[IN PROGRESS]Problems after MRP
Goto page 1, 2  Next
 CastleCops -> Trend Micro HijackThis Logs
Author: SammelLocation: USA PostPosted: Thu Jun 12, 2008 6:00 am    Post subject: Problems after MRP
This is my first time posting in any kind of forum, but i dont know what else to do. I am going to be as detailed as possible because I really want to get this fixed. I believe I have tons of Spyware or some other crap on my computer. My problem started when I got online this morning. I normally use Firefox as a browser. When I opened it up, I got windows popping up telling me my computer was unprotected and I should download blah blah to protect my computer. I did NOT download anything that I was prompted to. I also get popup browsers, that go to all sorts of diffrernt websites such as adult friend finder and other stupid stuff. I tried Internet Exporer and the same thing happens. At first I was able to still navigate around, while looking for technical help but now, no pages will load on either browser except certain technical help pages. Thank goodness you guys are one of the sites that load, although the MRP and anything else on the wiki.castlecorps pages will no longer load. I found you guys from the firefox support page. I printed out the MRP steps on my fathers laptop and followed them TO THE LETTER. I went through the list of programs to remove and removed what I had on the list. Then i got CCcleaner and ATF Cleaner. I followed the directions and then went on to get Spybot S&D and Windows defender. I also have Spyware Doctor from google. I ran them and Spyware doctor runs fine. it detects problems everytime and removes and quarentines them. I spent over an hour waiting for spybot to scan my computer and then when it was complete it froze when i clicked fix problems. it closed my whole computer down. THEN i got windows defender and when i click check for updates it says "the program cant check for definition updates" with an error code 0x80070422. At this point, I dont want to mess my computer up anymore so I am writing you. I havent downloaded any of the antiviral scans, my computer isnt really working enough to do that as none of these pages will load. I took a log before i started the whole MRP process, and another one after i did all of the MRP stuff. I don't know if I am supossed to, but I included both of them in this post. The first one is the one before, the second is the one after. I read all of your rules and I have removed bittorrent and limewire from my computer. I know these are probly why i have this problem to begin with, they wont be going back on. I believe i have followed all of your directions so far, and I hope you can help me out with this. I've been working on all of this since noon and its now 2 am. I'm going to bed
here are the logs. thank you sosososoooo much.
Oh, and one more thing. the only thing i did wrong was download the teatimer thing you said not to. does that make a difference?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:49 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\oapsaudi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7827 bytes


<b> AND THIS IS THE SECOND ONE, DONE AFTER </b>


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:30 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\oapsaudi.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7782 bytes
Author: Prince_Serendip PostPosted: Thu Jun 12, 2008 6:32 am    Post subject:
You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.
Author: SammelLocation: USA PostPosted: Thu Jun 12, 2008 7:47 pm    Post subject:
Well I'm ready to go then just tell me what I have to do! my computer is not loading ANY pages now on any browser. But it will load the crap sites that the spyware wants me to go to . Ihope we can get this resolved. This is a huge mess. I think it goes beyond the browsers and internet now. my computer as a whole is SLOW no matter what im doing. Sad boo.
Author: SammelLocation: USA PostPosted: Tue Jun 17, 2008 11:13 pm    Post subject:
Hi, Its been 5 days And i was just wondering if there is anything I should be doing I dont want to post in unanswered logs yet because its only been the minimum 5 days and i know you guys are super busy. But i miss my computer. thanks! keep up the awesome work!
Author: Prince_Serendip PostPosted: Sat Jun 21, 2008 8:18 am    Post subject:
Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).


