hjt log for my bros computer

J

joediscus

New Member
this is a log for my brothers computer... he said that has had random windows popup while using internet explorer.. such as porn.. financial and lender popups.. his computer is slower... also avast has found several but apparently couldnt get rid of.. although.. he is not the most computer savvy person that i know.. and he is in another state.. so.. i can't see his computer.. hoping you guys can help me out..
here's the log...
thanks
joe


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:57 AM, on 12/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\49MFKPUZ\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
F3 - REG:win.ini: load=C:\WINNT\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {de1f5fc0-5a75-0868-8464-58d367cf5a42} - {24a5fc76-3d85-4648-8680-57a50cf5f1ed} - C:\WINNT\system32\rsnwrveq.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: 0 - {48C7B1C3-4061-4AD3-42BB-0E535249119C} - C:\Program Files\Windows Media Player\lawugepi461.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {86882CA4-BE70-4BCE-AEA5-CF40EB8E0BC3} - C:\WINNT\system32\ddcbywx.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9AF8CBE4-6C00-4415-B47C-A423AECC40F1} - C:\Program Files\BroadJump\holemu83122.dll (file missing)
O2 - BHO: (no name) - {A78D4460-F713-4F10-A886-0B680BED80AD} - C:\WINNT\shwol.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CBD504B0-A9DE-4801-BD2E-C943E0A55D97} - C:\WINNT\system32\fccba.dll
O2 - BHO: (no name) - {FF51ACB7-C8A7-4412-9F19-640BC0A85C8A} - C:\Program Files\BroadJump\holemu4444.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [88ab4af0] rundll32.exe "C:\WINNT\system32\apbinxov.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{88AB4A5F-02B8-1033-0509-030101170001}] "C:\Program Files\Common Files\{88AB4A5F-02B8-1033-0509-030101170001}\Update.exe" te-110-12-0000213
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134607654641
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134534561556
O16 - DPF: {78AB15BF-0C99-4E52-87C9-5201394749EF} - http://install.mycleanerpc.com/distid/4810050608/mycleanerpc.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: ddcbywx - ddcbywx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 10430 bytes
 
Last edited:
Firstly, your brother is running HijackThis from a temporary folder. This is dangerous since backups that HijackThis creates will be lost.

Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis. Please close HijackThis - we'll use it later.

1. Please download this file - Combofix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

  • [*]F3 - REG:win.ini: load=C:\WINNT\svchost.exe
    [*]O2 - BHO: {de1f5fc0-5a75-0868-8464-58d367cf5a42} - {24a5fc76-3d85-4648-8680-57a50cf5f1ed} - C:\WINNT\system32\rsnwrveq.dll
    [*]O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
    [*]O2 - BHO: 0 - {48C7B1C3-4061-4AD3-42BB-0E535249119C} - C:\Program Files\Windows Media Player\lawugepi461.dll (file missing)
    [*]O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    [*]O2 - BHO: (no name) - {86882CA4-BE70-4BCE-AEA5-CF40EB8E0BC3} - C:\WINNT\system32\ddcbywx.dll (file missing)
    [*]O2 - BHO: (no name) - {9AF8CBE4-6C00-4415-B47C-A423AECC40F1} - C:\Program Files\BroadJump\holemu83122.dll (file missing)
    [*]O2 - BHO: (no name) - {A78D4460-F713-4F10-A886-0B680BED80AD} - C:\WINNT\shwol.dll
    [*]O2 - BHO: (no name) - {CBD504B0-A9DE-4801-BD2E-C943E0A55D97} - C:\WINNT\system32\fccba.dll
    [*]O2 - BHO: (no name) - {FF51ACB7-C8A7-4412-9F19-640BC0A85C8A} - C:\Program Files\BroadJump\holemu4444.dll (file missing)
    [*]O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    [*]O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    [*]O4 - HKLM\..\Run: [88ab4af0] rundll32.exe "C:\WINNT\system32\apbinxov.dll",b
    [*]O4 - HKCU\..\Policies\Explorer\Run: [{88AB4A5F-02B8-1033-0509-030101170001}] "C:\Program Files\Common Files\{88AB4A5F-02B8-1033-0509-030101170001}\Update.exe" te-110-12-0000213
    [*]O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    [*]O16 - DPF: {78AB15BF-0C99-4E52-87C9-5201394749EF} - http://install.mycleanerpc.com/disti...ycleanerpc.exe
    [*]O20 - Winlogon Notify: ddcbywx - ddcbywx.dll (file missing)

If you (e.g. using Spybot Search and Destory) or your System Administrator didn't place any restrictions on Internet Explorer, also check the following entries:
  • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Please close all open windows except for HijackThis and choose Fix checked

Please set Windows to show hidden files:
  • From any folder, select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please delete the following files (where still present):

  • [*]C:\WINNT\svchost.exe <- Be careful not to delete the legitimate C:\WINNT\System32\svchost.exe
    [*]C:\WINNT\system32\rsnwrveq.dll
    [*]C:\WINNT\system32\apbinxov.dll
    [*]C:\WINNT\shwol.dll
    [*]C:\WINNT\system32\fccba.dll

Please delete the following folder:
  • C:\Program Files\Common Files\{88AB4A5F-02B8-1033-0509-030101170001}

Please reboot and post
  • The ComboFix log
  • A new HijackThis log
  • An update on how things are running
 
Last edited:
look like your bro been watching porn for the past few month
but to fix that is easy
run a scan and delete infected item
but delete this first,
C:\Program Files\Common Files\{88AB4A5F-02B8-1033-0509-030101170001}
 
here is his updated combofix log.. if guys can check them over.. thanks alot..

combofix:
ComboFix 07-12-21.4 - M. 12/20/2007 18:01:05.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.87 [GMT -6:00]
Running from: C:\Documents and Settings\M\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\uknykcie.exe
C:\WINNT\system32\yoxxidsq.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 18:01 . 12/20/07 06:01p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_338.dat
2007-12-19 08:00 . 12/19/07 08:00a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e4.dat
2007-12-16 11:37 . 12/16/07 11:37a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_23c.dat
2007-12-14 14:09 . 12/14/07 02:09p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_220.dat
2007-12-11 19:27 . 12/11/07 07:27p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_22c.dat
2007-12-11 17:03 . 12/11/07 05:03p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_224.dat
2007-12-11 02:35 . 12/11/07 02:35a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e8.dat
2007-12-11 01:52 . 12/11/07 01:52a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_228.dat
2007-12-11 00:15 . 12/11/07 12:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_658.dat
2007-12-08 09:28 . 12/08/07 09:28a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1d0.dat
2007-12-08 09:11 . 12/08/07 09:11a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_21c.dat
2007-12-08 08:07 . 12/08/07 08:07a <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 14:23 . 12/06/07 02:23p 36,928 --a------ C:\WINNT\system32\gmovnrvi.dll
2007-12-04 01:03 . 12/05/07 05:49p 1,074 --ahs---- C:\WINNT\system32\voxnibpa.ini
2007-12-02 23:23 . 12/04/07 12:50a 954 --ahs---- C:\WINNT\system32\obawrsyq.ini
2007-12-01 22:31 . 12/02/07 11:42a 894 --ahs---- C:\WINNT\system32\kqvtpyhy.ini
2007-11-29 19:27 . 12/01/07 10:22p 774 --ahs---- C:\WINNT\system32\jvrxutnc.ini
2007-11-28 20:09 . 11/29/07 02:19p 654 --ahs---- C:\WINNT\system32\nxuaodds.ini
2007-11-27 19:24 . 11/28/07 08:04p 594 --ahs---- C:\WINNT\system32\vxqwyqim.ini
2007-11-26 18:54 . 11/27/07 07:17p 474 --ahs---- C:\WINNT\system32\agjxafhk.ini
2007-11-26 08:49 . 11/26/07 06:16p 354 --ahs---- C:\WINNT\system32\mqoyhdos.ini
2007-11-25 16:39 . 11/25/07 04:39p <DIR> d-------- C:\Documents and Settings\M\Application Data\Viewpoint
2007-11-25 08:44 . 11/25/07 08:44a 294 --ahs---- C:\WINNT\system32\ovicdnjr.ini
2007-11-23 11:48 . 11/23/07 11:48a 294 --ahs---- C:\WINNT\system32\rvkotgvq.ini
2007-11-23 09:08 . 11/23/07 09:08a 834 --ahs---- C:\WINNT\system32\bokkffdp.ini
2007-11-21 09:10 . 11/23/07 09:09a 774 --ahs---- C:\WINNT\system32\monpvphh.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 03:29 --------- d-----w C:\Program Files\MySpace
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-14 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-31 16:35 0 ----a-w C:\svcipa.exe
2007-10-28 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-27 07:50 50 ---ha-w C:\aaw7boot.cmd
2007-10-27 06:20 --------- d-----w C:\Program Files\BroadJump
2007-10-27 05:53 --------- d-----w C:\Program Files\Lavasoft
2007-10-27 05:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-27 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-27 05:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:35 --------- d-----w C:\Program Files\Common Files\Panda Software
2007-10-22 03:41 --------- d-----w C:\Program Files\test
2007-10-22 03:24 29,696 ----a-w C:\WINNT\shwol.dll
2007-10-22 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup
2007-10-22 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 00:37 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2007-10-21 08:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\Yahoo!
2007-10-21 08:03 77,824 ----a-w C:\MicroSofts.pif
2007-10-21 07:12 10,773 ----a-w C:\WINNT\mbj.exe
2007-10-21 02:54 --------- d-----w C:\Documents and Settings\M\Application Data\AdwareAlert
2007-10-20 22:47 10,773 ----a-w C:\WINNT\qrlxc.exe
2007-10-11 22:47 245,408 ----a-w C:\WINNT\system32\unicows.dll
2005-10-25 04:56 2,889,085 ----a-w C:\Program Files\message5.txt
2005-10-17 02:05 304,728 ----a-w C:\Program Files\nsb-setup.exe
2005-10-17 02:00 381,480 ----a-w C:\Program Files\msgr7us.exe
2005-10-17 01:42 491,768 ----a-w C:\Program Files\ie6setup.exe
2005-09-08 21:25 6,888,208 ----a-w C:\Program Files\SpySweeperTrialSetup3683_EN.exe
2005-09-08 21:23 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-08-18 04:06 271 ---h--w C:\Program Files\desktop.ini
2004-08-18 04:06 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/07 05:16p]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spyware Begone"="c:\freescan\freescan.exe" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 03:46p]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/06 06:58p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/07 04:03p]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/05 04:41p]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 01:05p]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmovnrvi]
gmovnrvi.dll 12/06/07 02:23p 36928 C:\WINNT\system32\gmovnrvi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FCB89]
__c00FCB89.dat

