Diskman32, AvPSrv kept coming back!!

Topic:Diskman32, AvPSrv kept coming back!!

Remainpoint:0

djukica

PostTime:12/16/2008 1:55:28 PM

Top

Level:

Professional point:

Experience:

Thread:

293

Post:

994

Total online time:

Joined date:

4/29/2007 12:25:00 AM

Last Visit:

12/16/2008 11:23:06 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

Please help, have been trying to kill off this downloading agents with trendmicro etc. but they kept coming back. I have successfully delete them and remove their link with HijackThis but guessed I missed some.
The damage is not great, but it kept running my d:drive and uses a lot of my virtual memory.

Here's the log for any kind helpers,
Logfile of HijackThis v1.99.1
Scan saved at 11:32:45 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\usbcamb.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\IGM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ThamKH\Desktop\Drivers\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172334653553
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: usbcaml - Unknown owner - C:\WINDOWS\system32\usbcamb.exe


Sean	PostTime:12/16/2008 4:50:05 PM	Point:0 \| # 1
Level: 1 Professional point: 0 Experience: 0 Thread: 133 Post: 428 Total online time: 0M Joined date: 4/19/2007 8:52:00 AM Last Visit: 4/19/2007 8:52:14 AM Status:	Hold on. I have done a HJT scan and looks like some trojans have been revived! Some steps I have done wrong? Logfile of HijackThis v1.99.1 Scan saved at 9:49:09 AM, on 9/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\usbcamb.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe C:\WINDOWS\IGM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\ThamKH\Desktop\Drivers\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp officejet 4100 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172334653553 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: kapjazy.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: usbcaml - Unknown owner - C:\WINDOWS\system32\usbcamb.exe


Jenny	PostTime:12/16/2008 5:26:28 PM	Point:0 \| # 2
Level: 2 Professional point: 0 Experience: 62 Thread: 109 Post: 432 Total online time: 62M Joined date: 4/19/2007 8:51:00 AM Last Visit: 6/2/2007 11:17:51 AM Status:	Did as told. The only strange thing is that c:\WINDOWS'SYSTEM32\NqYf7an4.exe is not found. PC seems to be running fine - no more trying to access D:drive or low in virtual memory. Some of the functions of Windows are impaired, such as changing between languages (using the language toolbar) no longer works, it doesn't open a folder but I need to choose explore in order to view contents in a folder - but I am not complaining New HJT (normal bootup) Logfile of HijackThis v1.99.1 Scan saved at 7:12:06 AM, on 9/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\usbcamb.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ThamKH\Desktop\Drivers\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp officejet 4100 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172334653553 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: windows.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: usbcaml - Unknown owner - C:\WINDOWS\system32\usbcamb.exe


richmail1357	PostTime:12/16/2008 5:41:56 PM	Point:0 \| # 3
Level: 1 Professional point: 61 Experience: 1 Thread: 293 Post: 955 Total online time: 1M Joined date: 4/28/2007 11:12:00 PM Last Visit: 12/16/2008 11:25:56 PM Status:	START RUN CMD enter DEL C:\WINDOWS\Tasks\At.job enter DEL C:\WINDOWS\System32\NqYf7an4.exe - enter ================== You may want to print this or save it to notepad as we will go to safe mode. Fix these with HiJackThis mark them, close IE, click fix checked O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe DownLoad http://www.downloads.subratam.org/KillBox.zip or http://www.thespykiller.co.uk/files/killbox.exe Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. Be sure to note the EXACT spelling of the file* C:\WINDOWS\system32\UFO.dll C:\WINDOWS\IGM.exe C:\WINDOWS\DiskMan32.exe C:\WINDOWS\Kvsc3.exe C:\WINDOWS\AVPSrv.exe C:\WINDOWS\mppds.exe C:\WINDOWS\MsIMMs32.exe C:\WINDOWS\NVDispDrv.exe C:\WINDOWS\cmdbcs.exe C:\WINDOWS\upxdnd.exe C:\WINDOWS\DbgHlp32.exe C:\WINDOWS\msccrt.exe Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START RUN type in %temp% - OK - Edit Select all File Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot and post a new hijack log from normal NOT safe mode How are things on the PC???????????


kirby001	PostTime:12/16/2008 7:30:34 PM	Point:0 \| # 4
Level: 1 Professional point: 38 Experience: 20 Thread: 263 Post: 936 Total online time: 20M Joined date: 4/28/2007 10:44:00 PM Last Visit: 12/17/2008 12:58:22 AM Status:	Fix this with hijack O20 - AppInit_DLLs: windows.dll Delete this with killbox using the DELETE ON REBOOT Option C:\WINDOWS\system32\windows.dll =================== Download http://downloads.andymanchesta.com/R...ools/SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


richmail1357	PostTime:12/16/2008 8:24:35 PM	Point:0 \| # 5
Level: 1 Professional point: 61 Experience: 1 Thread: 293 Post: 955 Total online time: 1M Joined date: 4/28/2007 11:12:00 PM Last Visit: 12/16/2008 11:25:56 PM Status:	Did as instructed. Combo fix Log: ComboFix 07-09-21.2 - "ThamKH" 2007-09-24 8:42:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT 8:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\auto.exe C:\Autorun.inf C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\office\system C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\office\userdata C:\DOCUME~1\ThamKH\ravmonlog C:\WINDOWS\481354MM.DLL C:\WINDOWS\ahswht.exe C:\WINDOWS\avpsrv.exe C:\WINDOWS\bhnbcs.exe C:\WINDOWS\chtgim.exe C:\WINDOWS\cmdbcs.exe C:\WINDOWS\DbgHlp32.exe C:\WINDOWS\debug\bmhrt.log C:\WINDOWS\dftcps.exe C:\WINDOWS\DiskMan32.exe C:\WINDOWS\dlpwpe.exe C:\WINDOWS\gxfyzn.exe C:\WINDOWS\help\starter\help.htm C:\WINDOWS\IGM.exe C:\WINDOWS\inf\1394dbg.inf C:\WINDOWS\KB611311.log C:\WINDOWS\kceiwu.exe C:\WINDOWS\kvsc3.exe C:\WINDOWS\magxlf.exe C:\WINDOWS\mbprig.exe C:\WINDOWS\mppds.exe C:\WINDOWS\msccrt.exe C:\WINDOWS\msimms32.exe C:\WINDOWS\NVDispDrv.exe C:\WINDOWS\nzfxfm.exe C:\WINDOWS\ooirjx.exe C:\WINDOWS\pndxpm.exe C:\WINDOWS\sxnnil.exe C:\WINDOWS\system32\563027F2.EXE C:\WINDOWS\system32\695AC13E.DLL C:\WINDOWS\system32\acspzp.dll C:\WINDOWS\system32\advport.dll C:\WINDOWS\system32\aexmxz.dll C:\WINDOWS\system32\agahsl.dll C:\WINDOWS\system32\agyhel.dll C:\WINDOWS\system32\aiwgmc.dll C:\WINDOWS\system32\ajlqtc.dll C:\WINDOWS\system32\aqarvn.dll C:\WINDOWS\system32\avpsrv.dll C:\WINDOWS\system32\aweyxh.dll C:\WINDOWS\system32\awvmzl.dll C:\WINDOWS\system32\axtohe.dll C:\WINDOWS\system32\baswvc.dll C:\WINDOWS\system32\bdpwbd.dll C:\WINDOWS\system32\bdqjxe.dll C:\WINDOWS\system32\bdvnec.dll C:\WINDOWS\system32\blrbxj.dll C:\WINDOWS\system32\brwdvo.dll C:\WINDOWS\system32\btimfc.dll C:\WINDOWS\system32\cajxqn.dll C:\WINDOWS\system32\cggroa.dll C:\WINDOWS\system32\ckjvgd.dll C:\WINDOWS\system32\clqfna.dll C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\system32\cosmfc.dll C:\WINDOWS\system32\cqafss.dll C:\WINDOWS\system32\crojzr.dll C:\WINDOWS\system32\cufiuj.dll C:\WINDOWS\system32\cxowtw.dll C:\WINDOWS\system32\DbgHlp32.dll C:\WINDOWS\system32\dcyqnl.dll C:\WINDOWS\system32\dhtswe.dll C:\WINDOWS\system32\DiskMan32.dll C:\WINDOWS\system32\docubx.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\drivers\restore.ini C:\WINDOWS\system32\drjowo.dll C:\WINDOWS\system32\dsvllt.dll C:\WINDOWS\system32\dwxdfo.dll C:\WINDOWS\system32\dxsmrr.dll C:\WINDOWS\system32\dyopdi.dll C:\WINDOWS\system32\eklvfu.dll C:\WINDOWS\system32\ekxazm.dll C:\WINDOWS\system32\eqeqrh.dll C:\WINDOWS\system32\erzdfk.dll C:\WINDOWS\system32\fjvygp.dll C:\WINDOWS\system32\fnpeou.dll C:\WINDOWS\system32\fnygjl.dll C:\WINDOWS\system32\fyznwk.dll C:\WINDOWS\system32\fzzepd.dll C:\WINDOWS\system32\galnbh.dll C:\WINDOWS\system32\gapbcf.dll C:\WINDOWS\system32\giqnsx.dll C:\WINDOWS\system32\gkhlaa.dll C:\WINDOWS\system32\glyljg.dll C:\WINDOWS\system32\gmeoka.dll C:\WINDOWS\system32\gmhnit.dll C:\WINDOWS\system32\gpbgcg.dll C:\WINDOWS\system32\grtdej.dll C:\WINDOWS\system32\gskjgo.dll C:\WINDOWS\system32\gtamav.dll C:\WINDOWS\system32\gutwky.dll C:\WINDOWS\system32\gxapya.dll C:\WINDOWS\system32\gxyrlf.dll C:\WINDOWS\system32\haulyk.dll C:\WINDOWS\system32\hclyjw.dll C:\WINDOWS\system32\hfruwj.dll C:\WINDOWS\system32\hieasf.dll C:\WINDOWS\system32\hlrhsj.dll C:\WINDOWS\system32\hmlrgl.dll C:\WINDOWS\system32\hulnxn.dll C:\WINDOWS\system32\hwzlgs.dll C:\WINDOWS\system32\hxbmkk.dll C:\WINDOWS\system32\hxtfng.dll C:\WINDOWS\system32\iecvev.dll C:\WINDOWS\system32\ihjgjx.dll C:\WINDOWS\system32\ihjktq.dll C:\WINDOWS\system32\ikxllc.dll C:\WINDOWS\system32\imeouj.dll C:\WINDOWS\system32\ioqeif.dll C:\WINDOWS\system32\iwlflr.dll C:\WINDOWS\system32\ixahnz.dll C:\WINDOWS\system32\jagutu.dll C:\WINDOWS\system32\javhjp.dll C:\WINDOWS\system32\jedqvm.dll C:\WINDOWS\system32\jgjwho.dll C:\WINDOWS\system32\jjpwpr.dll C:\WINDOWS\system32\jkwyet.dll C:\WINDOWS\system32\jlvuoe.dll C:\WINDOWS\system32\jotyfz.dll C:\WINDOWS\system32\jpzjas.dll C:\WINDOWS\system32\jshvxp.dll C:\WINDOWS\system32\jzkjno.dll C:\WINDOWS\system32\k11900749566.exe C:\WINDOWS\system32\k11900749609.exe C:\WINDOWS\system32\k11901477705.exe C:\WINDOWS\system32\k11902458945.exe C:\WINDOWS\system32\k11902458956.exe C:\WINDOWS\system32\k11903000511.exe C:\WINDOWS\system32\k11903000522.exe C:\WINDOWS\system32\k11903000533.exe C:\WINDOWS\system32\k11903000544.exe C:\WINDOWS\system32\k11903000565.exe C:\WINDOWS\system32\k11903000576.exe C:\WINDOWS\system32\k11903000587.exe C:\WINDOWS\system32\k11903000598.exe C:\WINDOWS\system32\k119030006210.exe C:\WINDOWS\system32\k119030006513.exe C:\WINDOWS\system32\k11903430848.exe C:\WINDOWS\system32\k11904638786.exe C:\WINDOWS\system32\kabydq.dll C:\WINDOWS\system32\kaproi.dll C:\WINDOWS\system32\keucgl.dll C:\WINDOWS\system32\kfixzb.dll C:\WINDOWS\system32\kgsnua.dll C:\WINDOWS\system32\kgvbmy.dll C:\WINDOWS\system32\kjxlou.dll C:\WINDOWS\system32\kktlro.dll C:\WINDOWS\system32\kmfeaa.dll C:\WINDOWS\system32\kpbbtw.dll C:\WINDOWS\system32\kpuzpo.dll C:\WINDOWS\system32\ksiukt.dll C:\WINDOWS\system32\kvsc3.dll C:\WINDOWS\system32\kvylaf.dll C:\WINDOWS\system32\kxhltb.dll C:\WINDOWS\system32\kyulrz.dll C:\WINDOWS\system32\lhufym.dll C:\WINDOWS\system32\ltehhj.dll C:\WINDOWS\system32\ltekeh.dll C:\WINDOWS\system32\ltoqio.dll C:\WINDOWS\system32\lucqgh.dll C:\WINDOWS\system32\lvudnz.dll C:\WINDOWS\system32\lyloader.exe C:\WINDOWS\system32\lymangr.dll C:\WINDOWS\system32\lzyxzc.dll C:\WINDOWS\system32\majwjj.dll C:\WINDOWS\system32\mcmnxt.dll C:\WINDOWS\system32\mdaegs.dll C:\WINDOWS\system32\mfhovi.dll C:\WINDOWS\system32\mhshay.dll C:\WINDOWS\system32\miigrg.dll C:\WINDOWS\system32\mipnng.dll C:\WINDOWS\system32\mkkooy.dll C:\WINDOWS\system32\mppds.dll C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\system32\msdeg32.dll C:\WINDOWS\system32\Msf3sf.sys C:\WINDOWS\system32\msimms32.dll C:\WINDOWS\system32\mszrei.dll C:\WINDOWS\system32\mtvgkw.dll C:\WINDOWS\system32\mymlju.dll C:\WINDOWS\system32\najgxz.dll C:\WINDOWS\system32\nisxxy.dll C:\WINDOWS\system32\nkupue.dll C:\WINDOWS\system32\nmzfxl.dll C:\WINDOWS\system32\nnruee.dll C:\WINDOWS\system32\nvdispdrv.dll C:\WINDOWS\system32\nyvlcq.dll C:\WINDOWS\system32\nyyisu.dll C:\WINDOWS\system32\oakkbi.dll C:\WINDOWS\system32\oatgnb.dll C:\WINDOWS\system32\obtdph.dll C:\WINDOWS\system32\onofym.dll C:\WINDOWS\system32\opadqx.dll C:\WINDOWS\system32\owmhnm.dll C:\WINDOWS\system32\owzxde.dll C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\palezo.dll C:\WINDOWS\system32\pbytgf.dll C:\WINDOWS\system32\petmnp.dll C:\WINDOWS\system32\pfmkll.dll C:\WINDOWS\system32\pityda.dll C:\WINDOWS\system32\pkqhai.dll C:\WINDOWS\system32\pwdjca.dll C:\WINDOWS\system32\qarrbw.dll C:\WINDOWS\system32\qcgkye.dll C:\WINDOWS\system32\qcwnge.dll C:\WINDOWS\system32\qdcbfl.dll C:\WINDOWS\system32\qhyiml.dll C:\WINDOWS\system32\qmgkrk.dll C:\WINDOWS\system32\qodiiv.dll C:\WINDOWS\system32\qtaswb.dll C:\WINDOWS\system32\qvyaaa.dll C:\WINDOWS\system32\qycmgn.dll C:\WINDOWS\system32\qzwrtb.dll C:\WINDOWS\system32\ranpht.dll C:\WINDOWS\system32\rchlpt.dll C:\WINDOWS\system32\rdhhsc.dll C:\WINDOWS\system32\rfpowy.dll C:\WINDOWS\system32\rjpuuq.dll C:\WINDOWS\system32\rlqepj.dll C:\WINDOWS\system32\rphtst.dll C:\WINDOWS\system32\rvxryl.dll C:\WINDOWS\system32\rypzmz.dll C:\WINDOWS\system32\sapveg.dll C:\WINDOWS\system32\scodrj.dll C:\WINDOWS\system32\score.txt C:\WINDOWS\system32\sdyara.dll C:\WINDOWS\system32\SHQMANGR.DLL C:\WINDOWS\system32\skvvpt.dll C:\WINDOWS\system32\smxevw.dll C:\WINDOWS\system32\srzbna.dll C:\WINDOWS\system32\svczgm.dll C:\WINDOWS\system32\svveuu.dll C:\WINDOWS\system32\tixbjr.dll C:\WINDOWS\system32\tmgvmh.dll C:\WINDOWS\system32\tokich.dll C:\WINDOWS\system32\tsdpfz.dll C:\WINDOWS\system32\turclq.dll C:\WINDOWS\system32\uclcbx.dll C:\WINDOWS\system32\udtovl.dll C:\WINDOWS\system32\uiesgt.dll C:\WINDOWS\system32\ukyhzb.dll C:\WINDOWS\system32\umdwga.dll C:\WINDOWS\system32\untjbx.dll C:\WINDOWS\system32\uomdzk.dll C:\WINDOWS\system32\upxdnd.dll C:\WINDOWS\system32\uulivl.dll C:\WINDOWS\system32\uxjujw.dll C:\WINDOWS\system32\vfiuqi.dll C:\WINDOWS\system32\vihhnp.dll C:\WINDOWS\system32\vjrmej.dll C:\WINDOWS\system32\vjwaic.dll C:\WINDOWS\system32\vmikoh.dll C:\WINDOWS\system32\vmmcqq.dll C:\WINDOWS\system32\vqujbp.dll C:\WINDOWS\system32\vydvor.dll C:\WINDOWS\system32\wagume.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wbem\lsass.exe C:\WINDOWS\system32\wbem\ocmor.dll C:\WINDOWS\system32\wbem\sholl32.dll C:\WINDOWS\system32\wcbojx.dll C:\WINDOWS\system32\wjlhjc.dll C:\WINDOWS\system32\wnkdif.dll C:\WINDOWS\system32\worher.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wpsmvp.dll C:\WINDOWS\system32\wqaagu.dll C:\WINDOWS\system32\wxsafg.dll C:\WINDOWS\system32\xikckb.dll C:\WINDOWS\system32\xksivi.dll C:\WINDOWS\system32\xnaxtd.dll C:\WINDOWS\system32\xpivqt.dll C:\WINDOWS\system32\xqvbuk.dll C:\WINDOWS\system32\xuggid.dll C:\WINDOWS\system32\xurjjm.dll C:\WINDOWS\system32\xwyial.dll C:\WINDOWS\system32\xxdwjh.dll C:\WINDOWS\system32\xyixfp.dll C:\WINDOWS\system32\xzzrpa.dll C:\WINDOWS\system32\ymcwxr.dll C:\WINDOWS\system32\ynodcu.dll C:\WINDOWS\system32\yodsxh.dll C:\WINDOWS\system32\youmrx.dll C:\WINDOWS\system32\yvvfbx.dll C:\WINDOWS\system32\ywqafv.dll C:\WINDOWS\system32\zbvsji.dll C:\WINDOWS\system32\zceiqp.dll C:\WINDOWS\system32\zcmgdo.dll C:\WINDOWS\system32\zhtsra.dll C:\WINDOWS\system32\zrnzws.dll C:\WINDOWS\system32\zsbaci.dll C:\WINDOWS\system32\zsiwkd.dll C:\WINDOWS\system32\zsmpah.dll C:\WINDOWS\system32\zuilvv.dll C:\WINDOWS\system32\zyxufp.dll C:\WINDOWS\system32\zzielp.dll C:\WINDOWS\tyszwo.exe C:\WINDOWS\udyrft.exe C:\WINDOWS\ufhlzi.exe C:\WINDOWS\upxdnd.exe C:\WINDOWS\uzwdha.exe C:\WINDOWS\yrolhq.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_AST -------\LEGACY_FFPBEK -------\LEGACY_HIDPROC -------\LEGACY_MSUSBBUX -------\LEGACY_NPF -------\LEGACY_REMOTE_ACCESS_CONNECTION_MANAGEMENT -------\LEGACY_RESTORESERVICE -------\NPF -------\Remote Access Connection Management -------\RestoreService ((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 ))))))))))))))))))))))))))))))) . 2007-09-24 08:57 33,280 --a------ C:\WINDOWS\upxdnd.exe 2007-09-24 08:57 18,432 --a------ C:\WINDOWS\DbgHlp32.exe 2007-09-24 08:57 18,432 --a------ C:\WINDOWS\cmdbcs.exe 2007-09-24 08:57 15,360 --a------ C:\WINDOWS\NVDispDrv.exe 2007-09-24 08:52 13,154 ---h----- C:\auto.exe 2007-09-24 07:57 16,384 --a------ C:\WINDOWS\jpnpop.exe 2007-09-24 01:42 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-23 14:23 16,384 --a------ C:\WINDOWS\uhpwjh.exe 2007-09-21 18:01 17,940 --a------ C:\WINDOWS\system32\LYLOADMR.EXE 2007-09-21 16:32 16,384 --a------ C:\WINDOWS\cwssds.exe 2007-09-20 22:59 36,737 --a------ C:\WINDOWS\system32\k119030006412.exe 2007-09-20 22:59 33,280 --a------ C:\WINDOWS\system32\k11903000609.exe 2007-09-20 10:51 16,384 --a------ C:\WINDOWS\tegigz.exe 2007-09-19 19:48 16,384 --a------ C:\WINDOWS\zqqnun.exe 2007-09-19 15:38 16,384 --a------ C:\WINDOWS\nclgwu.exe 2007-09-19 12:27 16,384 --a------ C:\WINDOWS\xqobyp.exe 2007-09-19 09:49 16,384 --a------ C:\WINDOWS\juqefn.exe 2007-09-18 19:33 16,384 --a------ C:\WINDOWS\tufwqe.exe 2007-09-18 11:53 15,872 --a------ C:\WINDOWS\mkwrhf.exe 2007-09-18 09:09 15,872 --a------ C:\WINDOWS\egsmnr.exe 2007-09-18 08:22 15,872 --a------ C:\WINDOWS\myzxzs.exe 2007-09-17 19:53 15,872 --a------ C:\WINDOWS\zkekqs.exe 2007-09-17 11:21 15,872 --a------ C:\WINDOWS\tedqne.exe 2007-09-17 00:29 15,872 --a------ C:\WINDOWS\kbhyle.exe 2007-09-16 07:34 15,872 --a------ C:\WINDOWS\pnycsf.exe 2007-09-15 11:13 15,872 --a------ C:\WINDOWS\iliaxo.exe 2007-09-15 08:24 15,872 --a------ C:\WINDOWS\qoocaq.exe 2007-09-15 07:42 36,701 --a------ C:\WINDOWS\system32\k118981326712.exe 2007-09-15 01:40 36,705 --a------ C:\WINDOWS\system32\k118979157912.exe 2007-09-15 00:40 36,705 --a------ C:\WINDOWS\system32\k118978796512.exe 2007-09-14 23:40 36,705 --a------ C:\WINDOWS\system32\k118978434912.exe 2007-09-14 22:39 36,705 --a------ C:\WINDOWS\system32\k118978073512.exe 2007-09-14 20:39 36,705 --a------ C:\WINDOWS\system32\k118977350212.exe 2007-09-14 19:39 36,705 --a------ C:\WINDOWS\system32\k118976988912.exe 2007-09-14 19:37 15,872 --a------ C:\WINDOWS\oiizhh.exe 2007-09-14 08:28 15,872 --a------ C:\WINDOWS\gntbha.exe 2007-09-14 02:45 15,872 --a------ C:\WINDOWS\pjmmdt.exe 2007-09-13 20:31 15,872 --a------ C:\WINDOWS\qogiss.exe 2007-09-13 11:54 36,213 --a------ C:\WINDOWS\system32\k118965529011.exe 2007-09-13 11:47 15,872 --a------ C:\WINDOWS\mxiqhy.exe 2007-09-13 09:26 36,213 --a------ C:\WINDOWS\system32\k118964645811.exe 2007-09-13 09:20 15,872 --a------ C:\WINDOWS\mpemdo.exe 2007-09-13 09:06 36,213 --a------ C:\WINDOWS\system32\k118964523011.exe 2007-09-13 09:06 32,256 --a------ C:\WINDOWS\system32\k11896452289.exe 2007-09-13 09:06 18,944 --a------ C:\WINDOWS\system32\k118964523112.exe 2007-09-13 09:06 18,432 --a------ C:\WINDOWS\system32\k11896452278.exe 2007-09-13 09:05 30,720 --a------ C:\WINDOWS\system32\k11896452235.exe 2007-09-13 09:05 17,920 --a------ C:\WINDOWS\system32\k11896452224.exe 2007-09-13 09:05 17,408 --a------ C:\WINDOWS\system32\k11896452213.exe 2007-09-13 09:05 15,872 --a------ C:\WINDOWS\system32\k11896452192.exe 2007-09-13 08:06 36,213 --a------ C:\WINDOWS\system32\k118964161711.exe 2007-09-13 07:06 36,213 --a------ C:\WINDOWS\system32\k118963800011.exe 2007-09-13 06:05 36,213 --a------ C:\WINDOWS\system32\k118963438711.exe 2007-09-13 05:05 36,213 --a------ C:\WINDOWS\system32\k118963077311.exe 2007-09-13 04:05 36,213 --a------ C:\WINDOWS\system32\k118962716111.exe 2007-09-13 03:05 36,213 --a------ C:\WINDOWS\system32\k118962354611.exe 2007-09-13 02:04 36,213 --a------ C:\WINDOWS\system32\k118961993411.exe 2007-09-13 01:04 36,213 --a------ C:\WINDOWS\system32\k118961632211.exe 2007-09-13 00:04 36,213 --a------ C:\WINDOWS\system32\k118961271011.exe 2007-09-12 23:04 36,213 --a------ C:\WINDOWS\system32\k118960909711.exe 2007-09-12 20:28 15,872 --a------ C:\WINDOWS\npmnka.exe 2007-09-12 07:07 36,213 --a------ C:\WINDOWS\system32\k118955167911.exe 2007-09-12 07:00 15,872 --a------ C:\WINDOWS\jgevkx.exe 2007-09-12 05:26 36,213 --a------ C:\WINDOWS\system32\k118954594411.exe 2007-09-12 04:26 36,213 --a------ C:\WINDOWS\system32\k118954233011.exe 2007-09-12 03:26 36,213 --a------ C:\WINDOWS\system32\k118953871811.exe 2007-09-12 02:26 36,213 --a------ C:\WINDOWS\system32\k118953510111.exe 2007-09-12 01:26 36,213 --a------ C:\WINDOWS\system32\k118953148914.exe 2007-09-12 01:25 49 --a------ C:\WINDOWS\system32\kashacs.dll 2007-09-12 00:30 36,213 --a------ C:\WINDOWS\system32\k118952787411.exe 2007-09-11 23:30 36,213 --a------ C:\WINDOWS\system32\k118952426211.exe 2007-09-11 20:23 15,872 --a------ C:\WINDOWS\ewsujf.exe 2007-09-11 12:43 36,213 --a------ C:\WINDOWS\system32\k118948541613.exe 2007-09-11 11:42 36,213 --a------ C:\WINDOWS\system32\k118948179113.exe 2007-09-11 09:36 70 --a------ C:\WINDOWS\system32\kapjacs.dll 2007-09-11 09:35 14,960 --a------ C:\WINDOWS\system32\k11894745032.exe 2007-09-11 04:48 50 --a------ C:\WINDOWS\system32\avzxain.dll 2007-09-11 04:48 50 --a------ C:\WINDOWS\system32\avwlain.dll 2007-09-11 00:46 4,224 --a------ C:\WINDOWS\system32\drivers\usbcam.sys 2007-09-11 00:46 36,893 --a------ C:\WINDOWS\system32\UFO.dll 2007-09-11 00:46 24,576 --a------ C:\WINDOWS\system32\usbcamb.exe 2007-09-09 11:59 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-09-09 11:39 59 --a------ C:\WINDOWS\system32\rsjzafg.dll 2007-09-09 11:30 3,492 --a------ C:\WINDOWS\system32\LYMANGR.DLL 2007-09-09 07:43 <DIR> d-------- C:\DOCUME~1\ThamKH\APPLIC~1\HouseCall 6.6 2007-09-04 09:23 30,208 --a------ C:\WINDOWS\system32\SHQ.DLL 2007-09-04 09:23 20 --a------ C:\WINDOWS\system32\mhsha1.dat 2007-09-02 00:20 2,477 --a------ C:\WINDOWS\system32\k11886633405.exe 2007-09-01 21:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-31 01:02 32,768 --a------ C:\WINDOWS\system32\695AC13E.DLL 2007-08-31 01:02 13,154 --a------ C:\WINDOWS\system32\563027F2.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-24 08:56 5879 --a------ C:\WINDOWS\system32\MSDEG32.DLL 2007-09-24 08:56 31232 --a------ C:\WINDOWS\mppds.exe 2007-09-24 08:56 24064 --a------ C:\WINDOWS\system32\MsIMMs32.dll 2007-09-24 08:56 24064 --a------ C:\WINDOWS\system32\mppds.dll 2007-09-24 08:56 23552 --a------ C:\WINDOWS\system32\AVPSrv.dll 2007-09-24 08:56 23040 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-09-24 08:56 19968 --a------ C:\WINDOWS\system32\DiskMan32.dll 2007-09-24 08:56 18432 --a------ C:\WINDOWS\MsIMMs32.exe 2007-09-24 08:56 17920 --a------ C:\WINDOWS\Kvsc3.exe 2007-09-24 08:56 17920 --a------ C:\WINDOWS\AVPSrv.exe 2007-09-24 08:56 16384 --a------ C:\WINDOWS\DiskMan32.exe 2007-09-24 08:56 11816 --a------ C:\WINDOWS\system32\LYLOADER.EXE 2007-09-24 08:48 --------- d-------- C:\DOCUME~1\ThamKH\APPLIC~1\Skype 2007-09-23 23:30 --------- d-------- C:\Program Files\Championship Manager 01-02 2007-09-19 04:47 --------- d-------- C:\Program Files\SpywareBlaster 2007-09-15 01:08 --------- d-------- C:\Program Files\MSN Messenger 2007-09-12 01:25 85 --a------ C:\WINDOWS\Fonts.\ensuafx.fon 2007-09-11 11:42 204 --a------ C:\WINDOWS\Fonts.\gejiand.fon 2007-09-11 09:36 127 --a------ C:\WINDOWS\Fonts.\enpoafx.fon 2007-09-11 04:48 87 --a------ C:\WINDOWS\Fonts.\mszhasd.fon 2007-09-11 04:48 87 --a------ C:\WINDOWS\Fonts.\mswuasd.fon 2007-09-01 21:54 --------- d-------- C:\Program Files\QuickTime 2007-09-01 21:48 --------- d-------- C:\Program Files\iTunes 2007-08-27 17:55 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\k11905953829.exe C:\WINDOWS\system32\k11905953818.exe C:\WINDOWS\system32\k11905953807.exe 2004-08-04 17:25:48 18,506 --sh--w C:\WINDOWS\system32\kashbzy.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2003-08-21 09:29] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 09:37] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 17:36 C:\WINDOWS\system32\WFXSNT40.EXE] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2007-08-27 17:55] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-02-18 02:38] "NVDispDrv"="C:\WINDOWS\NVDispDrv.exe" [2007-09-24 08:57] "cmdbcs"="C:\WINDOWS\cmdbcs.exe" [2007-09-24 08:57] "upxdnd"="C:\WINDOWS\upxdnd.exe" [2007-09-24 08:57] "DbgHlp32"="C:\WINDOWS\DbgHlp32.exe" [2007-09-24 08:57] "msccrt"="C:\WINDOWS\msccrt.exe" [2007-09-24 08:57] "WinSysM"="C:\WINDOWS\IGM.exe" [2007-09-24 08:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-08-02 22:03:57] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] hp officejet 4100 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe [2003-04-09 18:22:10] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks] "{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}"= C:\WINDOWS\system32\rsjzapm.dll [2004-08-04 11:39 20064] "{AEB6717E-7E19-11d0-97EE-00C04FD91973}"= UFO.dll [ ] "{1859245F-345D-BC13-AC4F-145D47DA34F1}"= C:\WINDOWS\system32\avzxamn.dll [2004-08-05 04:48 21580] "{1960356A-458E-DE24-BD50-268F589A56A1}"= C:\WINDOWS\system32\avwlamn.dll [2004-08-05 04:48 21580] "{1A321487-4977-D98A-C8D5-6488257545A1}"= C:\WINDOWS\system32\kapjazy.dll [2004-08-04 09:36 19572] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=UFO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau R1 Avg7Core;AVG7 Kernel;C:\WINDOWS\system32\Drivers\avg7core.sys R2 usbcaml;usbcaml;C:\WINDOWS\system32\usbcamb.exe S2 FBBA40B2;FBBA40B2;C:\WINDOWS\system32\563027F2.EXE -k S4 AtWork;Remote Route Service;C:\WINDOWS\System32\svchost.exe -k netsvcs S4 F777AB4F;F777AB4F;C:\WINDOWS\system32\0EC5955C.EXE -F777AB4F S4 kernel;System Local Kernel Service;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\tUwszuZXdY.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs n Gentad [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\C] Auto\command- auto.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D] AutoRun\command- D:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2007-09-23 16:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-21 01:00:00 C:\WINDOWS\Tasks\At10.job" "2007-09-21 02:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-21 03:00:00 C:\WINDOWS\Tasks\At12.job" "2007-09-21 03:59:59 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-21 05:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-21 06:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 07:00:01 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 08:00:00 C:\WINDOWS\Tasks\At17.job" "2007-09-23 09:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 10:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 17:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 11:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 12:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 13:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 14:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 15:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-23 18:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-22 19:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-22 20:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-22 21:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-20 22:00:00 C:\WINDOWS\Tasks\At7.job" "2007-09-20 23:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\NqYf7an4.exe "2007-09-24 00:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\NqYf7an4.exe "2006-08-22 05:30:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1147411771.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-24 08:56:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\upxdnd.dll C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\system32\NVDispDrv.dll C:\WINDOWS\system32\cmdbcs.dll scan completed successfully hidden files: 4 ********************************************************************** . Completion time: 2007-09-24 8:58:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-24 08:58 . --- E O F --- SAS scanlog:** For reasons unknown, the notepad page generated by SAS hanged. The scanning and removing had gone on smoothly, while only the window of notepad hanged, the system is operating fine. There are also no problem with notepad displaying HJT log or any other uses. exe


ghostfacesuk	PostTime:12/16/2008 8:39:25 PM	Point:0 \| # 6
Level: 1 Professional point: 98 Experience: 2 Thread: 272 Post: 982 Total online time: 2M Joined date: 4/28/2007 11:38:00 PM Last Visit: 12/17/2008 12:23:56 AM Status:	Stuck!! Could NOT fix the following 020 - AppInit_DLLs: windows.dll Error message: An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: windows.dll) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan.


Jerry	PostTime:12/16/2008 8:49:09 PM	Point:0 \| # 7
Level: 1 Professional point: 0 Experience: 8 Thread: 136 Post: 473 Total online time: 8M Joined date: 4/19/2007 8:49:00 AM Last Visit: 4/20/2007 2:38:59 AM Status:	Go to the link below and download the trial version of SpySweeper: SpySweeper http://www.webroot.com/consumer/prod...ode=af1&rc=855 (It's a 2 week trial.) * Click the Try Spy Sweeper for FreeDownload the trial link. (Download Antivirus if required) * Install it. During the install it will prompt for updates, these can be gotten now or later * Once the program is installed, it will open. * It will prompt you to update to the latest definitions, if not already done so, before proceding check to ensure that you are up to date (Click Home > Bottom middle of page will tell you) . * Once the definitions are installed, click Options on the left side. * Click the Options tab on the left hand side. * Chose Custom Sweep (Raido Buttom) * Chose Change Settings (Link) * Where to Sweep > Select My Computer * What to Sweep > Select all options available (enable Virus scan if available) * Skip File Types > Do not skip any file types * Advanced Options > Select all options available * Click Sweep on the left side. * Click the Black arrow next to start full sweep * Select Start Custom Sweep * When it's done scanning, copy Items Found into Notepad * Make sure everything has a check next to it, then click the Next button. * It will remove all of the items found. * Click the Summary tab and click Finish. * Compare the contents of the notepad to the report * Place the contens of the notepad into your next reply identifying any items not removed. If Spy Sweeper Suggests rebooting and scanning again repeat process and copy that information into your next reply as well. Also post a new Hijack This log.


CompyGuy	PostTime:12/16/2008 9:23:26 PM	Point:0 \| # 8
Level: 1 Professional point: 83 Experience: 2 Thread: 242 Post: 980 Total online time: 2M Joined date: 4/28/2007 10:38:00 PM Last Visit: 12/16/2008 11:40:24 PM Status:	I have installed the sweeper, it swept once and found a few trojans etc. It restarted the PC and the second sweep reflects a clean bill. I don't know how to copy the item found, I will just type it out here. Name trojan-pws-onlinegames.gn Category Trojan Horse Trojan.gn Trojan Horse bho_xmlhelper Adware adbureau cookie Spy cookie New HJT log Logfile of HijackThis v1.99.1 Scan saved at 2:02:45 PM, on 9/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\usbcamb.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\IGM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\ThamKH\Desktop\Drivers\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp officejet 4100 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172334653553 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: windows.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: usbcaml - Unknown owner - C:\WINDOWS\system32\usbcamb.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Hanzu	PostTime:12/16/2008 9:30:39 PM	Point:0 \| # 9
Level: 1 Professional point: 64 Experience: 3 Thread: 277 Post: 897 Total online time: 3M Joined date: 4/28/2007 11:25:00 PM Last Visit: 12/16/2008 11:33:11 PM Status:	Hijack this Log Logfile of HijackThis v1.99.1 Scan saved at 10:56:23 AM, on 9/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\usbcamb.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\IGM.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\ThamKH\Desktop\Drivers\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\DiskMan32.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp officejet 4100 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172334653553 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: UFO.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: usbcaml - Unknown owner - C:\WINDOWS\system32\usbcamb.


Sophie	PostTime:12/16/2008 10:55:50 PM	Point:0 \| # 10
Level: 1 Professional point: 0 Experience: 0 Thread: 112 Post: 424 Total online time: 0M Joined date: 4/19/2007 8:53:00 AM Last Visit: 5/21/2007 7:27:05 AM Status:	NOTE: If you have downloaded ComboFix previously please delete that version and download it again! Download this file : http://download.bleepingcomputer.com...a/ComboFix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log Note: Do not mouseclick combofix's window while its running. That may cause it to stall ===================== Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. It will ask if you want to update the program definitions, click Yes. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click Yes. To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. Click close and close again to exit the program. Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!

Sorry, you are not login, click here to login