22 replies to this topic

[exfallsburg]

Here are thehijackthis avg and super antspyware logs
i'll post the bit defender log seperately


Logfile of HijackThis v1.99.1
Scan saved at 2:38:49 AM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Updater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169086581765
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169097442203
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe





---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:24:43 AM 1/25/2007

+ Scan result:



C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0009168.dll -> Adware.PurityScan : Ignored.
C:\RECYCLER\NPROTECT008765 -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008786 -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008802 -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP87\A0020319.EXE -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008752 -> Logger.Agent.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0013906.exe -> Logger.Agent.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0013909.dll -> Logger.Small.ez : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008766 -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT008789 -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT008800 -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@redir.adengage[1].txt -> TrackingCookie.Adengage : Cleaned.
C:\RECYCLER\NPROTECT008798 -> TrackingCookie.Adtech : Cleaned.
C:\RECYCLER\NPROTECT008773 -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT008781 -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT008754 -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\NPROTECT008762 -> TrackingCookie.Burstbeacon : Cleaned.
C:\RECYCLER\NPROTECT008761 -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT008804 -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\NPROTECT008791 -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\NPROTECT008780 -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT008793 -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\NPROTECT008764 -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT008775 -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\RECYCLER\NPROTECT008797 -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT008785 -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\NPROTECT008779 -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\RECYCLER\NPROTECT008751 -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\NPROTECT008768 -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\NPROTECT008795 -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Benny\Cookies\benny@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\RECYCLER\NPROTECT008753 -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\NPROTECT008778 -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\NPROTECT008763 -> TrackingCookie.Webtrendslive : Cleaned.
C:\RECYCLER\NPROTECT008790 -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0013907.dll -> Trojan.Agent.fd : Cleaned with backup (quarantined).
[2220] VM_00A40000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2228] VM_00AF0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2252] VM_00B40000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2292] VM_00AB0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2328] VM_009A0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2356] VM_00B60000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2368] VM_009F0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2384] VM_00A80000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2424] VM_00B50000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2444] VM_00830000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2476] VM_00A10000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2484] VM_00920000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[2568] VM_00B70000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[3044] VM_00ED0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[3064] VM_00BA0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[3248] VM_00AA0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[3816] VM_009F0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[640] VM_00DC0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[668] VM_00F50000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[968] VM_003C0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008750 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008771 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008772 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008774 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008776 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008782 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008787 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008796 -> Trojan.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT008803 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

SUPERAntiSpyware Scan Log
Generated 01/24/2007 at 11:27 PM

Application Version : 3.5.1016

Core Rules Database Version : 3172
Trace Rules Database Version: 1182

Scan type : Complete Scan
Total Scan Time : 01:44:39

Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 5634
Registry threats detected : 7
File items scanned : 41458
File threats detected : 87

