i dont know how to get rid of it could someone help me out but i dont alot of tech stuff bout pcs

please help coz its causing hell for me.

i get messages saying i have zlob.pornadvertiser.ba also my background is bluse with a yellow box say install antivirus. and also have this porn video boxes saying explicit porn and if i delete it another one pops up

help help

texaspete

g25racer

Are you on vista? You should first try doing a system restore but that prob wont help. Download and install and run hijackthis and post the log it creates.

http://www.trendsecure.com/portal/en...ols/hijackthis

__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & XP Pro and Vista
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --

Punk

Hello,

Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Then please do this:

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

To sum up in your next reply I'll need the:

• Hijackthis log
• SmitFraudFix log

__________________
formerly webbenji
"I just want to be who I want to be
Guess that's hard for others to see" Smash - The Offspring
Punk's anti-hackers website
Punk's Website making and registering tutorial!

What is so hard in not downloading illegal files? If I can do it, why can't you? And what is so hard in believing I don't download illegally?

texaspete

THANX FOR HELPING

Logfile of HijackThis v1.99.1
Scan saved at 18:30:09, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\BluetoothAuthorizationAgent.ex e
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O1 - Hosts: 207.7.142.44 iwalton.com
O1 - Hosts: 207.7.142.44 www.iwalton.com
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Lorna Hubbard\Local Settings\Temporary Internet Files\Content.IE5\T3ZB5TSE\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\System32\BluetoothAuthorizationAgent.ex e
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [BM428dfb51] Rundll32.exe "C:\WINDOWS\System32\mgqfpmpy.dll",s
O4 - HKLM\..\Run: [41bec8cd] rundll32.exe "C:\WINDOWS\System32\jbclavhv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\YSTEM~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Gxyb] "C:\Program Files\S?mantec\t?skmgr.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm011YYGB
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavili on&pf=laptop
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TG9ybmEgSHViYmFyZA\command.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

SmitFraudFix v2.309

Scan done at 18:34:43.53, 04/04/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\BluetoothAuthorizationAgent.ex e
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PETERD~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GO EC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 194.168.4.100
DNS Server Search Order: 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

g25racer

Looks like your running two antivirus's!! Bad thing to do!! Uninstall one

__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & XP Pro and Vista
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --

texaspete

unistalled one. now what do i do punk!!

texaspete

i ment punk the user i done what you said is it bad

cheers

g25racer

LOL yeah I didnt get that at first until i saw the other users name. Anyways, he is probably much better at this than me.

__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & XP Pro and Vista
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --

Punk

I'd like to see a combofix log please:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

__________________
formerly webbenji
"I just want to be who I want to be
Guess that's hard for others to see" Smash - The Offspring
Punk's anti-hackers website
Punk's Website making and registering tutorial!

What is so hard in not downloading illegal files? If I can do it, why can't you? And what is so hard in believing I don't download illegally?