**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.
Author: SammelLocation: USA PostPosted: Sat Jun 21, 2008 7:53 pm    Post subject: updated log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:49 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {03657894-7C44-4EF3-A162-E70D19564373} - C:\WINDOWS\system32\cbXRHYop.dll (file missing)
O2 - BHO: (no name) - {0d71b45d-44a1-4468-bfba-f45fef76ec1f} - (no file)
O2 - BHO: (no name) - {1c54beea-2f27-407a-88ae-7ba17ee9f4e6} - (no file)
O2 - BHO: (no name) - {1DB28353-8FB8-4A0A-B36E-D6EBC7CD9249} - (no file)
O2 - BHO: (no name) - {20cc0e9f-8a82-4161-a7b5-d74547766390} - (no file)
O2 - BHO: (no name) - {45FEE5D2-BF08-462B-928A-CA99BF1C9FA7} - C:\WINDOWS\system32\yayxxyWQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {721fa0e7-71d8-4d1a-aad1-5f44739ddd23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7B76B97E-E592-46F3-A7BD-BC5409C62287} - (no file)
O2 - BHO: (no name) - {A017609F-47ED-4C01-98B7-73E467DE81F9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: {0392a880-4a13-86a8-4fd4-02922d6f0acc} - {cca0f6d2-2920-4df4-8a68-31a4088a2930} - C:\WINDOWS\system32\kgewlkhk.dll
O2 - BHO: (no name) - {CE2A6863-A571-4EBC-ACCA-63A6086D760C} - (no file)
O2 - BHO: (no name) - {d12a2b59-0961-4da2-a7d5-295902161e22} - (no file)
O2 - BHO: (no name) - {D2E1FBB5-1D67-43AE-B265-B5DB68862FE6} - (no file)
O2 - BHO: (no name) - {d349e52d-2323-420a-aa42-c1fb684f9081} - (no file)
O2 - BHO: (no name) - {E46EE5C4-22AF-4AA6-B2AC-434BA7246728} - (no file)
O2 - BHO: (no name) - {EC0CF9BE-DBAA-4C28-AF3A-971AFC5891AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a0cdfadc] rundll32.exe "C:\WINDOWS\system32\ekaydhmb.dll",b
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\gwjguqsi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: cbXRHYop - cbXRHYop.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9856 bytes
Author: SammelLocation: USA PostPosted: Fri Jun 27, 2008 7:01 pm    Post subject:
is someone going to help me? i know your busy but its been like 2 weeks
Author: skywalkr2Location: USA PostPosted: Fri Jun 27, 2008 7:22 pm    Post subject:
Yes. I have been waiting since May 31st! I still haven't had any takers. I think the volunteer support staff must be smaller than the demand right now. I feel your pain!!

I normally can clean my own system, but this time I am totally stuck. I have run every clean that seems to have ever been suggested on here... to no avail.
Author: negster22 PostPosted: Sat Jun 28, 2008 2:52 am    Post subject:
Hi Sammel,

Sorry you have been waiting for so long. Sad

TeaTimer reverses and interferes with any fixes we attempt to make which is why it should not be installed if you are infected. The second link which I included below labelled "disable the active protection components", will describe how to disable TeaTimer and your other security programs that may interfere with the "manual" malware removal process, so we can clean you up.

That Windows Defender error occurs if the service WinDefend is not started. It is safe to ignore that for now.

Please refer to the Bleeping Computer ComboFix Usage Guide to learn how to download and run Combofix. Before running ComboFix, you should install the Recovery Console as directed in the guide, if you have not done that already. Then follow the directions for launching ComboFix, being sure to disable the active protection components of any protect security programs you have running first, including your AV and antispyware programs (Spyware Doctor, TeaTimer, and Windows Defender, as well as your antivirus and firewall). You can re-enable these programs after Combofix has finished, except leave both TeaTimer and Windows Defender OFF!

Please post back your ComboFix log and a new HJT log.
Author: SammelLocation: USA PostPosted: Sat Jun 28, 2008 4:53 am    Post subject:
Hi! Thanks for replying so quickly. I hope I havent been too pushy with you guys, if so, i'm sorry. I really appreciate all the help you guys have given me. So I did what you told me to do, I couldnt figure out how to disable and remove tea timer but i think i got everything else right. so here are the new logs. the first one is the combofix log. i'm going to post the updated HJT log in a new reply to make it easier for you. my machine runs better already, but i want to make sure i have everything off of it because i dont want this to happen again! Thanks again!


combofix log


ComboFix 08-06-20.4 - Samm 2008-06-28 0:16:46.1 - NTFSx86
Running from: C:\Documents and Settings\Samm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samm\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa3fec940.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajepxrok.dll
C:\WINDOWS\system32\atvaohck.dll
C:\WINDOWS\system32\bhummcqe.ini
C:\WINDOWS\system32\bjrtajif.dll
C:\WINDOWS\system32\bmhdyake.ini
C:\WINDOWS\system32\ccmduhkw.ini
C:\WINDOWS\system32\chqvjdio.dll
C:\WINDOWS\system32\cpmumhpk.ini
C:\WINDOWS\system32\dadpfbpc.ini
C:\WINDOWS\system32\eakaviqp.dll
C:\WINDOWS\system32\ekaydhmb.dll
C:\WINDOWS\system32\eowftsyr.ini
C:\WINDOWS\system32\epfsistw.ini
C:\WINDOWS\system32\fhjedafv.dll
C:\WINDOWS\system32\fqvdgpvi.dll
C:\WINDOWS\system32\gavyqyym.dll
C:\WINDOWS\system32\gbnccboe.dll
C:\WINDOWS\system32\grlewqfa.dll
C:\WINDOWS\system32\gtcsvsnf.ini
C:\WINDOWS\system32\gwjguqsi.dll
C:\WINDOWS\system32\hxjyogll.dll
C:\WINDOWS\system32\igpbfths.dll
C:\WINDOWS\system32\ihdespgv.ini
C:\WINDOWS\system32\iqjvqvyp.ini
C:\WINDOWS\system32\ituyxvpy.dll
C:\WINDOWS\system32\janwrgpv.dll
C:\WINDOWS\system32\jfrsrgnl.dll
C:\WINDOWS\system32\jhxrxxmr.ini
C:\WINDOWS\system32\JkkQrqss.ini
C:\WINDOWS\system32\JkkQrqss.ini2
C:\WINDOWS\system32\jwlchkfs.dll
C:\WINDOWS\system32\kaofnssl.dll
C:\WINDOWS\system32\kfylxmxr.ini
C:\WINDOWS\system32\kgewlkhk.dll
C:\WINDOWS\system32\kphmumpc.dll
C:\WINDOWS\system32\kpuikhru.ini
C:\WINDOWS\system32\kryfxvic.dll
C:\WINDOWS\system32\ksxvgomm.dll
C:\WINDOWS\system32\kvjucmup.ini
C:\WINDOWS\system32\lcdrgnoa.dll
C:\WINDOWS\system32\ldtdwbyx.ini
C:\WINDOWS\system32\ljarenug.dll
C:\WINDOWS\system32\llgoyjxh.ini
C:\WINDOWS\system32\lmSuDfhk.ini
C:\WINDOWS\system32\lmSuDfhk.ini2
C:\WINDOWS\system32\lsdbroau.ini
C:\WINDOWS\system32\lwyoyjpw.dll
C:\WINDOWS\system32\mamyyqyu.dll
C:\WINDOWS\system32\mbdbtmcg.dll
C:\WINDOWS\system32\mfcaagik.dll
C:\WINDOWS\system32\mtpowhve.dll
C:\WINDOWS\system32\mxcarwpa.dll
C:\WINDOWS\system32\ntipjutw.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oapsaudi.dll
C:\WINDOWS\system32\ovpxtaap.ini
C:\WINDOWS\system32\ponwnsbv.dll
C:\WINDOWS\system32\psdncouv.ini
C:\WINDOWS\system32\qmpkopwn.dll
C:\WINDOWS\system32\qpnskjnj.ini
C:\WINDOWS\system32\QWyxxyay.ini
C:\WINDOWS\system32\QWyxxyay.ini2
C:\WINDOWS\system32\rdoftemc.dll
C:\WINDOWS\system32\rmmseqva.dll
C:\WINDOWS\system32\rqsushbi.dll
C:\WINDOWS\system32\rsananvw.dll
C:\WINDOWS\system32\shqhmtvk.dll
C:\WINDOWS\system32\slhqswto.dll
C:\WINDOWS\system32\ssruhxis.dll
C:\WINDOWS\system32\tkdyysyf.dll
C:\WINDOWS\system32\tmlpayhj.ini
C:\WINDOWS\system32\tohpmpel.ini
C:\WINDOWS\system32\tqknuafu.ini
C:\WINDOWS\system32\ubsbmmjx.dll
C:\WINDOWS\system32\vlnhrwcw.ini
C:\WINDOWS\system32\wpucwwls.dll
C:\WINDOWS\system32\xowspxbg.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-07-01 21:35 . 2008-07-01 21:35 <DIR> d-------- C:\games
2008-07-01 21:16 . 2008-07-01 21:16 <DIR> d-------- C:\Program Files\GameHouse
2008-07-01 21:12 . 2008-06-21 16:08 <DIR> d-------- C:\Program Files\SGTR Releases
2008-06-27 09:54 . 2008-06-27 09:54 168,865 --a------ C:\omatic.zip
2008-06-26 23:02 . 2008-06-26 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-06-26 22:14 . 2008-06-26 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-06-26 19:30 . 2008-06-26 19:32 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Academy
2008-06-26 16:45 . 2008-06-26 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-06-25 00:28 . 2008-06-25 00:28 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Boomzap
2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Jane s Hotel
2008-06-21 17:51 . 2008-06-21 17:51 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Seeds
2008-06-21 16:22 . 2008-06-21 16:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-21 14:35 . 2008-06-21 14:35 <DIR> d-------- C:\WINDOWS\Travel Agency
2008-06-21 02:46 . 2008-06-21 15:47 <DIR> d-------- C:\Program Files\Wildlife Park
2008-06-21 00:43 . 2008-06-21 16:33 <DIR> d-------- C:\Program Files\Tribal Trouble
2008-06-20 23:33 . 2008-06-20 23:33 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-06-20 15:50 . 2008-06-20 19:21 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2008-06-20 03:22 . 2008-06-20 03:28 <DIR> d-------- C:\Program Files\trailer park tycoon
2008-06-12 00:49 . 2008-06-12 00:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-12 00:47 . 2008-06-12 00:47 5,154,304 --a------ C:\WindowsDefender.msi
2008-06-11 22:34 . 2008-06-11 22:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:34 . 2008-06-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:32 . 2008-06-11 22:32 9,722,720 --a------ C:\spybotsd152.exe
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Program Files\CCleaner
2008-06-11 20:50 . 2008-06-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 20:49 . 2008-06-11 20:49 <DIR> d-------- C:\HJT
2008-06-11 15:08 . 2008-06-11 15:08 321,536 --a------ C:\WINDOWS\system32\yayxxyWQ.dll
2008-06-11 13:48 . 2008-06-11 13:48 321,536 --a------ C:\WINDOWS\system32\khfDuSml.dll
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:28 . 2008-06-22 14:32 <DIR> d-------- C:\Program Files\Gazillionaire III
2008-06-10 22:01 . 2008-06-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Ludia
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-10 21:33 . 2008-06-10 21:33 <DIR> d-------- C:\WINDOWS\Hell's Kitchen
2008-06-10 20:37 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Youdagames
2008-06-10 19:54 . 2008-06-10 19:56 <DIR> d-------- C:\Program Files\Mall Tycoon 3
2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\Program Files\BFG
2008-06-10 15:34 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-06-10 15:10 . 2008-06-21 16:23 <DIR> d-------- C:\Program Files\Flower Stand Tycoon
2008-06-10 15:01 . 2008-06-21 00:41 <DIR> d-------- C:\Program Files\Plant Tycoon
2008-06-10 14:40 . 2008-06-10 14:40 385 --a------ C:\1.exe
2008-06-10 13:32 . 2008-06-10 15:10 4,050 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-09 21:29 . 2008-06-21 00:41 <DIR> d-------- C:\WINDOWS\Kudos Rock Legend
2008-06-09 20:16 . 2008-06-09 20:18 <DIR> d-------- C:\Program Files\Animal Paradise Tycoon
2008-06-09 19:45 . 2008-06-09 19:45 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-09 19:41 . 2008-06-09 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-09 19:28 . 2008-06-09 19:33 <DIR> d-------- C:\Program Files\WinAce
2008-06-08 23:39 . 2008-06-08 23:39 <DIR> d-------- C:\WINDOWS\The Game Of LIFE PTS
2008-06-08 15:14 . 2008-06-09 18:19 <DIR> d-------- C:\Program Files\National Lampoon's University Tycoon
2008-06-07 21:54 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
2008-06-07 21:24 . 2008-06-21 15:46 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-07 15:53 . 2008-06-07 15:53 <DIR> d-------- C:\Program Files\iWin.com
2008-06-07 15:52 . 2008-06-07 15:52 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\iWinArcade
2008-06-07 15:52 . 2008-06-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-06 22:38 . 2008-06-07 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Free Ride Games
2008-06-06 22:38 . 2007-06-04 14:04 9,774 --------- C:\WINDOWS\FRG.ico
2008-06-06 22:38 . 2008-06-07 02:08 63 --a------ C:\WINDOWS\GPlrLanc.dat
2008-06-04 00:12 . 2008-06-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\Game.INI
2008-06-03 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-01 18:29 . 2008-06-01 18:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Move Networks
2008-05-31 14:09 . 2008-04-01 14:09 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-31 14:02 . 2008-05-31 14:09 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\yoclient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-27 19:09 --------- d-----w C:\Program Files\WildGames
2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\Samm\Application Data\PlayFirst
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-25 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-22 18:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 01:11 --------- d-----w C:\Program Files\Viewpoint
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 01:07 --------- d-----w C:\Program Files\Dell
2008-06-11 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-10 19:06 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-07 21:18 --------- d-----w C:\Program Files\Oberon Media
2008-06-06 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-05-20 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-16 22:01 --------- d-----w C:\Documents and Settings\Samm\Application Data\WildTangent
2008-05-16 21:47 --------- d-----w C:\Program Files\MSN Games
2008-05-15 06:53 --------- d-----w C:\Program Files\Magic Farm
2008-05-15 05:46 --------- d-----w C:\Documents and Settings\Samm\Application Data\Meridian93
2008-05-14 21:27 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-09 17:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 17:49 --------- d-----w C:\Documents and Settings\Samm\Application Data\Corel
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 03:55 --------- d-----w C:\Documents and Settings\Samm\Application Data\Pogo Games
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-20 21:29 168 --sh--r C:\WINDOWS\system32\08F6F1BF63.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03657894-7C44-4EF3-A162-E70D19564373}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d71b45d-44a1-4468-bfba-f45fef76ec1f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c54beea-2f27-407a-88ae-7ba17ee9f4e6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DB28353-8FB8-4A0A-B36E-D6EBC7CD9249}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20cc0e9f-8a82-4161-a7b5-d74547766390}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45FEE5D2-BF08-462B-928A-CA99BF1C9FA7}]
2008-06-11 15:08 321536 --a------ C:\WINDOWS\system32\yayxxyWQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{721fa0e7-71d8-4d1a-aad1-5f44739ddd23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B76B97E-E592-46F3-A7BD-BC5409C62287}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A017609F-47ED-4C01-98B7-73E467DE81F9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cca0f6d2-2920-4df4-8a68-31a4088a2930}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE2A6863-A571-4EBC-ACCA-63A6086D760C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d12a2b59-0961-4da2-a7d5-295902161e22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2E1FBB5-1D67-43AE-B265-B5DB68862FE6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d349e52d-2323-420a-aa42-c1fb684f9081}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46EE5C4-22AF-4AA6-B2AC-434BA7246728}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC0CF9BE-DBAA-4C28-AF3A-971AFC5891AA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"<NO NAME>"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-27 03:18 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-27 03:14:52 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-18 23:38:12 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRHYop]
cbXRHYop.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Samm^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Samm\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-18 12:22 579584 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 20:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 20:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 20:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-27 03:18 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\Westelcom Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 12:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe" [2008-05-05 18:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 04:33:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-27 19:00:22 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 00:30:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-28 0:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 04:40:39