Adware.Tracking Cookie
C:\Documents and Settings\Benny\Cookies\benny@atdmt[2].txt
C:\Documents and Settings\Benny\Cookies\benny@mediaplex[1].txt
C:\Documents and Settings\Benny\Cookies\benny@www.burstnet[2].txt
C:\Documents and Settings\Benny\Cookies\benny@xiti[1].txt
C:\Documents and Settings\Benny\Cookies\benny@adultadworld[1].txt
C:\Documents and Settings\Benny\Cookies\benny@ad.yieldmanager[2].txt
C:\Documents and Settings\Benny\Cookies\benny@4.adbrite[2].txt
C:\Documents and Settings\Benny\Cookies\benny@citi.bridgetrack[2].txt
C:\Documents and Settings\Benny\Cookies\benny@burstnet[2].txt
C:\Documents and Settings\Benny\Cookies\benny@media.adrevolver[2].txt
C:\Documents and Settings\Benny\Cookies\benny@uk.sitestat[1].txt
C:\Documents and Settings\Benny\Cookies\benny@fcstats.bcentral[2].txt
C:\Documents and Settings\Benny\Cookies\benny@imrworldwide[2].txt
C:\Documents and Settings\Benny\Cookies\benny@2.adbrite[2].txt
C:\Documents and Settings\Benny\Cookies\benny@www.ppctracking[1].txt
C:\Documents and Settings\Benny\Cookies\benny@reduxads.valuead[2].txt
C:\Documents and Settings\Benny\Cookies\benny@tribalfusion[2].txt
C:\Documents and Settings\Benny\Cookies\benny@zedo[1].txt
C:\Documents and Settings\Benny\Cookies\benny@adbrite[2].txt
C:\Documents and Settings\Benny\Cookies\benny@247realmedia[1].txt
C:\Documents and Settings\Benny\Cookies\benny@hitbox[2].txt
C:\Documents and Settings\Benny\Cookies\benny@sec1.liveperson[1].txt
C:\Documents and Settings\Benny\Cookies\benny@trafficmp[2].txt
C:\Documents and Settings\Benny\Cookies\benny@tacoda[2].txt
C:\Documents and Settings\Benny\Cookies\benny@perf.overture[1].txt
C:\Documents and Settings\Benny\Cookies\benny@likecrack[2].txt
C:\Documents and Settings\Benny\Cookies\benny@cpvfeed[2].txt
C:\Documents and Settings\Benny\Cookies\benny@ehg-trilegiant.hitbox[1].txt
C:\Documents and Settings\Benny\Cookies\benny@www.burstbeacon[2].txt
C:\Documents and Settings\Benny\Cookies\benny@advertising[2].txt
C:\Documents and Settings\Benny\Cookies\benny@questionmarket[1].txt
C:\Documents and Settings\Benny\Cookies\benny@as-us.falkag[1].txt
C:\Documents and Settings\Benny\Cookies\benny@tradedoubler[2].txt
C:\Documents and Settings\Benny\Cookies\benny@atwola[1].txt
C:\Documents and Settings\Benny\Cookies\benny@kanoodle[1].txt
C:\Documents and Settings\Benny\Cookies\benny@adopt.specificclick[2].txt
C:\Documents and Settings\Benny\Cookies\benny@ads.realtechnetwork[1].txt
C:\Documents and Settings\Benny\Cookies\benny@uk.sitestat[2].txt
C:\Documents and Settings\Benny\Cookies\benny@ad.msn.co[1].txt
C:\Documents and Settings\Benny\Cookies\benny@ads.adbrite[2].txt
C:\Documents and Settings\Benny\Cookies\benny@statse.webtrendslive[1].txt
C:\Documents and Settings\Benny\Cookies\benny@realmedia[2].txt
C:\Documents and Settings\Benny\Cookies\benny@adrevolver[2].txt
C:\Documents and Settings\Benny\Cookies\benny@fastclick[1].txt
C:\Documents and Settings\Benny\Cookies\benny@doubleclick[1].txt
C:\Documents and Settings\Benny\Cookies\benny@adtech[2].txt
C:\Documents and Settings\Benny\Cookies\benny@msnisrael.122.2o7[1].txt
C:\Documents and Settings\Benny\Cookies\benny@2o7[2].txt
C:\Documents and Settings\Benny\Cookies\benny@ads.pointroll[2].txt

Trojan.Media-Codec
HKU\S-1-5-21-235632778-793451324-3915614830-1006\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
C:\Program Files\VIDEO ACTIVEX OBJECT
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ C:\Program Files\Video ActiveX Object\pmsngr.exe ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} [ hirtellous ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#hirtellous [ {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP86\A0018810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP87\A0020606.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP87\A0020607.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0009182.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP58\A0009186.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009194.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009199.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009214.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009222.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0009239.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP60\A0009240.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0009316.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0009324.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0009329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0010300.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0010306.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP63\A0010717.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0010787.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012554.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012670.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012734.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012839.DLL
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA

Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP59\A0009211.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP61\A0009309.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0010293.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012603.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012853.EXE

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0009323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0010279.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP63\A0010725.DLL

Adware.Toolbar888
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP62\A0010305.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012527.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012669.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0012850.DLL

Trojan.Downloader-SCTWND32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP66\A0013905.DLL

[exfallsburg]

the bit defender log didn't fit so i've attached it

Attached Files

•  bitdefender.txt   402.3K   6 downloads

[rridgely]

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.

Please keep all your replys in this topic.