texaspete

THIS IS THE LOG FROM COMBO FIX

ComboFix 08-04-03.5 - Peter D Martin 2008-04-04 22:51:03.1 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Peter D Martin\Application Data\FunWebProducts
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\#SharedObjects\BY6KGHKJ\iforex.com
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\#SharedObjects\BY6KGHKJ\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\Documents and Settings\Peter D Martin\My Documents\FNTS~1
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\asembl~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.h tml
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.h tml
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn. html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htm l
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn. html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn. html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn .html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\Hewlett-Packard\xubaci89104.dll
C:\Program Files\inetget2
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\000502F5
C:\Program Files\MyWebSearch\bar\Cache\0017FE36
C:\Program Files\MyWebSearch\bar\Cache\002456DB
C:\Program Files\MyWebSearch\bar\Cache\003E4095
C:\Program Files\MyWebSearch\bar\Cache\005AB187.bin
C:\Program Files\MyWebSearch\bar\Cache\005AB3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\005AB511.bin
C:\Program Files\MyWebSearch\bar\Cache\006BAC83.bin
C:\Program Files\MyWebSearch\bar\Cache\007F0390.bin
C:\Program Files\MyWebSearch\bar\Cache\007F05D2.bin
C:\Program Files\MyWebSearch\bar\Cache\007F0891.bin
C:\Program Files\MyWebSearch\bar\Cache\007F1543.bin
C:\Program Files\MyWebSearch\bar\Cache\007F164D
C:\Program Files\MyWebSearch\bar\Cache\00A983B0.bin
C:\Program Files\MyWebSearch\bar\Cache\00A985A4.bin
C:\Program Files\MyWebSearch\bar\Cache\00A99341.bin
C:\Program Files\MyWebSearch\bar\Cache\00A994C7.bin
C:\Program Files\MyWebSearch\bar\Cache\00A9A254.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\network monitor
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\smante~1
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM428dfb51.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\awvvu.dll
C:\WINDOWS\system32\bjbcqufv.dll
C:\WINDOWS\system32\buvigkhr.dll
C:\WINDOWS\system32\chcngsah.dll
C:\WINDOWS\system32\diyjepwa.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fcsgovrt.dll
C:\WINDOWS\system32\fujrdftv.dll
C:\WINDOWS\system32\gueyaoye.dll
C:\WINDOWS\system32\hmwxxnei.dll
C:\WINDOWS\system32\hoxrulwt.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jbclavhv.dll
C:\WINDOWS\system32\kfquoiyb.dll
C:\WINDOWS\system32\lgkxmnlt.ini
C:\WINDOWS\system32\lktakvyg.dll
C:\WINDOWS\system32\lutcgcba.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgqfpmpy.dll
C:\WINDOWS\system32\mkwmciyg.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qcceipys.ini
C:\WINDOWS\system32\shdohvuv.dll
C:\WINDOWS\system32\srqffjjc.dll
C:\WINDOWS\system32\sypieccq.dll
C:\WINDOWS\system32\tbkrsbsp.dll
C:\WINDOWS\system32\tlnmxkgl.dll
C:\WINDOWS\system32\tswqmjrm.dll
C:\WINDOWS\system32\tuvvwwu.dll
C:\WINDOWS\system32\twlurxoh.ini
C:\WINDOWS\system32\uovsxpbx.dll
C:\WINDOWS\system32\upjoxenc.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vhvalcbj.ini
C:\WINDOWS\system32\vpioktre.dll
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wqkimido.dll
C:\WINDOWS\system32\wscmp.dll
C:\WINDOWS\system32\xuykdcfq.dll
C:\WINDOWS\system32\xwyvpdtj.dll
C:\WINDOWS\system32\ydagxkgh.dll
C:\WINDOWS\system32\yeihpnsv.dll
C:\WINDOWS\system32\yfhbyanl.dll
C:\WINDOWS\system32\yhenxmhf.dll
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\ystem~1\?ystem\
C:\WINDOWS\TG9ybmEgSHViYmFyZA\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NTLOAD
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_ntload


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 21:52 . 2008-04-04 21:52 269,334 --a------ C:\WINDOWS\system32\sjadgjmlsjml.bmp
2008-04-04 19:30 . 2008-04-04 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-04 18:30 <DIR> d-------- C:\Hijackthis
2008-04-04 18:19 . 2008-04-04 18:19 53,312 --a------ C:\WINDOWS\system32\kcfaxaqk.dll
2008-04-04 16:02 . 2008-04-04 16:02 269,334 --a------ C:\WINDOWS\system32\nmtcn.bmp
2008-04-03 22:19 . 2008-04-03 22:19 269,334 --a------ C:\WINDOWS\system32\tobeh.bmp
2008-04-03 22:09 . 2008-04-03 22:09 269,334 --a------ C:\WINDOWS\system32\atojqtsb.bmp
2008-04-03 19:44 . 2008-04-03 19:44 269,334 --a------ C:\WINDOWS\system32\nepgf.bmp
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-03 17:24 . 2008-04-03 17:24 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp
2008-04-03 16:57 . 2008-04-03 16:57 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-04-03 16:50 . 2008-04-03 16:50 269,334 --a------ C:\WINDOWS\system32\retgr.bmp
2008-04-02 19:05 . 2008-04-02 19:05 269,334 --a------ C:\WINDOWS\system32\obitkjmpcj.bmp
2008-04-02 18:41 . 2008-04-02 18:41 269,334 --a------ C:\WINDOWS\system32\grihsfalkjqd.bmp
2008-04-02 16:37 . 2008-04-02 16:37 269,334 --a------ C:\WINDOWS\system32\dgrmtojipsn.bmp
2008-04-02 16:24 . 2008-04-02 16:24 269,334 --a------ C:\WINDOWS\system32\filcb.bmp
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 16:02 . 2008-04-02 19:08 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-04-02 16:02 . 2008-04-02 19:07 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-04-02 16:01 . 2008-04-02 19:07 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-04-02 16:01 . 2008-04-02 19:06 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-04-02 16:00 . 2008-04-04 18:18 2,114,456 ---hs---- C:\WINDOWS\system32\gntaukud.ini
2008-04-02 15:59 . 2008-04-02 19:09 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-04-02 15:56 . 2008-04-02 15:56 269,334 --a------ C:\WINDOWS\system32\dgril.bmp
2008-04-01 20:36 . 2008-04-01 20:36 37,376 -ra------ C:\WINDOWS\mrofinu1000106.exe
2008-04-01 15:57 . 2008-04-01 15:57 269,334 --a------ C:\WINDOWS\system32\atsnehsfatkf.bmp
2008-03-31 22:19 . 2008-04-02 15:59 1,602,328 ---hs---- C:\WINDOWS\system32\auujtkso.ini
2008-03-31 22:12 . 2008-03-31 22:12 269,334 --a------ C:\WINDOWS\system32\rqtsnidofil.bmp
2008-03-31 17:07 . 2008-03-31 17:07 269,334 --a------ C:\WINDOWS\system32\ilcbahsrap.bmp
2008-03-30 21:59 . 2008-03-30 21:59 269,334 --a------ C:\WINDOWS\system32\sjqlknepgbqp.bmp
2008-03-30 19:23 . 2008-03-31 22:14 1,597,592 ---hs---- C:\WINDOWS\system32\mjillbmv.ini
2008-03-30 19:20 . 2008-03-30 19:20 269,334 --a------ C:\WINDOWS\system32\pkrqpcf.bmp
2008-03-28 17:55 . 2008-03-28 17:55 269,334 --a------ C:\WINDOWS\system32\bidcjadsnmtgb.bmp
2008-03-27 18:49 . 2008-03-28 18:07 1,444,668 ---hs---- C:\WINDOWS\system32\ysdhmfef.ini
2008-03-27 18:48 . 2008-03-27 18:48 269,334 --a------ C:\WINDOWS\system32\behob.bmp
2008-03-27 13:15 . 2008-03-27 13:15 269,334 --a------ C:\WINDOWS\system32\jelcrqt.bmp
2008-03-27 13:04 . 2008-03-27 18:49 1,389,477 ---hs---- C:\WINDOWS\system32\iiiubefs.ini
2008-03-27 13:04 . 2008-03-27 13:04 269,334 --a------ C:\WINDOWS\system32\hkjmhofqdsr.bmp
2008-03-27 13:01 . 2005-03-10 13:06 88,064 --a------ C:\WINDOWS\system32\CddbLangE.dll
2008-03-27 12:58 . 2008-03-27 12:58 269,334 --a------ C:\WINDOWS\system32\lgratsbat.bmp
2008-03-25 22:59 . 2008-03-25 22:59 269,334 --a------ C:\WINDOWS\system32\hcnedsrmt.bmp
2008-03-25 22:59 . 2008-03-25 22:59 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.ex e
2008-03-25 22:22 . 2008-03-27 13:00 1,493,721 ---hs---- C:\WINDOWS\system32\hvhrpelt.ini
2008-03-25 21:52 . 2008-03-25 22:20 1,472,400 ---hs---- C:\WINDOWS\system32\yjgqcmdp.ini
2008-03-25 18:23 . 2008-04-02 16:27 <DIR> d-------- C:\Program Files\CPV
2008-03-24 23:37 . 2008-03-24 23:37 53,312 --a------ C:\WINDOWS\system32\aehpnphm.dll
2008-03-24 23:31 . 2008-03-25 21:52 1,472,220 ---hs---- C:\WINDOWS\system32\gfylausq.ini
2008-03-24 18:03 . 2008-03-24 23:31 1,579,008 ---hs---- C:\WINDOWS\system32\psvhfusx.ini
2008-03-24 18:03 . 2008-03-24 18:03 53,312 --a------ C:\WINDOWS\system32\osghwfve.dll
2008-03-23 15:51 . 2008-03-24 18:02 1,543,771 ---hs---- C:\WINDOWS\system32\rkwvoywa.ini
2008-03-22 15:59 . 2008-03-23 10:34 1,430,692 ---hs---- C:\WINDOWS\system32\rpeiolea.ini
2008-03-20 23:56 . 2008-03-28 17:56 <DIR> d-------- C:\Program Files\nvcoi
2008-03-20 23:56 . 2008-03-22 15:58 1,468,006 ---hs---- C:\WINDOWS\system32\hfddtbbr.ini
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-19 22:36 . 2008-03-20 23:55 1,538,904 ---hs---- C:\WINDOWS\system32\drromsvp.ini
2008-03-18 22:27 . 2008-03-19 22:27 1,526,137 ---hs---- C:\WINDOWS\system32\ascjqioi.ini
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-17 18:39 . 2008-03-17 16:39 66,560 --a------ C:\WINDOWS\b155.exe
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 22:09 . 2008-03-18 21:23 1,526,135 ---hs---- C:\WINDOWS\system32\xeoqocqx.ini
2008-03-16 22:01 . 2008-03-16 22:01 63 --a------ C:\WINDOWS\system32\41beda43
2008-03-16 21:56 . 2008-04-02 21:16 <DIR> d-------- C:\WINDOWS\system32\hz7
2008-03-16 21:56 . 2008-04-02 18:34 <DIR> d-------- C:\WINDOWS\system32\cam2
2008-03-16 21:56 . 2008-03-16 21:56 <DIR> d-------- C:\WINDOWS\system32\bx21
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2007-06-13 20:07 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-04 22:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0 c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b 3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b 3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740 b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740 b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea0 1ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea0 1ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0 c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
2008-04-02 16:27 51200 --a------ C:\Program Files\CPV\CPV7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-24 23:37 53312 --a------ C:\WINDOWS\System32\aehpnphm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-04 18:19 53312 --a------ C:\WINDOWS\System32\kcfaxaqk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4015CEC3-5A06-788E-0460-5200B9C88BC5}]
C:\WINDOWS\System32\hmmudlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{711ECE46-C7E0-422C-A9E0-BCBC634E06E7}]
2005-03-10 13:06 88064 --a------ C:\WINDOWS\System32\CddbLangE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E241359-F85C-48B6-859A-86C0F9A52C4C}]
C:\Program Files\Hewlett-Packard\qubaki.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Aaou"="C:\WINDOWS\System32\YSTEM~1\winlogon.e xe" [ ]
"Gxyb"="C:\Program Files\S?mantec\t?skmgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-20 23:56 57344]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SBI"="C:\Documents and Settings\Lorna Hubbard\Local Settings\Temporary Internet Files\Content.IE5\T3ZB5TSE\setup_sbd_en[1].exe" [ ]
"BluetoothAuthorizationAgent"="C:\WINDOWS\System32 \BluetoothAuthorizationAgent.exe" [2008-03-25 22:59 18432]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 23:09:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Completion time: 2008-04-04 23:18:23 - machine was rebooted [Peter D Martin]
ComboFix-quarantined-files.txt 2008-04-04 22:18:12
Pre-Run: 6,874,923,008 bytes free
Post-Run: 12,382,310,400 bytes free
.
2008-03-16 11:13:52 --- E O F ---