Pre-Run: 21,868,507,136 bytes free
Post-Run: 21,935,276,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

344 --- E O F --- 2008-06-26 18:12:40
Author: SammelLocation: USA PostPosted: Sat Jun 28, 2008 4:56 am    Post subject:
and this is the updated HJT log


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:13 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {45FEE5D2-BF08-462B-928A-CA99BF1C9FA7} - C:\WINDOWS\system32\yayxxyWQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: cbXRHYop - cbXRHYop.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7530 bytes
Author: negster22 PostPosted: Sat Jun 28, 2008 8:30 pm    Post subject:
Hi Sammel,

Don't worry - I am sure you are worried judging from the infected state of your PC, so I do not fault you for trying to get help ASAP. Smile

You can just uninstall Spybot S&D to get rid of TeaTimer. You don't need it.

Please make sure you can View Hidden Files and Folders by doing the following:

1. Click Start
2. Open My Computer
3. Select the Tools menu and click Folder Options
4. Select the View Tab
5. Under the Hidden files and folders heading select Show hidden files and folders
6. Uncheck the Hide protected operating system files (recommended) option
7. Click Yes to confirm
8. Click OK

We have some more files to clean up that we will manually specify for deletion by using a Combofix script. There is another files that I will ask you to upload to Virus Total a threat scanner to see if it tests OK.

It is important that you follow the next set of instructions precisely, and you should also disable active protection programs again, because we will be rerunning ComboFix but in a different way.

Open Notepad by hitting Start -> run, typing notepad into the Open: box, and then clicking OK.
On the Notepad menu, choose "Format" and make sure that Word Wrap is unchecked (disabled).
Copy/paste the text in the code box below into Notepad.
Save this to your desktop as CFScript.txt by selecting File -> Save as.

image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will cause ComboFix to run again.

Please post back the log that is opens when it finishes in your next reply.

Code:

KILLALL::

File::
C:\WINDOWS\system32\yayxxyWQ.dll
C:\WINDOWS\system32\cbXRHYop.dll
C:\1.exe
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\system32\kgewlkhk.dll
C:\WINDOWS\system32\khfDuSml.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03657894-7C44-4EF3-A162-E70D19564373}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d71b45d-44a1-4468-bfba-f45fef76ec1f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c54beea-2f27-407a-88ae-7ba17ee9f4e6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DB28353-8FB8-4A0A-B36E-D6EBC7CD9249}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20cc0e9f-8a82-4161-a7b5-d74547766390}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45FEE5D2-BF08-462B-928A-CA99BF1C9FA7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{721fa0e7-71d8-4d1a-aad1-5f44739ddd23}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRHYop.dll]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B76B97E-E592-46F3-A7BD-BC5409C62287}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A017609F-47ED-4C01-98B7-73E467DE81F9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cca0f6d2-2920-4df4-8a68-31a4088a2930}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE2A6863-A571-4EBC-ACCA-63A6086D760C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d12a2b59-0961-4da2-a7d5-295902161e22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2E1FBB5-1D67-43AE-B265-B5DB68862FE6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d349e52d-2323-420a-aa42-c1fb684f9081}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46EE5C4-22AF-4AA6-B2AC-434BA7246728}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC0CF9BE-DBAA-4C28-AF3A-971AFC5891AA}]



Please upload this file:
C:\WINDOWS\system32\08F6F1BF63.sys

to the Virus Total Scanner by browsing to its folder. Virus Total will employ several scanners to test the file for its threat potential. Please post the result of the scan back here ONLY if threats were noted.

If Virus Total is too busy, you can try the Jotti malware scan page


Next, download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to your operating system drive (the drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode and then launch SDFix, by doing the following :

Please post back the following items in your next reply:
1. The new Combofix log
2. The Virus Total report if any of the scanners reported positive results
3. The SDfix scan report - Report.txt
4. A new HJT log
Author: SammelLocation: USA PostPosted: Sun Jun 29, 2008 1:53 am    Post subject:
Hello and thanks for the quick reply! you guys are great! So i uninstalled Spybot S&D so teatimer should be gone. should i download other spyware programs at some point in time? anyway, i did everything you told me to, precisely. one thing i want to note though is when i initially copied the file to combofix i got a message that said "the system cannot find the file specified" but it ran anyway. I didnt get any infection from the virus tool so here are my new logs. the first is the new combofix, ill post the SDFix and HJT logs in seperate replys to make it a little easier thank you so much once again, i dont know what id do without you. you make everything so easy to understand. I really appreciate it. Cant wait to hear back and move on!



ComboFix 08-06-20.4 - Samm 2008-06-28 18:01:02.2 - NTFSx86
Running from: C:\Documents and Settings\Samm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samm\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\1.exe
C:\WINDOWS\system32\cbXRHYop.dll
C:\WINDOWS\system32\kgewlkhk.dll
C:\WINDOWS\system32\khfDuSml.dll
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\system32\yayxxyWQ.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.exe
C:\WINDOWS\system32\khfDuSml.dll
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\system32\yayxxyWQ.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-07-01 21:35 . 2008-07-01 21:35 <DIR> d-------- C:\games
2008-07-01 21:16 . 2008-07-01 21:16 <DIR> d-------- C:\Program Files\GameHouse
2008-07-01 21:12 . 2008-06-21 16:08 <DIR> d-------- C:\Program Files\SGTR Releases
2008-06-28 01:39 . 2008-06-28 01:39 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Home Sweet Home
2008-06-27 09:54 . 2008-06-27 09:54 168,865 --a------ C:\omatic.zip
2008-06-26 23:02 . 2008-06-26 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-06-26 22:14 . 2008-06-26 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-06-26 19:30 . 2008-06-26 19:32 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Academy
2008-06-26 16:45 . 2008-06-26 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-06-25 00:28 . 2008-06-25 00:28 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Boomzap
2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Jane s Hotel
2008-06-21 17:51 . 2008-06-21 17:51 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Seeds
2008-06-21 16:22 . 2008-06-21 16:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-21 14:35 . 2008-06-21 14:35 <DIR> d-------- C:\WINDOWS\Travel Agency
2008-06-21 02:46 . 2008-06-21 15:47 <DIR> d-------- C:\Program Files\Wildlife Park
2008-06-20 23:33 . 2008-06-20 23:33 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-06-20 15:50 . 2008-06-28 00:43 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2008-06-20 03:22 . 2008-06-20 03:28 <DIR> d-------- C:\Program Files\trailer park tycoon
2008-06-12 00:49 . 2008-06-12 00:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-12 00:47 . 2008-06-12 00:47 5,154,304 --a------ C:\WindowsDefender.msi
2008-06-11 22:34 . 2008-06-28 17:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:34 . 2008-06-28 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:32 . 2008-06-11 22:32 9,722,720 --a------ C:\spybotsd152.exe
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Program Files\CCleaner
2008-06-11 20:50 . 2008-06-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 20:49 . 2008-06-11 20:49 <DIR> d-------- C:\HJT
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:28 . 2008-06-22 14:32 <DIR> d-------- C:\Program Files\Gazillionaire III
2008-06-10 22:01 . 2008-06-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Ludia
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-10 21:33 . 2008-06-10 21:33 <DIR> d-------- C:\WINDOWS\Hell's Kitchen
2008-06-10 20:37 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Youdagames
2008-06-10 19:54 . 2008-06-10 19:56 <DIR> d-------- C:\Program Files\Mall Tycoon 3
2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\Program Files\BFG
2008-06-10 15:34 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-06-10 15:10 . 2008-06-21 16:23 <DIR> d-------- C:\Program Files\Flower Stand Tycoon
2008-06-10 15:01 . 2008-06-21 00:41 <DIR> d-------- C:\Program Files\Plant Tycoon
2008-06-09 21:29 . 2008-06-21 00:41 <DIR> d-------- C:\WINDOWS\Kudos Rock Legend
2008-06-09 20:16 . 2008-06-09 20:18 <DIR> d-------- C:\Program Files\Animal Paradise Tycoon
2008-06-09 19:45 . 2008-06-09 19:45 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-09 19:41 . 2008-06-09 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-09 19:28 . 2008-06-09 19:33 <DIR> d-------- C:\Program Files\WinAce
2008-06-08 23:39 . 2008-06-08 23:39 <DIR> d-------- C:\WINDOWS\The Game Of LIFE PTS
2008-06-08 15:14 . 2008-06-09 18:19 <DIR> d-------- C:\Program Files\National Lampoon's University Tycoon
2008-06-07 21:54 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
2008-06-07 21:24 . 2008-06-21 15:46 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-07 15:53 . 2008-06-07 15:53 <DIR> d-------- C:\Program Files\iWin.com
2008-06-07 15:52 . 2008-06-07 15:52 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\iWinArcade
2008-06-07 15:52 . 2008-06-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-06 22:38 . 2008-06-07 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Free Ride Games
2008-06-06 22:38 . 2007-06-04 14:04 9,774 --------- C:\WINDOWS\FRG.ico
2008-06-06 22:38 . 2008-06-07 02:08 63 --a------ C:\WINDOWS\GPlrLanc.dat
2008-06-04 00:12 . 2008-06-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\Game.INI
2008-06-03 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-01 18:29 . 2008-06-01 18:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Move Networks
2008-05-31 14:09 . 2008-04-01 14:09 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-31 14:02 . 2008-05-31 14:09 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\yoclient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 05:26 --------- d-----w C:\Program Files\WildGames
2008-06-28 04:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\Samm\Application Data\PlayFirst
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-25 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-22 18:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 01:11 --------- d-----w C:\Program Files\Viewpoint
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 01:07 --------- d-----w C:\Program Files\Dell
2008-06-11 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-10 19:06 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-07 21:18 --------- d-----w C:\Program Files\Oberon Media
2008-06-06 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-05-20 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-16 22:01 --------- d-----w C:\Documents and Settings\Samm\Application Data\WildTangent
2008-05-16 21:47 --------- d-----w C:\Program Files\MSN Games
2008-05-15 06:53 --------- d-----w C:\Program Files\Magic Farm
2008-05-15 05:46 --------- d-----w C:\Documents and Settings\Samm\Application Data\Meridian93
2008-05-14 21:27 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-09 17:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 17:49 --------- d-----w C:\Documents and Settings\Samm\Application Data\Corel
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 03:55 --------- d-----w C:\Documents and Settings\Samm\Application Data\Pogo Games
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-20 21:29 168 --sh--r C:\WINDOWS\system32\08F6F1BF63.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 0.40.05.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 04:29:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 22:09:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-27 03:18 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-27 03:14:52 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-18 23:38:12 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRHYop]
cbXRHYop.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Samm^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Samm\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-06-28 01:00 580096 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 20:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 20:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 20:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-27 03:18 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\Westelcom Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 12:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe" [2008-05-05 18:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 22:13:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-27 19:00:22 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 18:10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
.
**************************************************************************
.
Completion time: 2008-06-28 18:23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 22:23:02
ComboFix2.txt 2008-06-28 04:40:46

Pre-Run: 21,996,752,896 bytes free
Post-Run: 21,985,562,624 bytes free

251 --- E O F --- 2008-06-26 18:12:40
Author: SammelLocation: USA PostPosted: Sun Jun 29, 2008 1:54 am    Post subject:
SDFix: Version 1.198
Run by Samm on Sat 06/28/2008 at 09:19 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 21:38:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:bf31f38b
"s2"=dword:5988b622
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c7,35,24,40,2d,d5,6e,e4,63,c6,04,92,cc,61,06,51,19,18,65,e3,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,eb,6f,94,e7,40,6e,3d,15,a7,2e,2f,cd,ed,98,5e,ab,3d,..
"khjeh"=hex:2c,9f,be,f0,a2,28,86,10,5e,52,b7,0a,01,02,e9,b3,6f,d7,b9,5c,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,bb,3d,45,28,3b,e5,42,d5,4d,67,ff,ff,7e,56,47,6b,61,cd,a2,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c7,35,24,40,2d,d5,6e,e4,63,c6,04,92,cc,61,06,51,19,18,65,e3,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,eb,6f,94,e7,40,6e,3d,15,a7,2e,2f,cd,ed,98,5e,ab,3d,..
"khjeh"=hex:2c,9f,be,f0,a2,28,86,10,5e,52,b7,0a,01,02,e9,b3,6f,d7,b9,5c,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,bb,3d,45,28,3b,e5,42,d5,4d,67,ff,ff,7e,56,47,6b,61,cd,a2,da,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 22 Apr 2008 625,664 ..SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 20 Nov 2007 168 ..SHR --- "C:\WINDOWS\system32\08F6F1BF63.sys"
Fri 9 May 2008 56 ..SHR --- "C:\WINDOWS\system32\63BFF1F608.sys"
Fri 9 May 2008 6,686 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 25 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1.tmp"
Sat 27 May 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sat 27 May 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sat 27 May 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Thu 20 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!
Author: SammelLocation: USA PostPosted: Sun Jun 29, 2008 1:55 am    Post subject:
this is my updated HJT log !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:18 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0