[exfallsburg]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 25, 2007 10:53:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/01/2007
Kaspersky Anti-Virus database records: 247384
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82318
Number of viruses found: 1
Number of infected objects: 0 / 0
Number of suspicious objects: 1
Duration of the scan process: 02:37:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies30625102310\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-01-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7F17544A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BD7A60BB.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\bittorrent.log Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\data\resume\515bcf70af0d2fa193abeeb6a409249197bcde72 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\704 - Cancelled_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\705 - Fat Butt and Pancake Head_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\706 - Lil' Crime Stoppers_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\707 - Red Man's Greed_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\708 - South Park Is Gay_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\709 - Christian Rock Hard_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\710 - Grey Dawn_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\711 - Casa Bonita_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\712 - All About Mormons_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\713 - Butt Out_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\714 - Raisins_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\515bcf70-8437\715 - It's Christmas in Canada_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\801 - Good Times With Weapons_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\802 - AWESOM-O_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\803 - Up The Down Steroid_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\804 - The Passion Of The Jew_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\805 - You Got f***ed In The Ass_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\806 - Goobacks_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\807 - The Jeffersons_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\808 - Douche and Turd_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\809 - Something Wall-Mart This Way Comes_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\810 - Pre-School_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\811 - Quest for Ratings_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\812 - Stupid Spoiled Whore Video Playset_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\813 - Cartman's Incredible Gift_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\92b94aea-9bc7\814 - Woodland Critter Christmas_www.mrtwig.net.rm Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock1 Dutty Rock Intro.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock6 Top Of The Game.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\11 International Affair.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\13 Punkie.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\14 My Name.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\15 Jukin' Punny.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\18 Bubble.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\19 Shake That Thing.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Dutty Rock\21 It'S On.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Maximum Sean Paul1 Roots.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Maximum Sean Paul7 Down and Dutty.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Maximum Sean Paul9 Bad Bwoy.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Maximum Sean Paul\10 What's Next-.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Medina riddim-Sean Paul - Trespass.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Excite Me.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Fit & Light.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Gal A Bawl.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Look So Appealing.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Woman Ya Hot.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - Work With It.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul - You Done Rule.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Random Songs\Sean Paul- Butta.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Ever Blazin And Rare Tunes5-sean_paul-u_a_pro-jrp.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Ever Blazin And Rare Tunes6-sean_paul-as_time_goes_on-jrp.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Let's Get High1 - Number One Sound.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Let's Get High4 - Three Little Birds (ft. Ziggy Marley).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Let's Get High6 - Touch My Body (ft. Nina Sky).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Let's Get High\12- Culo (Album Remix) (ft. Pitbull & Lil Jon) (Bonus Track).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Sean Paul - Let's Get High\13 - Dutty Passing (Bonus Track).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One3 Infiltrate.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One5 Haffiget de Gal Ya (Hot Gal Today).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One6 Real Man.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One8 Check It Deeply.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One9 Mek It Go So Den.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\12 Tiger Bone.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\18 Uptowners (Skit).mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\19 No Bligh.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\20 Slap Trap.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\21 Strategy.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Stage One\24 You Must Lose.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\10 I'll Take You There.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\13 Head to Toe.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\14 Connection.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\17 Change the Game.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\18 The Trinity.mp3 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\AlbumArt_{8D095B3B-4BFB-48CD-9EC0-627862D71D50}_Large.jpg Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\AlbumArt_{8D095B3B-4BFB-48CD-9EC0-627862D71D50}_Small.jpg Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\The Trinity\Folder.jpg Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\c43e03d5-0834\Torrent downloaded from Demonoid.com.txt Object is locked skipped
C:\Documents and Settings\Benny\Application Data\BitTorrent\incomplete\f72c57d9-5642 Object is locked skipped
C:\Documents and Settings\Benny\Application Data\LimeWire\.NetworkShare\Incomplete\T-3098160-LimeWireWin4.12.9.exe Object is locked skipped
C:\Documents and Settings\Benny\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Benny\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Benny\Desktop\Temp\Incomplete\T-334381870-She's The Man 2006.avi Object is locked skipped
C:\Documents and Settings\Benny\Desktop\Temp\Incomplete\T-738443264-Ice Age2 The Meltdown 2006 Full movie english DivX DivX Player is needed to view Dvd quality picture browse all the files for all the latest hit movies and classics always a d.avi Object is locked skipped
C:\Documents and Settings\Benny\Desktop\Temp\Incomplete\T-772446472-James Bond Casino Royale.mpg Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\History\History.IE5\MSHist012007012520070126\index.dat Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temp\fla125.tmp Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temp\hsperfdata_Benny\1160 Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temp\~DFAD5A.tmp Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temp\~DFAD70.tmp Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temporary Internet Files\Content.IE5\31NTLYSK\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Benny\Local Settings\Temporary Internet Files\Content.IE5\DJT3W4AK\bind[2].htm Object is locked skipped
C:\Documents and Settings\Benny\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Benny\ntuser.dat Object is locked skipped
C:\Documents and Settings\Benny\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP95\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[rridgely]

Please post a new hijackthis log.

