CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[IN PROGRESS]Problems after MRP
Goto page 1, 2  Next
 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Thu Jun 12, 2008 6:00 am    Post subject: Problems after MRP
Reply with quote

This is my first time posting in any kind of forum, but i dont know what else to do. I am going to be as detailed as possible because I really want to get this fixed. I believe I have tons of Spyware or some other crap on my computer. My problem started when I got online this morning. I normally use Firefox as a browser. When I opened it up, I got windows popping up telling me my computer was unprotected and I should download blah blah to protect my computer. I did NOT download anything that I was prompted to. I also get popup browsers, that go to all sorts of diffrernt websites such as adult friend finder and other stupid stuff. I tried Internet Exporer and the same thing happens. At first I was able to still navigate around, while looking for technical help but now, no pages will load on either browser except certain technical help pages. Thank goodness you guys are one of the sites that load, although the MRP and anything else on the wiki.castlecorps pages will no longer load. I found you guys from the firefox support page. I printed out the MRP steps on my fathers laptop and followed them TO THE LETTER. I went through the list of programs to remove and removed what I had on the list. Then i got CCcleaner and ATF Cleaner. I followed the directions and then went on to get Spybot S&D and Windows defender. I also have Spyware Doctor from google. I ran them and Spyware doctor runs fine. it detects problems everytime and removes and quarentines them. I spent over an hour waiting for spybot to scan my computer and then when it was complete it froze when i clicked fix problems. it closed my whole computer down. THEN i got windows defender and when i click check for updates it says "the program cant check for definition updates" with an error code 0x80070422. At this point, I dont want to mess my computer up anymore so I am writing you. I havent downloaded any of the antiviral scans, my computer isnt really working enough to do that as none of these pages will load. I took a log before i started the whole MRP process, and another one after i did all of the MRP stuff. I don't know if I am supossed to, but I included both of them in this post. The first one is the one before, the second is the one after. I read all of your rules and I have removed bittorrent and limewire from my computer. I know these are probly why i have this problem to begin with, they wont be going back on. I believe i have followed all of your directions so far, and I hope you can help me out with this. I've been working on all of this since noon and its now 2 am. I'm going to bed
here are the logs. thank you sosososoooo much.
Oh, and one more thing. the only thing i did wrong was download the teatimer thing you said not to. does that make a difference?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:49 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\oapsaudi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7827 bytes


<b> AND THIS IS THE SECOND ONE, DONE AFTER </b>


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:30 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\oapsaudi.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7782 bytes
Back to top
View users profile Send private message Send email
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17403

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Thu Jun 12, 2008 6:32 am    Post subject:
Reply with quote

You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Thu Jun 12, 2008 7:47 pm    Post subject:
Reply with quote

Well I'm ready to go then just tell me what I have to do! my computer is not loading ANY pages now on any browser. But it will load the crap sites that the spyware wants me to go to . Ihope we can get this resolved. This is a huge mess. I think it goes beyond the browsers and internet now. my computer as a whole is SLOW no matter what im doing. Sad boo.
Back to top
View users profile Send private message Send email
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Tue Jun 17, 2008 11:13 pm    Post subject:
Reply with quote

Hi, Its been 5 days And i was just wondering if there is anything I should be doing I dont want to post in unanswered logs yet because its only been the minimum 5 days and i know you guys are super busy. But i miss my computer. thanks! keep up the awesome work!
Back to top
View users profile Send private message Send email
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17403

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Sat Jun 21, 2008 8:18 am    Post subject:
Reply with quote

Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).


**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Sat Jun 21, 2008 7:53 pm    Post subject: updated log
Reply with quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:49 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {03657894-7C44-4EF3-A162-E70D19564373} - C:\WINDOWS\system32\cbXRHYop.dll (file missing)
O2 - BHO: (no name) - {0d71b45d-44a1-4468-bfba-f45fef76ec1f} - (no file)
O2 - BHO: (no name) - {1c54beea-2f27-407a-88ae-7ba17ee9f4e6} - (no file)
O2 - BHO: (no name) - {1DB28353-8FB8-4A0A-B36E-D6EBC7CD9249} - (no file)
O2 - BHO: (no name) - {20cc0e9f-8a82-4161-a7b5-d74547766390} - (no file)
O2 - BHO: (no name) - {45FEE5D2-BF08-462B-928A-CA99BF1C9FA7} - C:\WINDOWS\system32\yayxxyWQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {721fa0e7-71d8-4d1a-aad1-5f44739ddd23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7B76B97E-E592-46F3-A7BD-BC5409C62287} - (no file)
O2 - BHO: (no name) - {A017609F-47ED-4C01-98B7-73E467DE81F9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: {0392a880-4a13-86a8-4fd4-02922d6f0acc} - {cca0f6d2-2920-4df4-8a68-31a4088a2930} - C:\WINDOWS\system32\kgewlkhk.dll
O2 - BHO: (no name) - {CE2A6863-A571-4EBC-ACCA-63A6086D760C} - (no file)
O2 - BHO: (no name) - {d12a2b59-0961-4da2-a7d5-295902161e22} - (no file)
O2 - BHO: (no name) - {D2E1FBB5-1D67-43AE-B265-B5DB68862FE6} - (no file)
O2 - BHO: (no name) - {d349e52d-2323-420a-aa42-c1fb684f9081} - (no file)
O2 - BHO: (no name) - {E46EE5C4-22AF-4AA6-B2AC-434BA7246728} - (no file)
O2 - BHO: (no name) - {EC0CF9BE-DBAA-4C28-AF3A-971AFC5891AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a0cdfadc] rundll32.exe "C:\WINDOWS\system32\ekaydhmb.dll",b
O4 - HKLM\..\Run: [BMa3fec940] Rundll32.exe "C:\WINDOWS\system32\gwjguqsi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma/en/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: cbXRHYop - cbXRHYop.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9856 bytes
Back to top
View users profile Send private message Send email
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Fri Jun 27, 2008 7:01 pm    Post subject:
Reply with quote

is someone going to help me? i know your busy but its been like 2 weeks
Back to top
View users profile Send private message Send email
skywalkr2

Trooper
Trooper


Joined: May 29, 2008
Posts: 28
Location: USA
PostPosted: Fri Jun 27, 2008 7:22 pm    Post subject:
Reply with quote

Yes. I have been waiting since May 31st! I still haven't had any takers. I think the volunteer support staff must be smaller than the demand right now. I feel your pain!!

I normally can clean my own system, but this time I am totally stuck. I have run every clean that seems to have ever been suggested on here... to no avail.
Back to top
View users profile Send private message
negster22

Security Expert
Premium Member

Joined: Mar 10, 2004
Posts: 5271

Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Security Experts SRT

PostPosted: Sat Jun 28, 2008 2:52 am    Post subject:
Reply with quote

Hi Sammel,

Sorry you have been waiting for so long. Sad

TeaTimer reverses and interferes with any fixes we attempt to make which is why it should not be installed if you are infected. The second link which I included below labelled "disable the active protection components", will describe how to disable TeaTimer and your other security programs that may interfere with the "manual" malware removal process, so we can clean you up.

That Windows Defender error occurs if the service WinDefend is not started. It is safe to ignore that for now.

Please refer to the Bleeping Computer ComboFix Usage Guide to learn how to download and run Combofix. Before running ComboFix, you should install the Recovery Console as directed in the guide, if you have not done that already. Then follow the directions for launching ComboFix, being sure to disable the active protection components of any protect security programs you have running first, including your AV and antispyware programs (Spyware Doctor, TeaTimer, and Windows Defender, as well as your antivirus and firewall). You can re-enable these programs after Combofix has finished, except leave both TeaTimer and Windows Defender OFF!

Please post back your ComboFix log and a new HJT log.


_________________
Negster22 - MS MVP - Consumer Security 2006-2008 image
Back to top
View users profile Send private message Visit posters website
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Sat Jun 28, 2008 4:53 am    Post subject:
Reply with quote

Hi! Thanks for replying so quickly. I hope I havent been too pushy with you guys, if so, i'm sorry. I really appreciate all the help you guys have given me. So I did what you told me to do, I couldnt figure out how to disable and remove tea timer but i think i got everything else right. so here are the new logs. the first one is the combofix log. i'm going to post the updated HJT log in a new reply to make it easier for you. my machine runs better already, but i want to make sure i have everything off of it because i dont want this to happen again! Thanks again!


combofix log


ComboFix 08-06-20.4 - Samm 2008-06-28 0:16:46.1 - NTFSx86
Running from: C:\Documents and Settings\Samm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samm\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa3fec940.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajepxrok.dll
C:\WINDOWS\system32\atvaohck.dll
C:\WINDOWS\system32\bhummcqe.ini
C:\WINDOWS\system32\bjrtajif.dll
C:\WINDOWS\system32\bmhdyake.ini
C:\WINDOWS\system32\ccmduhkw.ini
C:\WINDOWS\system32\chqvjdio.dll
C:\WINDOWS\system32\cpmumhpk.ini
C:\WINDOWS\system32\dadpfbpc.ini
C:\WINDOWS\system32\eakaviqp.dll
C:\WINDOWS\system32\ekaydhmb.dll
C:\WINDOWS\system32\eowftsyr.ini
C:\WINDOWS\system32\epfsistw.ini
C:\WINDOWS\system32\fhjedafv.dll
C:\WINDOWS\system32\fqvdgpvi.dll
C:\WINDOWS\system32\gavyqyym.dll
C:\WINDOWS\system32\gbnccboe.dll
C:\WINDOWS\system32\grlewqfa.dll
C:\WINDOWS\system32\gtcsvsnf.ini
C:\WINDOWS\system32\gwjguqsi.dll
C:\WINDOWS\system32\hxjyogll.dll
C:\WINDOWS\system32\igpbfths.dll
C:\WINDOWS\system32\ihdespgv.ini
C:\WINDOWS\system32\iqjvqvyp.ini
C:\WINDOWS\system32\ituyxvpy.dll
C:\WINDOWS\system32\janwrgpv.dll
C:\WINDOWS\system32\jfrsrgnl.dll
C:\WINDOWS\system32\jhxrxxmr.ini
C:\WINDOWS\system32\JkkQrqss.ini
C:\WINDOWS\system32\JkkQrqss.ini2
C:\WINDOWS\system32\jwlchkfs.dll
C:\WINDOWS\system32\kaofnssl.dll
C:\WINDOWS\system32\kfylxmxr.ini
C:\WINDOWS\system32\kgewlkhk.dll
C:\WINDOWS\system32\kphmumpc.dll
C:\WINDOWS\system32\kpuikhru.ini
C:\WINDOWS\system32\kryfxvic.dll
C:\WINDOWS\system32\ksxvgomm.dll
C:\WINDOWS\system32\kvjucmup.ini
C:\WINDOWS\system32\lcdrgnoa.dll
C:\WINDOWS\system32\ldtdwbyx.ini
C:\WINDOWS\system32\ljarenug.dll
C:\WINDOWS\system32\llgoyjxh.ini
C:\WINDOWS\system32\lmSuDfhk.ini
C:\WINDOWS\system32\lmSuDfhk.ini2
C:\WINDOWS\system32\lsdbroau.ini
C:\WINDOWS\system32\lwyoyjpw.dll
C:\WINDOWS\system32\mamyyqyu.dll
C:\WINDOWS\system32\mbdbtmcg.dll
C:\WINDOWS\system32\mfcaagik.dll
C:\WINDOWS\system32\mtpowhve.dll
C:\WINDOWS\system32\mxcarwpa.dll
C:\WINDOWS\system32\ntipjutw.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oapsaudi.dll
C:\WINDOWS\system32\ovpxtaap.ini
C:\WINDOWS\system32\ponwnsbv.dll
C:\WINDOWS\system32\psdncouv.ini
C:\WINDOWS\system32\qmpkopwn.dll
C:\WINDOWS\system32\qpnskjnj.ini
C:\WINDOWS\system32\QWyxxyay.ini
C:\WINDOWS\system32\QWyxxyay.ini2
C:\WINDOWS\system32\rdoftemc.dll
C:\WINDOWS\system32\rmmseqva.dll
C:\WINDOWS\system32\rqsushbi.dll
C:\WINDOWS\system32\rsananvw.dll
C:\WINDOWS\system32\shqhmtvk.dll
C:\WINDOWS\system32\slhqswto.dll
C:\WINDOWS\system32\ssruhxis.dll
C:\WINDOWS\system32\tkdyysyf.dll
C:\WINDOWS\system32\tmlpayhj.ini
C:\WINDOWS\system32\tohpmpel.ini
C:\WINDOWS\system32\tqknuafu.ini
C:\WINDOWS\system32\ubsbmmjx.dll
C:\WINDOWS\system32\vlnhrwcw.ini
C:\WINDOWS\system32\wpucwwls.dll
C:\WINDOWS\system32\xowspxbg.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-07-01 21:35 . 2008-07-01 21:35 <DIR> d-------- C:\games
2008-07-01 21:16 . 2008-07-01 21:16 <DIR> d-------- C:\Program Files\GameHouse
2008-07-01 21:12 . 2008-06-21 16:08 <DIR> d-------- C:\Program Files\SGTR Releases
2008-06-27 09:54 . 2008-06-27 09:54 168,865 --a------ C:\omatic.zip
2008-06-26 23:02 . 2008-06-26 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-06-26 22:14 . 2008-06-26 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-06-26 19:30 . 2008-06-26 19:32 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Academy
2008-06-26 16:45 . 2008-06-26 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-06-25 00:28 . 2008-06-25 00:28 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Boomzap
2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Jane s Hotel
2008-06-21 17:51 . 2008-06-21 17:51 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Seeds
2008-06-21 16:22 . 2008-06-21 16:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-21 14:35 . 2008-06-21 14:35 <DIR> d-------- C:\WINDOWS\Travel Agency
2008-06-21 02:46 . 2008-06-21 15:47 <DIR> d-------- C:\Program Files\Wildlife Park
2008-06-21 00:43 . 2008-06-21 16:33 <DIR> d-------- C:\Program Files\Tribal Trouble
2008-06-20 23:33 . 2008-06-20 23:33 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-06-20 15:50 . 2008-06-20 19:21 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2008-06-20 03:22 . 2008-06-20 03:28 <DIR> d-------- C:\Program Files\trailer park tycoon
2008-06-12 00:49 . 2008-06-12 00:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-12 00:47 . 2008-06-12 00:47 5,154,304 --a------ C:\WindowsDefender.msi
2008-06-11 22:34 . 2008-06-11 22:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:34 . 2008-06-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:32 . 2008-06-11 22:32 9,722,720 --a------ C:\spybotsd152.exe
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Program Files\CCleaner
2008-06-11 20:50 . 2008-06-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 20:49 . 2008-06-11 20:49 <DIR> d-------- C:\HJT
2008-06-11 15:08 . 2008-06-11 15:08 321,536 --a------ C:\WINDOWS\system32\yayxxyWQ.dll
2008-06-11 13:48 . 2008-06-11 13:48 321,536 --a------ C:\WINDOWS\system32\khfDuSml.dll
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:28 . 2008-06-22 14:32 <DIR> d-------- C:\Program Files\Gazillionaire III
2008-06-10 22:01 . 2008-06-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Ludia
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-10 21:33 . 2008-06-10 21:33 <DIR> d-------- C:\WINDOWS\Hell's Kitchen
2008-06-10 20:37 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Youdagames
2008-06-10 19:54 . 2008-06-10 19:56 <DIR> d-------- C:\Program Files\Mall Tycoon 3
2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\Program Files\BFG
2008-06-10 15:34 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-06-10 15:10 . 2008-06-21 16:23 <DIR> d-------- C:\Program Files\Flower Stand Tycoon
2008-06-10 15:01 . 2008-06-21 00:41 <DIR> d-------- C:\Program Files\Plant Tycoon
2008-06-10 14:40 . 2008-06-10 14:40 385 --a------ C:\1.exe
2008-06-10 13:32 . 2008-06-10 15:10 4,050 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-09 21:29 . 2008-06-21 00:41 <DIR> d-------- C:\WINDOWS\Kudos Rock Legend
2008-06-09 20:16 . 2008-06-09 20:18 <DIR> d-------- C:\Program Files\Animal Paradise Tycoon
2008-06-09 19:45 . 2008-06-09 19:45 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-09 19:41 . 2008-06-09 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-09 19:28 . 2008-06-09 19:33 <DIR> d-------- C:\Program Files\WinAce
2008-06-08 23:39 . 2008-06-08 23:39 <DIR> d-------- C:\WINDOWS\The Game Of LIFE PTS
2008-06-08 15:14 . 2008-06-09 18:19 <DIR> d-------- C:\Program Files\National Lampoon's University Tycoon
2008-06-07 21:54 . 2008-07-01 21:33 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
2008-06-07 21:24 . 2008-06-21 15:46 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-07 15:53 . 2008-06-07 15:53 <DIR> d-------- C:\Program Files\iWin.com
2008-06-07 15:52 . 2008-06-07 15:52 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\iWinArcade
2008-06-07 15:52 . 2008-06-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-06 22:38 . 2008-06-07 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Free Ride Games
2008-06-06 22:38 . 2007-06-04 14:04 9,774 --------- C:\WINDOWS\FRG.ico
2008-06-06 22:38 . 2008-06-07 02:08 63 --a------ C:\WINDOWS\GPlrLanc.dat
2008-06-04 00:12 . 2008-06-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\Game.INI
2008-06-03 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-01 18:29 . 2008-06-01 18:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Move Networks
2008-05-31 14:09 . 2008-04-01 14:09 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-31 14:02 . 2008-05-31 14:09 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\yoclient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-27 19:09 --------- d-----w C:\Program Files\WildGames
2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\Samm\Application Data\PlayFirst
2008-06-27 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-25 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-22 18:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 01:11 --------- d-----w C:\Program Files\Viewpoint
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 01:07 --------- d-----w C:\Program Files\Dell
2008-06-11 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-10 19:06 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-07 21:18 --------- d-----w C:\Program Files\Oberon Media
2008-06-06 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-05-20 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-16 22:01 --------- d-----w C:\Documents and Settings\Samm\Application Data\WildTangent
2008-05-16 21:47 --------- d-----w C:\Program Files\MSN Games
2008-05-15 06:53 --------- d-----w C:\Program Files\Magic Farm
2008-05-15 05:46 --------- d-----w C:\Documents and Settings\Samm\Application Data\Meridian93
2008-05-14 21:27 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-09 17:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 17:49 --------- d-----w C:\Documents and Settings\Samm\Application Data\Corel
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 03:55 --------- d-----w C:\Documents and Settings\Samm\Application Data\Pogo Games
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-20 21:29 168 --sh--r C:\WINDOWS\system32\08F6F1BF63.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03657894-7C44-4EF3-A162-E70D19564373}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d71b45d-44a1-4468-bfba-f45fef76ec1f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c54beea-2f27-407a-88ae-7ba17ee9f4e6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DB28353-8FB8-4A0A-B36E-D6EBC7CD9249}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20cc0e9f-8a82-4161-a7b5-d74547766390}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45FEE5D2-BF08-462B-928A-CA99BF1C9FA7}]
2008-06-11 15:08 321536 --a------ C:\WINDOWS\system32\yayxxyWQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{721fa0e7-71d8-4d1a-aad1-5f44739ddd23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B76B97E-E592-46F3-A7BD-BC5409C62287}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A017609F-47ED-4C01-98B7-73E467DE81F9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cca0f6d2-2920-4df4-8a68-31a4088a2930}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE2A6863-A571-4EBC-ACCA-63A6086D760C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d12a2b59-0961-4da2-a7d5-295902161e22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2E1FBB5-1D67-43AE-B265-B5DB68862FE6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d349e52d-2323-420a-aa42-c1fb684f9081}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E46EE5C4-22AF-4AA6-B2AC-434BA7246728}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC0CF9BE-DBAA-4C28-AF3A-971AFC5891AA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"<NO NAME>"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-27 03:18 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-27 03:14:52 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-18 23:38:12 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRHYop]
cbXRHYop.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Samm^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Samm\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-18 12:22 579584 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 20:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 20:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 20:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-27 03:18 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\Westelcom Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 12:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe" [2008-05-05 18:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 04:33:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-27 19:00:22 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 00:30:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-28 0:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 04:40:39

Pre-Run: 21,868,507,136 bytes free
Post-Run: 21,935,276,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

344 --- E O F --- 2008-06-26 18:12:40
Back to top
View users profile Send private message Send email
Sammel

Trooper
Trooper


Joined: Jun 12, 2008
Posts: 15
Location: USA
PostPosted: Sat Jun 28, 2008 4:56 am    Post subject:
Reply with quote

and this is the updated HJT log


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:13 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {45FEE5D2-BF08-462B-928A-CA99BF1C9FA7} - C:\WINDOWS\system32\yayxxyWQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD