Help - Search - Members - Calendar
Full Version: dcads/spa_start Removal Help Needed
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
itsmeveve
Jan 2 2008, 07:36 PM
I am a new member and hope I get this right for posting. The computer is offline so I updated as well as I could manualy before running these scans. In this computer something created many user accounts in witch many pictures were added to take up all of the hard drive space. I have deleted the many folders of user accounts and the pictures to free up some room. My grandson was the last to use this computer and I suspect that he picked something up from limewire. Your help with this matter is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 1:47:47 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\awtrrrp.dll
O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nshCB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3} - C:\WINDOWS\system32\qqtqnio.dll (file missing)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: (no name) - {BD16AA05-7045-4A15-A9FE-0E8CC5CB9083} - C:\Program Files\MSN\potegy4444.dll (file missing)
O2 - BHO: (no name) - {EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF} - C:\Program Files\MSN\potegy83122.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: awtrrrp - C:\WINDOWS\SYSTEM32\awtrrrp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe







Ad-Aware 2007 Build
Log File Created on: 2008-01-02 01:06:26
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: CONNIE
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: Intel® Celeron® CPU 2.70GHz
Memory Available: 38%
Total Physical Memory: 795848704 Bytes
Available Physical Memory: 300253184 Bytes
Total Page File Size: 1142681600 Bytes
Available On Page File: 686178304 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1991036928 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 31
Build Number: 0
Build Date and Time: 2007/11/05 03:13:33

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 544534
Infections Detected: 3
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 1 1

Infections Found
===========================
Family Id: 229 Name: BroadCastPC Category: DataMiner TAI:7
Item Id: 3587 Value: File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\MOM\Recent Count: 7
Item Id: 2 Value: MRU Registry Key: S-1-5-21-77883839-1442915135-3015422921-1077\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sxs.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\winmm.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cscdll.dll

c:\program files\softex\omnipass\opxpgina.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\awtrrrp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshisn.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\wship6.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\browser.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\6to4svc.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wship6.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\resutils.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasauto.dll

c:\windows\system32\ipxwan.dll

c:\windows\system32\adptif.dll

c:\windows\system32\icmp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\advpack.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wbemcons.dll

C:\PROGRAM FILES\SOFTEX\OMNIPASS\OPXPAPP.EXE
c:\program files\softex\omnipass\opxpapp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\program files\softex\omnipass\ginastub.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\softex\omnipass\sftxtgp.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wship6.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
c:\program files\common files\symantec shared\ccsvchst.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\ccset.dll

c:\progra~1\common~1\symant~1\ccsetplg.dll

c:\progra~1\norton~2\avpsvc32.dll

c:\windows\system32\shell32.dll

c:\progra~1\norton~2\avpsvc32.loc

c:\program files\norton antivirus\avsubmit.dll

c:\program files\norton antivirus\avsubmit.loc

c:\progra~1\norton~2\isdatasv.dll

c:\progra~1\common~1\symant~1\npc\npcwmimn.dll

c:\progra~1\common~1\symant~1\sndsvc.dll

c:\windows\system32\iphlpapi.dll

c:\program files\common files\symantec shared\ccl60.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\progra~1\common~1\symant~1\submis~1\subeng.dll

c:\progra~1\common~1\symant~1\submis~1\subres.loc

c:\progra~1\common~1\symant~1\spbbc\tprocplg.dll

c:\windows\system32\msi.dll

c:\progra~1\common~1\symant~1\ccevtplg.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pifeng.dll

c:\windows\system32\userenv.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\netman.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

c:\program files\common files\symantec shared\ccevtcli.dll

c:\progra~1\common~1\symant~1\firewall\fwagent.dll

c:\progra~1\common~1\symant~1\spbbc\spbbcevt.dll

c:\progra~1\common~1\symant~1\srtsp\srtsp32.dll

c:\windows\system32\rsaenh.dll

c:\program files\norton antivirus\setevthp.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\progra~1\common~1\symant~1\ccsetevt.dll

c:\windows\system32\atl71.dll

c:\progra~1\norton~2\navevent.dll

c:\windows\system32\symneti.dll

c:\program files\norton antivirus\isdatacl.dll

c:\program files\common files\symantec shared\antivirus\avifc.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\program files\common files\symantec shared\firewall\fwhelper.dll

c:\program files\norton antivirus\fwplugin.dll

c:\program files\norton antivirus\fwevent.dll

c:\progra~1\common~1\symant~1\opc\{31011~1\cltnetcn.dll

c:\program files\norton antivirus\imcfg.dll

c:\program files\common files\symantec shared\spbbc\bbrgen.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pollmgr.dll

c:\progra~1\common~1\symant~1\submis~1\subconn.dll

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\cceraser.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wship6.dll

c:\windows\system32\rasadhlp.dll

c:\program files\common files\symantec shared\qbackup.dll

c:\program files\common files\symantec shared\npc\npcwmidt.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\program files\norton antivirus\navlogv.dll

c:\program files\norton antivirus\navlogv.loc

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
c:\program files\common files\symantec shared\appcore\appsvc32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\program files\common files\symantec shared\appcore\appset32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\antivirus\avscan.dll

c:\windows\system32\userenv.dll

c:\program files\common files\symantec shared\antivirus\av.loc

c:\program files\common files\symantec shared\antivirus\avdefmgr.dll

c:\program files\common files\symantec shared\defutdcd.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasadhlp.dll

c:\program files\common files\symantec shared\antivirus\avmodule.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\symantec shared\qbackup.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\netapi32.dll

c:\program files\common files\symantec shared\antivirus\avexclu.dll

c:\program files\common files\symantec shared\srtsp\srtsp32.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\windows\system32\msi.dll

c:\progra~1\common~1\symant~1\ccevtcli.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\apphelp.dll

c:\program files\common files\symantec shared\ccscanw.dll

c:\program files\common files\symantec shared\ecmldr32.dll

c:\program files\common files\symantec shared\msl\msl.dll

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\cceraser.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\ecmsvr32.dll

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\navex32a.dll

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\naveng32.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\cnbjmon2.dll

c:\windows\system32\hpzll4pi.dll

c:\windows\system32\mdimon.dll

c:\windows\system32\msi.dll

c:\windows\system32\fxsmon.dll

c:\windows\system32\fxsevent.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
c:\program files\symantec\liveupdate\aluschedulersvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\program files\symantec\liveupdate\msvcp71.dll

c:\program files\symantec\liveupdate\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\version.dll

c:\windows\system32\netapi32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\symantec\liveupdate\pslucomserver_3_1.dll

c:\windows\system32\msi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasadhlp.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
c:\windows\system32\wdfmgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\actxprxy.dll

c:\program files\microsoft antispyware\shellextension.dll

c:\windows\system32\awtrrrp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wship6.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\upnpui.dll

c:\windows\system32\upnp.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\msi.dll

c:\windows\system32\fxsst.dll

c:\windows\system32\winspool.drv

c:\windows\system32\fxsapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\mlang.dll

c:\windows\system32\sxs.dll

c:\windows\system32\dsound.dll

c:\program files\common files\symantec shared\npc\nscext.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\browselc.dll

c:\windows\system32\mpr.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\drprov.dll

c:\windows\system32\davclnt.dll

c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

c:\windows\system32\duser.dll

c:\program files\common files\ahead\lib\nerodigitalext.dll

c:\program files\common files\ahead\lib\mfc71.dll

c:\windows\system32\mfc71enu.dll

c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

c:\program files\nero\nero 7\nero backitup\nbshell.dll

c:\program files\nero\nero 7\nero backitup\mfc71u.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\wsock32.dll

c:\progra~1\winzip\wzshlstb.dll

c:\program files\winrar\rarext.dll

c:\program files\wordperfect office 11\programs\pfim110en.dll

c:\windows\system32\igfxpph.dll

c:\windows\system32\hccutils.dll

c:\windows\system32\igfxres.dll

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\igfxdev.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\comdlg32.dll

c:\progra~1\norton~2\navshext.dll

c:\progra~1\norton~2\navshext.loc

c:\progra~1\trojan~1.0\contmenu.dll

c:\program files\wordperfect office 11\programs\pfse110.dll

c:\program files\softex\omnipass\opshelle.dll

c:\program files\softex\omnipass\opcomm.dll

c:\program files\softex\omnipass\opfscure.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\asfsipc.dll

c:\windows\system32\msisip.dll

c:\windows\system32\wshext.dll

c:\progra~1\micros~2\office11\mcps.dll

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\sprt_ads.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
c:\program files\common files\symantec shared\ccapp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\symneti.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\userenv.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\ccset.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\appcore\appplg32.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\windows\system32\atl71.dll

c:\program files\common files\symantec shared\appcore\appset32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\progra~1\common~1\symant~1\ccalert.dll

c:\progra~1\common~1\symant~1\ccemlpxy.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\xpsp2res.dll

c:\program files\norton antivirus\fwalert.dll

c:\program files\norton antivirus\fwalres.dll

c:\progra~1\norton~2\defalert.dll

c:\progra~1\norton~2\avpapp32.dll

c:\program files\common files\symantec shared\npc\npctray.dll

c:\program files\common files\symantec shared\cf\pep2.dll

c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll

c:\program files\common files\symantec shared\coh\seshlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msctf.dll

c:\progra~1\norton~2\avpapp32.loc

c:\program files\common files\symantec shared\npc\datapvdr.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\program files\common files\symantec shared\npc\nschlpr2.dll

c:\program files\common files\symantec shared\ccsetevt.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\program files\common files\symantec shared\antivirus\avifc.dll

c:\program files\norton antivirus\fwevent.dll

c:\program files\norton antivirus\isdatacl.dll

c:\windows\system32\msi.dll

c:\program files\norton antivirus\setevthp.dll

c:\progra~1\common~1\symant~1\ccevtcli.dll

c:\progra~1\common~1\symant~1\rcemlpxy.dll

c:\windows\system32\symredir.dll

c:\program files\common files\symantec shared\npc\pcstatus.dll

c:\program files\common files\symantec shared\npc\uilicplg.dll

c:\program files\common files\symantec shared\antivirus\avmail.dll

c:\program files\common files\symantec shared\npc\nscwscr2.dll

c:\program files\common files\symantec shared\npc\npcwmicl.dll

c:\program files\common files\symantec shared\npc\npcwmidt.dll

c:\program files\common files\symantec shared\antivirus\avexclu.dll

c:\program files\common files\symantec shared\npc\pepevnt.dll

c:\program files\common files\symantec shared\npc\nscext.dll

c:\program files\common files\symantec shared\npc\uicntnr.dll

c:\program files\common files\symantec shared\symtheme\1.0\symtheme.dll

c:\program files\common files\symantec shared\symhtml\1.0\symhtml.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\winmm.dll

c:\program files\norton antivirus\isstatus.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\urlmon.dll

c:\program files\common files\symantec shared\cf\cfv2pack.dll

c:\program files\common files\symantec shared\cf\cfepack.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\alertui.dll

c:\windows\system32\msimg32.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

c:\program files\common files\symantec shared\npc\nscext.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ieui.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\setupapi.dll

c:\program files\microsoft office\office11\msohev.dll

c:\program files\internet explorer\ieproxy.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\mlang.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\yahoo!\companion\installs\cpn2\yt.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\sxs.dll

c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\adssite_sidebar.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\oledlg.dll

c:\windows\system32\msi.dll

c:\program files\microsoft money\system\mnyside.dll

c:\program files\microsoft money\system\misstub.dll

c:\windows\system32\awtrrrp.dll

c:\windows\system32\sprt_ads.dll

c:\windows\system32\dnsapi.dll

c:\program files\spybot - search & destroy\sdhelper.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\nshcb.dll

c:\windows\system32\msvcp60.dll

c:\program files\java\jre1.6.0_02\bin\ssv.dll

c:\windows\system32\rsaenh.dll

c:\program files\yahoo!\companion\installs\cpn2\pubmod.dll

c:\program files\yahoo!\companion\installs\cpn2\ypubc.dll

c:\program files\yahoo!\companion\installs\cpn2\ytantispy.dll

c:\windows\system32\actxprxy.dll

c:\program files\yahoo!\companion\installs\cpn2\ymeremote.dll

c:\program files\common files\symantec shared\npc\nscext.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\ieapfltr.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\jscript.dll

c:\windows\system32\imgutil.dll

c:\windows\system32\pngfilt.dll

c:\windows\system32\mshtmled.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\symantec shared\npc\nscext.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\olepro32.dll

End of Scan Section
===========================

Quarantined Infections
===========================
File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe belonging to BroadCastPC
File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe, Belonging to BroadCastPC

End Quarantine / Cleaned Infection Log
===========================

Cleaned Infections
===========================
MRU Path: C:\Documents and Settings\MOM\Recent Count: 7, Belonging to MRU Object
MRU Registry Key: S-1-5-21-77883839-1442915135-3015422921-1077\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1, Belonging to MRU Object

End of Cleaned Infections
===========================


miekiemoes
Jan 3 2008, 01:58 PM
Hi,

* Download ComboFix from here.
**Save it to your desktop**

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

* Doubleclick combofix.exe
Follow the prompts.
Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.
Don't click on the window while the fix is running, because that will cause your system to hang.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
itsmeveve
Jan 3 2008, 09:01 PM
Ok I ran combo fix from the desk top, by downloading it to my computer and paste it to a flash drive then paste to the "sick" computer desktop.

I got to where it said :
Please wait
ComboFix is preparing to run.

then I got an swreg.cfexe - Application Error

The instruction at "0x7c911de" referenced memory at "0x00200064". The memory could not be "read". Click ok to terminate the program


Gave me no other choice then to click ok so I clicked that and it is sitting on the desktop I am assuming going through the program anyways. Showing me the Disclaimer and asking me to type 1 to continue or 2 to abort.

I am just waiting to see if it is ok to go ahead with it when it got a bad start or to reboot the computer and start all over. If need be this computer can be put online to download into it if that would help just havent done that in case of infecting our network.
miekiemoes
Jan 3 2008, 09:18 PM
Hi,

QUOTE
Showing me the Disclaimer and asking me to type 1 to continue or 2 to abort.
Yes, type 1 to continue.
In case you get the error again, download Combofix from the infected computer and make sure your Norton doesn't delete any related components.
itsmeveve
Jan 3 2008, 10:31 PM
ComboFix 08-01-03.4 - MOM 2008-01-03 16:39:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -5:00]
Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\system32\awtrrrp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nshCB.dll
C:\WINDOWS\system32\nsz10B.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z1\aroblcidr31z.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SVCHOST


((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f
2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft
2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS
2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec
2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic
2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView
2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute
2007-12-30 13:33 . 2007-12-30 14:05 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-30 13:33 . 2007-12-30 14:05 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-30 13:33 . 2007-12-30 14:05 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-30 13:33 . 2007-12-30 14:05 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-30 13:32 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 13:31 . 2007-12-30 14:03 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-12-29 09:07 . 2007-12-29 09:07 128 --a------ C:\Documents and Settings\chance.CONNIE\services.exe
2007-12-29 09:01 . 2007-12-29 09:01 128 --a------ C:\Documents and Settings\Owner\services.exe
2007-12-28 18:11 . 2007-12-28 18:11 712,704 --a------ C:\WINDOWS\system32\rlph.dll
2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2007-12-28 17:18 . 2008-01-01 19:12 1,306 --ahs---- C:\WINDOWS\system32\ffhkj.ini2
2007-12-28 17:18 . 2008-01-01 19:14 1,306 --ahs---- C:\WINDOWS\system32\ffhkj.ini
2007-12-28 17:16 . 2007-12-28 17:16 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 17:15 . 2007-12-28 17:15 <DIR> d-------- C:\Program Files\Adssite Games Collection
2007-12-28 17:15 . 2007-12-28 17:15 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-28 17:13 . 2007-12-31 06:56 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2007-12-28 17:13 . 2007-12-28 17:13 134 --a------ C:\n.bat
2007-12-28 17:12 . 2007-12-30 21:43 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-28 17:12 . 2007-12-28 17:58 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-28 17:12 . 2007-12-30 21:38 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-28 17:12 . 2007-12-28 17:12 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-28 17:12 . 2007-12-28 17:13 <DIR> d-------- C:\TEMP\cEeer12
2007-12-28 16:46 . 2007-12-28 18:09 380,928 --------- C:\WINDOWS\system32\rlls.dll_tobedeleted
2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-28 16:36 . 2007-12-28 17:07 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-28 16:35 . 2007-12-28 16:35 <DIR> d-------- C:\Program Files\Dcads Games Collection
2007-12-28 16:35 . 2007-12-28 17:07 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-28 16:35 . 2007-12-28 17:54 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 07:34 . 2007-12-28 07:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio
2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2007-12-24 15:08 . 2007-12-30 14:00 <DIR> d-------- C:\Program Files\Napster
2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2007-12-24 08:02 . 2007-12-24 08:02 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 02:08 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 03:28 --------- d-----w C:\Program Files\Trojan Remover
2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant
2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-30 19:07 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-30 19:01 --------- d-----w C:\Program Files\QuickTime
2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-30 19:01 --------- d-----w C:\Program Files\iTunes
2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE
2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat
2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG
.
CODE
----a-w            53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w            61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w            94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w            90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w            49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w            49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w           278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w            53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w           323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w            26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w            98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w            98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w         1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w           295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w         1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w            50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w           385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w            77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w            57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w         4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w         4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w         4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w         4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w         4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w         6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w           158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w           118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w           483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w           155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w           155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w            81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe



-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 08:02 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3}]
C:\WINDOWS\system32\qqtqnio.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD16AA05-7045-4A15-A9FE-0E8CC5CB9083}]
C:\Program Files\MSN\potegy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF}]
C:\Program Files\MSN\potegy83122.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 01:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-12-30 14:27 517768]
"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 15:20 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [2007-12-30 16:55 4670968]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2007-12-30 14:05:47]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk
backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
2007-12-30 17:53 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
2007-12-30 20:30 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2007-12-30 15:21 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-30 15:08 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2007-12-30 15:20 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
2007-12-30 20:45 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-30 14:40 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-12-30 15:25 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2007-12-30 14:40 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2007-12-30 17:53 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-12-30 21:38 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 15:20 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2007-12-30 17:53 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2007-12-30 15:20 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 20:55 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2007-12-30 14:41 81920 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2007-12-30 15:23 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2007-12-30 21:34 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\spads.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-30 20:44 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2007-12-30 17:53 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2007-12-30 20:56 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"omniserv"=2 (0x2)
"iPodService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

.
Contents of the 'Scheduled Tasks' folder
"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-12-29 01:00:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-01-03 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N
"2008-01-03 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N
"2008-01-03 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 17:05:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-01-03 17:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 22:12:22
.
2007-12-30 21:32:20 --- E O F ---
itsmeveve
Jan 3 2008, 10:31 PM
Logfile of HijackThis v1.99.1
Scan saved at 5:33:57 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3} - C:\WINDOWS\system32\qqtqnio.dll (file missing)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: (no name) - {BD16AA05-7045-4A15-A9FE-0E8CC5CB9083} - C:\Program Files\MSN\potegy4444.dll (file missing)
O2 - BHO: (no name) - {EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF} - C:\Program Files\MSN\potegy83122.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

miekiemoes
Jan 4 2008, 06:32 AM
Hi,

This looks really nasty. I also want to make you aware of the fact that you should change ALL your passwords afterwards, the passwords you use online + the passwords for your mailaccounts since they are known.

Do next please..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

CODE
File::
C:\WINDOWS\system32\rlls.dll_tobedeleted
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar.dll
C:\Documents and Settings\chance.CONNIE\services.exe
C:\Documents and Settings\Owner\services.exe
C:\WINDOWS\system32\rlph.dll
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\n.bat


Folder::
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Dcads Games Collection
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\aj2
C:\TEMP\cEeer12
C:\Program Files\Adssite Games Collection

RENV::
C:\hp\bin\AUTOTKIT .EXE
C:\hp\KBD\KBD .EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\Napster\napster .exe
C:\Program Files\Norton AntiVirus\osCheck .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealOne Player\realplay .exe
C:\Program Files\Trojan Remover\Trjscan .exe
C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
C:\Program Files\Yahoo!\browser\ybrwicon .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\ps2 .exe

Dirlook::
C:\WINDOWS\system32\1428841f

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD16AA05-7045-4A15-A9FE-0E8CC5CB9083}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.



I also see your Internet Connection, LSP chain got broken, so do next as well please..

Go to start > run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
hit enter.

Reboot

This should solve your broken connection.
itsmeveve
Jan 4 2008, 04:46 PM
I have one more question.. grandson had his flash drive in the infected computer I wonder if we have to be concerned about any files he may have put on the flash drive being infected?

also about the passwords was something in those logs that showed the passwords (I wasnt sure I posted those right since part of what I posted ended up in some pink code box) that you noticed or was there spyware that would have found passwords? Im just curious if I posted it wrong or if it was something else.

Ok I followed your instructions above and got the same error as the first time and then the program ran just as before. below are the new logs you asked for.



ComboFix 08-01-03.4 - MOM 2008-01-04 11:36:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.456 [GMT -5:00]
Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MOM\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\chance.CONNIE\services.exe
C:\Documents and Settings\Owner\services.exe
C:\n.bat
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\rlls.dll_tobedeleted
C:\WINDOWS\system32\rlph.dll
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\chance.CONNIE\services.exe
C:\Documents and Settings\Owner\services.exe
C:\n.bat
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Free Offers from Freeze.com\bingocafe.ico
C:\Program Files\Free Offers from Freeze.com\bingocafe.url
C:\Program Files\Free Offers from Freeze.com\ebay.ico
C:\Program Files\Free Offers from Freeze.com\ebay.url
C:\Program Files\Free Offers from Freeze.com\mcc.ico
C:\Program Files\Free Offers from Freeze.com\mcc.url
C:\TEMP\cEeer12
C:\TEMP\cEeer12\skAt.log
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\aj2\bumebrpl5.exe
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\rlls.dll_tobedeleted
C:\WINDOWS\system32\rlph.dll
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f
2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft
2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS
2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec
2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic
2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView
2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute
2007-12-30 13:33 . 2007-12-30 14:05 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-30 13:33 . 2007-12-30 14:05 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-30 13:33 . 2007-12-30 14:05 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-30 13:33 . 2007-12-30 14:05 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-30 13:32 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 13:31 . 2007-12-30 14:03 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio
2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2007-12-24 15:08 . 2007-12-30 14:00 <DIR> d-------- C:\Program Files\Napster
2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 03:28 --------- d-----w C:\Program Files\Trojan Remover
2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant
2007-12-30 19:41 81,920 ----a-w C:\WINDOWS\system32\ps2.exe
2007-12-30 19:40 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe
2007-12-30 19:40 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2007-12-30 19:40 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 19:40 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-30 19:07 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-30 19:01 --------- d-----w C:\Program Files\QuickTime
2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-30 19:01 --------- d-----w C:\Program Files\iTunes
2007-12-30 18:31 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE
2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat
2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG
.
CODE
----a-w            53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w            61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w            94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w            90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w            49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w            49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w           278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w            53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w           323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w            26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w            98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w            98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w         1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w           295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w         1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w            50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w           385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w            77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w            57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w         4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w         4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w         4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w         4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w         4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w         6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w           158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w           118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w           483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w           155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w           155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w            81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe



(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\1428841f ----

C:\WINDOWS\system32\1428841f\


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 01:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-12-30 14:27 517768]
"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 15:20 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [2007-12-30 16:55 4670968]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2007-12-30 14:05:47]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk
backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
2007-12-30 17:53 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
2007-12-30 20:30 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2007-12-30 15:21 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-30 15:08 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2007-12-30 15:20 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
2007-12-30 20:45 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-30 14:40 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-12-30 15:25 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2007-12-30 14:40 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2007-12-30 17:53 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-12-30 21:38 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 15:20 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2007-12-30 17:53 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2007-12-30 15:20 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 20:55 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2007-12-30 14:41 81920 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2007-12-30 15:23 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2007-12-30 21:34 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-30 20:44 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2007-12-30 17:53 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2007-12-30 20:56 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"omniserv"=2 (0x2)
"iPodService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

.
Contents of the 'Scheduled Tasks' folder
"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-12-29 01:00:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-01-03 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N
"2008-01-04 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N
"2008-01-03 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 11:45:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-01-04 11:46:54
ComboFix-quarantined-files.txt 2008-01-04 16:46:30
ComboFix2.txt 2008-01-03 22:12:28
.
2007-12-30 21:32:20 --- E O F ---

itsmeveve
Jan 4 2008, 04:47 PM
Logfile of HijackThis v1.99.1
Scan saved at 11:53:44 AM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

miekiemoes
Jan 4 2008, 06:29 PM
Hi,

Please check and fix next entries in HijackThis:

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

They are legitimate files, but in this case they are infected, so we have to disable them and replace them afterwards+restore these entries via the HijackThis backup option AFTERWARDS. Do NOT use msconfig, because that may cause a reinfection again.
The Renv:: part in the CFScript failed, so we'll have to do this again.

After you have checked and fixed above entries in HijackThis,

* Please download RenV.exe to your desktop.
Doubleclick RenV.exe to run it. It will produce a log - please copy and paste the contents of the log in your next reply.
miekiemoes
Jan 4 2008, 06:33 PM
Also, to answer some questions..

QUOTE
I have one more question.. grandson had his flash drive in the infected computer I wonder if we have to be concerned about any files he may have put on the flash drive being infected?
You are indeed dealing with a file infector, but this infector only infects files running from the Run entries in the registry, this means, programs that start up with Windows. So as long as you didn't put any of these files (wonder why you should do that anyway) on your flashdrive, you should be OK.

QUOTE
also about the passwords was something in those logs that showed the passwords (I wasnt sure I posted those right since part of what I posted ended up in some pink code box) that you noticed or was there spyware that would have found passwords? Im just curious if I posted it wrong or if it was something else.
No, but I know the infection you are dealing with collected all your passwords.
itsmeveve
Jan 4 2008, 10:19 PM
I notice my last logs are missing when I thought that I saw them here earlier. Should I repost them ?
itsmeveve
Jan 5 2008, 12:56 AM
CODE
Ran on Fri 01/04/2008 - 20:00:42.21

----a-w            53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w            61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w            94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w            90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w            49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w            49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w           278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w            53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w           323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w            26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w            98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w            98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w         1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w           295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w         1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w            50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w           385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w            77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w            57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w         4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w         4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w         4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w         4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w         4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w         6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w           158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w           118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w           483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w           155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w           155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w            81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe

Entries:               40  (40)
Directories:            0  Files:            40
Bytes:         37,431,116  Blocks:       73,114

itsmeveve
Jan 5 2008, 01:00 AM
Thanks for clearing up the questions for me and disregard the post about my missing posts as they are back now.

Hope your evening is a good one. Your help is greatly appreciated!
miekiemoes
Jan 5 2008, 05:46 AM
Hi,

* Now DRAG Log.txt (the above log which is on your desktop) into RenV.exe as you see in the picture below.


When finished, it shall produce a new log for you. Post that log in your next reply.

Also rescan with Combofix and post the new log in your next reply as well.
itsmeveve
Jan 5 2008, 09:58 AM
CODE
Ran on Sat 01/05/2008 -  4:57:04.28

------w           115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe

Entries:                3  (3)
Directories:            0  Files:             3
Bytes:            659,832  Blocks:        1,291




ComboFix 08-01-03.4 - MOM 2008-01-05 5:03:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 04:57 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f
2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft
2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS
2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec
2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic
2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView
2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute
2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio
2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2007-12-24 15:08 . 2008-01-05 04:56 <DIR> d-------- C:\Program Files\Napster
2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 09:56 --------- d-----w C:\Program Files\Trojan Remover
2008-01-05 09:56 --------- d-----w C:\Program Files\QuickTime
2008-01-05 09:56 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-05 09:56 --------- d-----w C:\Program Files\iTunes
2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant
2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-30 19:05 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe
2007-12-30 19:05 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 19:05 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 19:03 81,920 ----a-w C:\WINDOWS\system32\ps2.exe
2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-30 18:31 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE
2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat
2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG
.
CODE
------w           115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2007-12-30 14:05:47]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk
backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
2007-12-30 14:05 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
2007-12-30 14:05 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2007-12-30 14:07 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-30 14:07 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2007-12-30 14:05 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
2007-12-30 14:05 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-30 14:05 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-12-30 14:05 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2007-12-30 14:05 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2007-12-30 14:05 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-12-30 14:05 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-30 14:05 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 14:04 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2007-12-30 14:04 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2007-12-30 14:01 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 14:04 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-12-30 14:04 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2007-12-30 14:03 81920 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2007-12-30 14:03 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2007-12-30 14:03 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-30 14:03 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2007-12-30 14:03 295936 --a------ C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2007-12-30 14:02 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2007-12-30 14:02 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"omniserv"=2 (0x2)
"iPodService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

.
Contents of the 'Scheduled Tasks' folder
"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-01-04 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N
"2008-01-05 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N
"2008-01-04 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 05:07:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-01-05 5:09:13
ComboFix-quarantined-files.txt 2008-01-05 10:09:01
ComboFix2.txt 2008-01-04 16:46:55
ComboFix3.txt 2008-01-03 22:12:28
.
2007-12-30 21:32:20 --- E O F ---


miekiemoes
Jan 5 2008, 03:04 PM
Hi,

Please start your system in Windows Safe mode and perform the same step again. (Drag log.txt into Renv.exe)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
Then reboot back to normal mode, rescan with Combofix and post the log in your next reply.

Also do next.. while back in normal mode..
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply as well.
miekiemoes
Jan 5 2008, 03:06 PM
Extra note, have you done this previously?

QUOTE
Go to start > run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
hit enter.

Reboot


because from your previous HijackThislog I see your Internet connection was still "broken". Above step should fix it.
itsmeveve
Jan 5 2008, 05:09 PM
I did the above step (netsh winsock reset) in the order that I read your list
miekiemoes
Jan 5 2008, 05:11 PM
That's Ok. Maybe your previous HijackThislog was before you used that command smile.gif
As long as you can connect with the internet from this infected machine, it should be solved. smile.gif
itsmeveve
Jan 5 2008, 05:12 PM
Also I tried to get to safe mode before I contacted you and couldnt get there the system seems to hang at loading \Windows\System32\DRIVERS\agp440.sys

Now I just tried it again as you requested and it hangs at the same place still.
itsmeveve
Jan 5 2008, 05:16 PM
Whoops i left it for a bit and it did finaly get to safemode so im off to do the next step smile.gif
miekiemoes
Jan 5 2008, 05:24 PM
Lol.. Ok. I read you later smile.gif
itsmeveve
Jan 5 2008, 05:27 PM
OK this is the code done in safe mode.......... now im off to do the combo fix in normal start up.


CODE
Ran on Sat 01/05/2008 - 12:32:04.45

Entries:                0  (0)
Directories:            0  Files:             0
Bytes:                  0  Blocks:            0

miekiemoes
Jan 5 2008, 05:30 PM
Well, this looks good. Now the rest.. new Combofix log and log from the Online scanner.
We're making improvements here smile.gif
itsmeveve
Jan 5 2008, 05:49 PM
ComboFix 08-01-03.4 - MOM 2008-01-05 12:50:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT -5:00]
Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f
2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft
2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS
2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec
2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic
2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView
2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute
2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio
2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2007-12-24 15:08 . 2008-01-05 12:31 <DIR> d-------- C:\Program Files\Napster
2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 17:31 --------- d-----w C:\Program Files\Trojan Remover
2008-01-05 17:31 --------- d-----w C:\Program Files\QuickTime
2008-01-05 17:31 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-05 17:31 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-05 17:31 --------- d-----w C:\Program Files\iTunes
2008-01-05 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant
2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE
2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat
2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2007-12-30 14:05:47]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk
backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-12-30 14:01 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-12-30 14:03 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"omniserv"=2 (0x2)
"iPodService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

.
Contents of the 'Scheduled Tasks' folder
"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-01-04 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N
"2008-01-05 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N
"2008-01-04 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 12:59:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-01-05 13:01:11
ComboFix-quarantined-files.txt 2008-01-05 18:01:00
ComboFix2.txt 2008-01-05 10:09:14
ComboFix3.txt 2008-01-04 16:46:55
ComboFix4.txt 2008-01-03 22:12:28
.
2007-12-30 21:32:20 --- E O F ---
miekiemoes
Jan 5 2008, 06:05 PM
Hi,

Navigate to and delete next file:

C:\WINDOWS\system32\1428841f

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then post the results from the online scanner in your next reply.
itsmeveve
Jan 5 2008, 06:35 PM
The infected computer is onlne now and is scanning on "ESET" seems it is going to take a while and thats ok, ill post back whenever it gets done. I wonder if you are allowed to suggest some way to keep kids out of trouble online as far as not being able to download things that could be dangerous to be on the computer, so it is a long time before we run into this kind of trouble again.
Also before I contacted you I ran SpyBot and found a keylogger on the computer that I let SpyBot remove. SpyBot information on it said that it had to be installed manualy, so that means that it wasnt put there by spyware? Is that correct?
itsmeveve
Jan 5 2008, 09:54 PM
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2766 (20080104)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8b4928ed44a4804ca4775c2260a8d3c7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-01-05 10:06:15
# local_time=2008-01-05 05:06:15 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=719584
# found=12
# scan_time=13691
C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip Win32/Adware.TrafficSol application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe »NSIS »gzmrotate.dll Win32/Adware.TrafficSol application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-01-03_170411.81.zip Win32/Adware.Virtumonde application (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-01-03_170411.81.zip »ZIP »awtrrrp.dll Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.tmp.vir a variant of Win32/TrojanDownloader.Agent.BLS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir probably a variant of Win32/TrojanDropper.VB.NAI trojan (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir »ZIP »Setup.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir probably a variant of Win32/TrojanDropper.VB.NAI trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\rlvknlg.exe.vir probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\mirc.ini IRC/Zapchast trojan (unable to clean - deleted) 00000000000000000000000000000000
miekiemoes
Jan 6 2008, 06:05 AM
Hi,

I see Eset could deal with the leftovers properly.

QUOTE
Also before I contacted you I ran SpyBot and found a keylogger on the computer that I let SpyBot remove. SpyBot information on it said that it had to be installed manualy, so that means that it wasnt put there by spyware? Is that correct?
Yes, but we already deleted that one in one of my first instructions (the CFScript you made).
That's why I also told you that it was important you changed all your passwords afterwards because they are known.

I asked you to fix these entries in HijackThis previously:

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Since we have restored the infected files, we need to restore these entries again.
To do this, open HijackThis, click Misc Tools below > Backups on top and there you'll see all the entries you have fixed in HijackThis previously.
Select ONLY above entries and click "Restore".
In case your Antivirus won't work anyway - I suggest you reinstall Norton as it may be possible that some related components were damaged by malware anyway.

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

QUOTE
I wonder if you are allowed to suggest some way to keep kids out of trouble online as far as not being able to download things that could be dangerous to be on the computer, so it is a long time before we run into this kind of trouble again.
I don't know how old your kids are - but as a first step, I would start with creating a single useraccount for them with restricted rights and passwordprotect your useraccount.
See here: http://www.microsoft.com/windowsxp/using/s...p/accounts.mspx or here: http://cybercoyote.org/security/not-admin.shtml

Also, I see P2P software installed here, for example LimeWire, Napster. P2P Software is ALWAYS a risk, because you can never be sure what you download. It doesn't mean that, if your Antivirus flags the file as clean, that is really clean. The Eset online scan already proved it:

C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip Win32/Adware.TrafficSol application (deleted)

This is a file that was downloaded via Limewire and is infected. Norton didn't flag/delete it previously. Now Eset did.
So if you don't want this to happen again, I suggest you uninstall the P2P Software. After all, downloading software from there is ALWAYS a risk. Get your software from the developers site, not via P2P.

But, the best prevention is still.... Explain your kids why it is so important that they should be careful. Explain them what they have caused (all passwords are known, A LOT of infections present etc..) and explain how to prevent this by reading this page: http://users.telenet.be/bluepatchy/miekiem...prevention.html

Then post a new HijackThislog in your next reply and Let me know in your next reply how things are now.
itsmeveve
Jan 6 2008, 03:23 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:46:05 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

itsmeveve
Jan 6 2008, 03:45 PM
I did the remove combo fix yesterday when you asked me to so it wouldnt run today since it couldnt find the file.

My daughter thought that she took lime wire out of the computer before she brought it to me to fix. I have seen bits and peices of it in here. I dont see it in add and remove programs.
We had plans to take Nortons out of this computer and run AVG free, after all the problems were gone. I switched to AVG from Nortons on my own computer about a year ago, and im very happy with it and it is not as much of a resource hog.
The computer is much much better now!
The kids cover all ages since there are five of them LOL
I want to thank you for your help with this problem, and for being so quick about it also. You are greatly appreciated. I have never tried a forum to fix a problem I can usualy figure it out, this one stumped me though. Thanks for making my first experience a good one.
miekiemoes
Jan 6 2008, 07:44 PM
Hi,

Check and fix next unnecessary entry in HijackThis:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

The rest looks OK again. smile.gif

Yes, you're right. I forgot that I already told you to uninstall/delete Combofix previously. smile.gif

Yes, it's also a good idea to use AVG Antivirus now. Don't forget to uninstall Norton before you install another Antivirus, because more than 1 Antivirus installed may cause a lot of problems.

Since your kids cover all ages, for the oldest ones, I would teach them about safe surfing etc.. since I am sure it won't help much with giving them limited access. They will figure out anyway how to work around that wink.gif
For the younger ones, it may be a good idea for an extra useraccount with limited access.
And in case you have kids who are very young (let's say 6 - 8 years old), I would suggest Glubble: http://www.glubble.com/
But for that you need Firefox as your Browser - and I recommend Firefox anyway to surf with, because it's more secure. (malware mainly targets Internet Explorer also).

And glad I could help.

Happy surfing again smile.gif
itsmeveve
Jan 6 2008, 10:59 PM
Thanks again,
Nortons is out .......... that was a nightmare in itself! But its gone now and AVG is working! I had forgot about fire fox and will install that before I return the computer to its owners. Oh and I checked out Glubble How cute smile.gif
I will go do that last fix in HijackThis.
miekiemoes
Jan 6 2008, 11:13 PM
You're most welcome smile.gif
miekiemoes
Jan 8 2008, 03:49 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.