[exfallsburg]

Logfile of HijackThis v1.99.1
Scan saved at 7:36:55 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Updater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169086581765
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169097442203
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[rridgely]

Please visit VirusTotal and have this file scanned:

C:\Updater.exe

Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the scan results back on here, let us know if you have any problems finding the file.

[exfallsburg]

no viruses found the file is a firmware flash program for an iriver ifp-899. any other ideas?

[rridgely]

Yep, where not done yet.

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

----------------

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

[exfallsburg]

Here is the Combofix log:

"Benny" - 07-01-29 20:39:35 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Benny\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{3136D~1
C:\Program Files\outlook
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Benny
C:\qoobox\purity\DOCUME~1\Benny\My Documents
C:\qoobox\purity\DOCUME~1\Benny\My Documents\DOBE~1
C:\qoobox\purity\DOCUME~1\Benny\My Documents\from.txt


((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


2007-01-29 02:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-27 19:58 <DIR> d-------- C:\Program Files\Full Speed Tests
2007-01-25 20:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-25 19:43 <DIR> d-------- C:\44729974e7267f1b78daeb4821
2007-01-25 01:51 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-25 01:48 <DIR> d-------- C:\Program Files\Real
2007-01-25 01:48 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-25 01:46 <DIR> d-------- C:\DOCUME~1\Benny\Application Data\Real
2007-01-25 01:43 <DIR> d-------- C:\My Downloads
2007-01-24 21:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-24 21:43 <DIR> d-------- C:\Program Files\Grisoft
2007-01-24 21:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-24 21:40 <DIR> d-------- C:\DOCUME~1\Benny\Application Data\SUPERAntiSpyware.com
2007-01-24 21:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-24 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-24 21:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-24 20:33 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-24 20:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-24 20:09 <DIR> d-------- C:\WINDOWS\Performance
2007-01-24 20:08 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-01-24 20:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-24 03:46 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-01-24 03:41 <DIR> d-------- C:\Program Files\Norton SystemWorks
2007-01-24 03:39 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-24 03:39 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-24 03:38 <DIR> d-------- C:\Program Files\Symantec
2007-01-24 01:58 <DIR> d-------- C:\HijackThis
2007-01-21 00:02 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-01-21 00:01 81,920 --a------ C:\DOCUME~1\Benny\Application Data\ezpinst.exe
2007-01-21 00:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 00:01 47,360 --a------ C:\DOCUME~1\Benny\Application Data\pcouffin.sys
2007-01-21 00:01 <DIR> d-------- C:\DOCUME~1\Benny\Application Data\Vso
2007-01-21 00:00 <DIR> d-------- C:\Program Files\CloneDVD
2007-01-21 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVDXStudio
2007-01-19 05:49 <DIR> d-------- C:\DOCUME~1\Benny\Application Data\BitTorrent
2007-01-19 05:47 <DIR> d-------- C:\Program Files\BitTorrent
2007-01-19 05:25 <DIR> d-------- C:\Program Files\Incomplete
2007-01-19 05:24 <DIR> d-------- C:\Program Files\LimeWire
2007-01-19 03:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-19 03:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-18 14:26 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-18 14:18 121,856 --a------ C:\WINDOWS\system32\xmllite.dll
2007-01-18 03:04 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-18 02:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-18 02:15 <DIR> d-------- C:\Program Files\iTunes
2007-01-18 00:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-18 00:11 <DIR> d-------- C:\a4a650f3229f44723dcff7d383
2007-01-17 23:19 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-17 21:23 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-17 21:23 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-17 21:18 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-17 21:18 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-17 20:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-17 18:18 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-17 18:16 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-17 18:14 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-17 18:09 <DIR> d-------- C:\3619f1d6b0ea8a8c0b8b1ff9bc95ff
2007-01-17 16:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-17 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-17 03:51 <DIR> d--hs---- C:\DOCUME~1\Benny\UserData
2007-01-17 03:13 <DIR> d-------- C:\DOCUME~1\Benny\Application Data\LimeWire
2007-01-17 02:41 <DIR> d-------- C:\Program Files\iTunes(2)