R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07/27/07 04:02p]
R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [10/10/00 09:00a]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINNT\system32\DRIVERS\cwrwdm.sys [12/11/00 12:27p]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [10/23/99 06:22a]
S1 ShldDrv;Panda File Shield Driver;C:\WINNT\system32\DRIVERS\ShldDrv.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINNT\system32\DRIVERS\PavProc.sys []
S3 CCCP106;CIF USB Camera (2110A);C:\WINNT\system32\DRIVERS\cccp106.sys [04/09/03 10:17a]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 09:00:01 C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-10 14:23:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-20 12:00:00 C:\WINNT\Tasks\At7.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 18:04:59
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\gmovnrvi.dll
.
Completion time: 12/20/2007 18:06:14
C:\ComboFix2.txt ... 12/08/07 08:42a
.
2007-10-27 05:12:05 --- E O F ---
 
ok.. finally here is the hijackthis log and the combofix log.. he says that his computer seems to be taken care of.. but there seems to be a couple of issues yet to me.. let me know what you think.. thanks guys! have a great christmas and/or holiday!

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:19 PM, on 12/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134607654641
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134534561556
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: gmovnrvi - C:\WINNT\SYSTEM32\gmovnrvi.dll
O20 - Winlogon Notify: __c00FCB89 - __c00FCB89.dat (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 8482 bytes


combo fix:

ComboFix 07-12-21.4 - M 12/20/2007 18:01:05.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.87 [GMT -6:00]
Running from: C:\Documents and Settings\M\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\uknykcie.exe
C:\WINNT\system32\yoxxidsq.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 18:01 . 12/20/07 06:01p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_338.dat
2007-12-19 08:00 . 12/19/07 08:00a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e4.dat
2007-12-16 11:37 . 12/16/07 11:37a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_23c.dat
2007-12-14 14:09 . 12/14/07 02:09p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_220.dat
2007-12-11 19:27 . 12/11/07 07:27p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_22c.dat
2007-12-11 17:03 . 12/11/07 05:03p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_224.dat
2007-12-11 02:35 . 12/11/07 02:35a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e8.dat
2007-12-11 01:52 . 12/11/07 01:52a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_228.dat
2007-12-11 00:15 . 12/11/07 12:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_658.dat
2007-12-08 09:28 . 12/08/07 09:28a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1d0.dat
2007-12-08 09:11 . 12/08/07 09:11a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_21c.dat
2007-12-08 08:07 . 12/08/07 08:07a <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 14:23 . 12/06/07 02:23p 36,928 --a------ C:\WINNT\system32\gmovnrvi.dll
2007-12-04 01:03 . 12/05/07 05:49p 1,074 --ahs---- C:\WINNT\system32\voxnibpa.ini
2007-12-02 23:23 . 12/04/07 12:50a 954 --ahs---- C:\WINNT\system32\obawrsyq.ini
2007-12-01 22:31 . 12/02/07 11:42a 894 --ahs---- C:\WINNT\system32\kqvtpyhy.ini
2007-11-29 19:27 . 12/01/07 10:22p 774 --ahs---- C:\WINNT\system32\jvrxutnc.ini
2007-11-28 20:09 . 11/29/07 02:19p 654 --ahs---- C:\WINNT\system32\nxuaodds.ini
2007-11-27 19:24 . 11/28/07 08:04p 594 --ahs---- C:\WINNT\system32\vxqwyqim.ini
2007-11-26 18:54 . 11/27/07 07:17p 474 --ahs---- C:\WINNT\system32\agjxafhk.ini
2007-11-26 08:49 . 11/26/07 06:16p 354 --ahs---- C:\WINNT\system32\mqoyhdos.ini
2007-11-25 16:39 . 11/25/07 04:39p <DIR> d-------- C:\Documents and Settings\M\Application Data\Viewpoint
2007-11-25 08:44 . 11/25/07 08:44a 294 --ahs---- C:\WINNT\system32\ovicdnjr.ini
2007-11-23 11:48 . 11/23/07 11:48a 294 --ahs---- C:\WINNT\system32\rvkotgvq.ini
2007-11-23 09:08 . 11/23/07 09:08a 834 --ahs---- C:\WINNT\system32\bokkffdp.ini
2007-11-21 09:10 . 11/23/07 09:09a 774 --ahs---- C:\WINNT\system32\monpvphh.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 03:29 --------- d-----w C:\Program Files\MySpace
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-14 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-31 16:35 0 ----a-w C:\svcipa.exe
2007-10-28 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-27 07:50 50 ---ha-w C:\aaw7boot.cmd
2007-10-27 06:20 --------- d-----w C:\Program Files\BroadJump
2007-10-27 05:53 --------- d-----w C:\Program Files\Lavasoft
2007-10-27 05:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-27 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-27 05:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:35 --------- d-----w C:\Program Files\Common Files\Panda Software
2007-10-22 03:41 --------- d-----w C:\Program Files\test
2007-10-22 03:24 29,696 ----a-w C:\WINNT\shwol.dll
2007-10-22 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup
2007-10-22 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 00:37 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2007-10-21 08:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\Yahoo!
2007-10-21 08:03 77,824 ----a-w C:\MicroSofts.pif
2007-10-21 07:12 10,773 ----a-w C:\WINNT\mbj.exe
2007-10-21 02:54 --------- d-----w C:\Documents and Settings\M\Application Data\AdwareAlert
2007-10-20 22:47 10,773 ----a-w C:\WINNT\qrlxc.exe
2007-10-11 22:47 245,408 ----a-w C:\WINNT\system32\unicows.dll
2005-10-25 04:56 2,889,085 ----a-w C:\Program Files\message5.txt
2005-10-17 02:05 304,728 ----a-w C:\Program Files\nsb-setup.exe
2005-10-17 02:00 381,480 ----a-w C:\Program Files\msgr7us.exe
2005-10-17 01:42 491,768 ----a-w C:\Program Files\ie6setup.exe
2005-09-08 21:25 6,888,208 ----a-w C:\Program Files\SpySweeperTrialSetup3683_EN.exe
2005-09-08 21:23 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-08-18 04:06 271 ---h--w C:\Program Files\desktop.ini
2004-08-18 04:06 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/07 05:16p]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spyware Begone"="c:\freescan\freescan.exe" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 03:46p]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/06 06:58p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/07 04:03p]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/05 04:41p]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 01:05p]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmovnrvi]
gmovnrvi.dll 12/06/07 02:23p 36928 C:\WINNT\system32\gmovnrvi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FCB89]
__c00FCB89.dat

R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07/27/07 04:02p]
R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [10/10/00 09:00a]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINNT\system32\DRIVERS\cwrwdm.sys [12/11/00 12:27p]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [10/23/99 06:22a]
S1 ShldDrv;Panda File Shield Driver;C:\WINNT\system32\DRIVERS\ShldDrv.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINNT\system32\DRIVERS\PavProc.sys []
S3 CCCP106;CIF USB Camera (2110A);C:\WINNT\system32\DRIVERS\cccp106.sys [04/09/03 10:17a]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 09:00:01 C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-10 14:23:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-20 12:00:00 C:\WINNT\Tasks\At7.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 18:04:59
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\gmovnrvi.dll
.
Completion time: 12/20/2007 18:06:14
C:\ComboFix2.txt ... 12/08/07 08:42a
.
2007-10-27 05:12:05 --- E O F ---
 
Last edited:
A great Christmas to you as well. A few things still to take care of, though:
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINNT\system32\gmovnrvi.dll
C:\WINNT\system32\voxnibpa.ini
C:\WINNT\system32\obawrsyq.ini
C:\WINNT\system32\kqvtpyhy.ini
C:\WINNT\system32\jvrxutnc.ini
C:\WINNT\system32\nxuaodds.ini
C:\WINNT\system32\vxqwyqim.ini
C:\WINNT\system32\agjxafhk.ini
C:\WINNT\system32\mqoyhdos.ini
C:\WINNT\system32\ovicdnjr.ini
C:\WINNT\system32\rvkotgvq.ini
C:\WINNT\system32\bokkffdp.ini
C:\WINNT\system32\monpvphh.ini
C:\svcipa.exe
C:\WINNT\shwol.dll
C:\MicroSofts.pif
C:\WINNT\mbj.exe
C:\WINNT\qrlxc.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmovnrvi]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FCB89]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is the system running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
okay here are the updated logs.. thanks man...

combofix:

ComboFix 07-12-21.4 - M 12/26/2007 18:28:40.3 - NTFSx86
Running from: C:\Documents and Settings\M\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\M\Desktop\CFScript.txt
FILE
C:\MicroSofts.pif
C:\svcipa.exe
C:\WINNT\mbj.exe
C:\WINNT\qrlxc.exe
C:\WINNT\shwol.dll
C:\WINNT\system32\agjxafhk.ini
C:\WINNT\system32\bokkffdp.ini
C:\WINNT\system32\gmovnrvi.dll
C:\WINNT\system32\jvrxutnc.ini
C:\WINNT\system32\kqvtpyhy.ini
C:\WINNT\system32\monpvphh.ini
C:\WINNT\system32\mqoyhdos.ini
C:\WINNT\system32\nxuaodds.ini
C:\WINNT\system32\obawrsyq.ini
C:\WINNT\system32\ovicdnjr.ini
C:\WINNT\system32\rvkotgvq.ini
C:\WINNT\system32\voxnibpa.ini
C:\WINNT\system32\vxqwyqim.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\MicroSofts.pif
C:\svcipa.exe
C:\WINNT\mbj.exe
C:\WINNT\qrlxc.exe
C:\WINNT\shwol.dll
C:\WINNT\system32\agjxafhk.ini
C:\WINNT\system32\bokkffdp.ini
C:\WINNT\system32\gmovnrvi.dll
C:\WINNT\system32\jvrxutnc.ini
C:\WINNT\system32\kqvtpyhy.ini
C:\WINNT\system32\monpvphh.ini
C:\WINNT\system32\mqoyhdos.ini
C:\WINNT\system32\nxuaodds.ini
C:\WINNT\system32\obawrsyq.ini
C:\WINNT\system32\ovicdnjr.ini
C:\WINNT\system32\rvkotgvq.ini
C:\WINNT\system32\voxnibpa.ini
C:\WINNT\system32\vxqwyqim.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.
2007-12-08 08:07 . 07-12-08 08:07 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 03:29 --------- d-----w C:\Program Files\MySpace
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\M\Application Data\Viewpoint
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-14 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-28 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-27 07:50 50 ---ha-w C:\aaw7boot.cmd
2007-10-27 06:20 --------- d-----w C:\Program Files\BroadJump
2007-10-27 05:53 --------- d-----w C:\Program Files\Lavasoft
2007-10-27 05:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-27 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-27 05:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:35 --------- d-----w C:\Program Files\Common Files\Panda Software
2005-10-25 04:56 2,889,085 ----a-w C:\Program Files\message5.txt
2005-10-17 02:05 304,728 ----a-w C:\Program Files\nsb-setup.exe
2005-10-17 02:00 381,480 ----a-w C:\Program Files\msgr7us.exe
2005-10-17 01:42 491,768 ----a-w C:\Program Files\ie6setup.exe
2005-09-08 21:25 6,888,208 ----a-w C:\Program Files\SpySweeperTrialSetup3683_EN.exe
2005-09-08 21:23 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-08-18 04:06 271 ---h--w C:\Program Files\desktop.ini
2004-08-18 04:06 21,952 ---h--w C:\Program Files\folder.htt
.
((((((((((((((((((((((((((((( snapshot@Thu 12-20-2007_18.05.06.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-21 00:09:49 3,748 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{B12A845F-EC2F-4326-8174-804C7955AF88}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07-06-11 17:16 ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spyware Begone"="c:\freescan\freescan.exe" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 15:46 ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [07-12-07 01:33 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-10-25 18:58 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-07-27 16:03 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-09-28 16:41 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [07-12-07 01:33 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07-07-27 16:02 ]
R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [00-10-10 09:00 ]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINNT\system32\DRIVERS\cwrwdm.sys [00-12-11 12:27 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 06:22 ]
S1 ShldDrv;Panda File Shield Driver;C:\WINNT\system32\DRIVERS\ShldDrv.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINNT\system32\DRIVERS\PavProc.sys []
S3 CCCP106;CIF USB Camera (2110A);C:\WINNT\system32\DRIVERS\cccp106.sys [03-04-09 10:17 ]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 09:00:00 C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-24 14:23:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 12:00:00 C:\WINNT\Tasks\At7.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 18:37:21
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-26 18:39:49 - machine was rebooted
C:\ComboFix2.txt ... 07-12-20 18:06
C:\ComboFix3.txt ... 07-12-08 08:42
.
2007-10-27 05:12:05 --- E O F ---


hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:07 PM, on 12/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134607654641
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134534561556
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 8125 bytes
 
Yes, those were files that ComboFix missed. They're gone now, though, and the logfiles appear to be clean. Any remaining problems?

There is one update that I would recommend, though:

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    javaicon.gif

    Select it and click Remove.
  • Then Download and install the newest version from here:

Below I have included some ideas on how to prevent future infections that you might want to pass on.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measuer.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

I notice you are running Spybot, which is good. You might want to consider installing and running some of the following programs; they are either free or have free versions of commercial programs and will work alongside Spybot to protect you:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
can you use both spywareblaster and spywareguard(?)? are either resource hogs at all.. nearly nill? i currently have spywareblaster.. have never even noticed it.. i suppose thats a good thing though...
 
Yes, you can use both Spyware Blaster and Spyware Guard. Resource usage for Spyware Blaster is very close to zero, as there's no running processes, etc...

Resource usage for Spyware Guard is higher since it's providing active protection, although still quite low.
 
Avast is fine, but if you're using Spyware Guard I would suggest disabling the real time scanner (or resident mode) of any other Antispyware program, including Spybot's TeaTimer.
 
okay he had tried to fix the java.. he was unable to he said that he could not add or remove several items including the java.. could there still be a virus not permiting him to do this...? each of these items i believe he said didn't even show kb size...

here are the current logs... let me know if you can still see something here that would indicate that or is there something else going on... thanks btw happy new year

hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:20 PM, on 1/1/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\QuickTime\PictureViewer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134607654641
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134534561556
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 8015 bytes

combo fix:

ComboFix 08-01-02.1 - M 01/01/2008 20:32:07.4 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.150 [GMT -6:00]
Running from: C:\Documents and Settings\M\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\system32\iqmbuvia.ini
C:\WINNT\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-01 20:32 . 01/01/08 08:32p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2fc.dat
2008-01-01 20:31 . 08/31/00 08:00a 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-01 12:52 . 01/01/08 12:52p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-01-01 12:52 . 01/01/08 12:52p 1,409 --a------ C:\WINNT\QTFont.for
2007-12-28 23:13 . 12/28/07 11:22p <DIR> d-------- C:\Documents and Settings\M\Application Data\ZoomBrowser EX
2007-12-28 23:06 . 09/02/05 01:08a 117,760 --a------ C:\WINNT\system32\CNDPTPU.dll
2007-12-28 23:06 . 09/02/05 01:08a 63,488 --a------ C:\WINNT\system32\CNDPTPC.dll
2007-12-28 23:05 . 12/28/07 11:21p <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-12-28 23:04 . 12/28/07 11:06p <DIR> d-------- C:\Program Files\Canon
2007-12-28 23:03 . 12/28/07 11:03p <DIR> d-------- C:\Program Files\Common Files\Canon
2007-12-28 15:32 . 12/28/07 03:32p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_558.dat
2007-12-08 08:07 . 12/08/07 08:07a <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 03:29 --------- d-----w C:\Program Files\MySpace
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\M\Application Data\Viewpoint
2007-11-25 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-14 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-27 07:50 50 ---ha-w C:\aaw7boot.cmd
2007-10-11 22:47 245,408 ----a-w C:\WINNT\system32\unicows.dll
2005-10-25 04:56 2,889,085 ----a-w C:\Program Files\message5.txt
2005-10-17 02:05 304,728 ----a-w C:\Program Files\nsb-setup.exe
2005-10-17 02:00 381,480 ----a-w C:\Program Files\msgr7us.exe
2005-10-17 01:42 491,768 ----a-w C:\Program Files\ie6setup.exe
2005-09-08 21:25 6,888,208 ----a-w C:\Program Files\SpySweeperTrialSetup3683_EN.exe
2005-09-08 21:23 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-08-18 04:06 271 ---h--w C:\Program Files\desktop.ini
2004-08-18 04:06 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/07 05:16p 4670968]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Spyware Begone"="c:\freescan\freescan.exe" [ ]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 03:46p 1460560]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a 8720384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p 111376 C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/06 06:58p 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/07 04:03p 75128]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/05 04:41p 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/07 01:33a 8720384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 01:05p 186640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07/27/07 04:02p]
R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [10/10/00 09:00a]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINNT\system32\DRIVERS\cwrwdm.sys [12/11/00 12:27p]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [10/23/99 06:22a]
S1 ShldDrv;Panda File Shield Driver;C:\WINNT\system32\DRIVERS\ShldDrv.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINNT\system32\DRIVERS\PavProc.sys []
S3 CCCP106;CIF USB Camera (2110A);C:\WINNT\system32\DRIVERS\cccp106.sys [04/09/03 10:17a]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 09:00:00 C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-31 14:23:04 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 12:00:00 C:\WINNT\Tasks\At7.job"
- C:\WINNT\system32\81J2eKU4.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:35:15
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 01/01/2008 20:36:14
ComboFix-quarantined-files.txt 2008-01-02 02:35:53
ComboFix2.txt 2007-12-27 00:39:49
ComboFix3.txt 2007-12-21 00:06:15
ComboFix4.txt 2007-12-08 14:42:25
.
2007-10-27 05:12:05 --- E O F ---
 
You must log in or register to reply here.
Back
Top