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-28 13:54 -------- d-------- C:\DOCUME~1\Benny\Application Data\adobeum
2007-01-27 23:55 -------- d-------- C:\Program Files\java
2007-01-25 17:03 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-24 20:08 -------- d---s---- C:\DOCUME~1\Benny\Application Data\microsoft
2007-01-24 01:13 -------- d-------- C:\DOCUME~1\Benny\Application Data\symantec
2007-01-21 00:01 7176 --a------ C:\DOCUME~1\Benny\Application Data\pcouffin.cat
2007-01-21 00:01 34 --a------ C:\DOCUME~1\Benny\Application Data\pcouffin.log
2007-01-21 00:01 1144 --a------ C:\DOCUME~1\Benny\Application Data\pcouffin.inf
2007-01-20 23:05 -------- d-------- C:\DOCUME~1\Benny\Application Data\adobe
2007-01-18 02:15 -------- d-------- C:\Program Files\ipod
2007-01-18 02:14 -------- d-------- C:\Program Files\quicktime
2007-01-17 15:39 -------- d-------- C:\Program Files\kodak
2006-12-19 17:09 276792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-12-19 17:09 25400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-12-19 17:09 247096 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"iRiver Updater"="\\Updater.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdgaf.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
bthsvcs REG_MULTI_SZ BthServ\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SDDRIVER



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070124-040904-303
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.200
backup-20070124-040904-726
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.200
backup-20070124-040903-524
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.200
backup-20070124-040903-639
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABD57F6-D319-475A-9443-76CA37BCDA0B}: NameServer = 85.255.116.104,85.255.112.200
backup-20070124-040903-870
O17 - HKLM\System\CCS\Services\Tcpip\..\{496FD78F-0EA2-4D78-85D7-51C6E5AFEFC1}: NameServer = 85.255.116.104,85.255.112.200
backup-20070124-040903-724
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B25C3B2-0B01-4CAF-9DB5-CA3FD60EAA80}: NameServer = 85.255.116.104,85.255.112.200

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Benny.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{68AE7183-07A4-40D9-B2D2-15D6B642385B}.job

Completion time: 07-01-29 20:46:07

[exfallsburg]

Here is The Blacklight beta log:

01/29/07 20:11:20 [Info]: BlackLight Engine 1.0.55 initialized
01/29/07 20:11:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/29/07 20:11:22 [Note]: 7019 4
01/29/07 20:11:22 [Note]: 7005 0
01/29/07 20:11:27 [Note]: 7006 0
01/29/07 20:11:27 [Note]: 7011 624
01/29/07 20:11:27 [Note]: 7026 0
01/29/07 20:11:27 [Note]: 7026 0
01/29/07 20:11:37 [Note]: FSRAW library version 1.7.1021
01/29/07 20:31:07 [Info]: Hidden file: c:\WINDOWS\system32\kdgaf.exe
01/29/07 20:31:07 [Note]: 7002 32
01/29/07 20:31:07 [Note]: 7003 1
01/29/07 20:31:07 [Note]: 10002 1
01/29/07 20:37:22 [Note]: 7007 0

[rridgely]

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) back into this thread.

[exfallsburg]

Fixwareout
Last edited 1/27/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\system32\kdgaf.exe will be moved to C:\WINDOWS\temp\kdgaf.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»


»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[exfallsburg]

Logfile of HijackThis v1.99.1
Scan saved at 11:35:13 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169086581765
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169097442203
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[rridgely]

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[exfallsburg]

SmitFraudFix v2.137

Scan done at 19:29:45.03, Tue 01/30/2007
Run from C:\Documents and Settings\Benny\Desktop\Anti SpyWare\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Benny


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Benny\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Benny\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[rridgely]

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

[exfallsburg]

SmitFraudFix v2.137

Scan done at 14:25:30.00, Wed 01/31/2007
Run from C:\Documents and Settings\Benny\Desktop\Anti SpyWare\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[rridgely]

Post a new hijackthis log.

[exfallsburg]

Logfile of HijackThis v1.99.1
Scan saved at 7:45:55 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169086581765
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169097442203
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe