Author Topic: dalecon5 (Read 5707 times)

essexboy · « **on:** January 08, 2008, 07:38:08 PM »

As you are running Vista I must ask you to right click all programmes I ask you to use and select run as administrator

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: load=C:\Windows\system32\opnli.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geecc.dll,#1
O4 - HKCU\..\Run: [Host Process] C:\Users\Dale\svchost.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix can take up to 2 minutes to start on Vista

dalecon5 · « **Reply #1 on:** January 08, 2008, 09:45:54 PM »

ComboFix 08-01-07.5 - Dale 2008-01-08 12:26:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1276 [GMT -8:00]
Running from: C:\Users\Dale\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\hggdcab.dll
C:\Windows\System32\ilnpo.ini
C:\Windows\System32\ilnpo.ini2
C:\Windows\system32\lssexp.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 12:32 . 2007-12-28 09:26   38,912   --a------   C:\Windows\System32\awvtt.dll
2008-01-08 12:24 . 2000-08-31 08:00   51,200   --a------   C:\Windows\NirCmd.exe
2008-01-08 11:59 . 2008-01-08 11:59   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58   <DIR>   d--------   C:\Users\All Users\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58   <DIR>   d--------   C:\ProgramData\Grisoft
2008-01-08 11:58 . 2007-05-30 04:10   10,872   --a------   C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 10:08 . 2008-01-08 09:41   54,832   --a------   C:\Windows\System32\AOLParconLink.exe
2008-01-08 10:06 . 2008-01-08 10:09   <DIR>   d--------   C:\Program Files\Common Files\aolshare
2008-01-08 10:06 . 2008-01-08 10:11   <DIR>   d--------   C:\Program Files\AOL 9.0
2008-01-08 09:58 . 2008-01-08 09:58   344,576   --a------   C:\Windows\System32\opnli.dll
2008-01-08 09:55 . 2008-01-08 09:55   4   --a------   C:\Windows\msoffice.ini
2008-01-08 09:10 . 2008-01-08 09:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-08 08:33 . 2008-01-08 12:30   4,112   --a------   C:\Windows\System32\Config.MPF
2008-01-08 08:32 . 2008-01-08 08:32   <DIR>   d--------   C:\mcafee_mcpr
2008-01-08 08:32 . 2007-03-02 14:17   120,360   --a------   C:\Windows\System32\drivers\Mpfp.sys
2008-01-08 08:31 . 2008-01-08 08:32   <DIR>   d--------   C:\Program Files\McAfee.com
2008-01-08 08:31 . 2008-01-08 09:59   <DIR>   d--------   C:\Program Files\McAfee
2008-01-08 08:31 . 2008-01-08 08:32   <DIR>   d--------   C:\Program Files\Common Files\McAfee
2008-01-08 08:26 . 2008-01-08 08:33   <DIR>   d--------   C:\Users\All Users\McAfee
2008-01-08 08:26 . 2008-01-08 08:33   <DIR>   d--------   C:\ProgramData\McAfee
2008-01-04 07:46 . 2008-01-04 07:46   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-01-03 09:35 . 2008-01-03 09:35   <DIR>   d--------   C:\Users\All Users\Office Genuine Advantage
2008-01-03 09:35 . 2008-01-03 09:35   <DIR>   d--------   C:\ProgramData\Office Genuine Advantage
2008-01-03 08:56 . 2008-01-04 07:51   376   --a------   C:\Windows\ODBC.INI
2008-01-03 08:52 . 2008-01-04 07:46   <DIR>   d--------   C:\Windows\ShellNew
2008-01-02 09:34 . 2008-01-02 09:34   77   --a------   C:\Windows\System32\7631.bat
2008-01-02 09:33 . 2008-01-08 07:55   106,496   --a------   C:\Windows\System32\hkcmd .exe
2008-01-02 09:33 . 2008-01-08 07:55   98,304   --a------   C:\Windows\System32\igfxtray .exe
2008-01-02 09:33 . 2008-01-08 07:55   81,920   --a------   C:\Windows\System32\igfxpers .exe
2007-12-28 09:29 . 2007-12-28 09:29   <DIR>   d--------   C:\Users\Public\CyberLink
2007-12-28 09:21 . 2007-12-28 09:21   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\CyberLink
2007-12-28 08:16 . 2007-12-28 08:16   77   --a------   C:\Windows\System32\7952.bat
2007-12-27 08:38 . 2007-12-27 08:38   77   --a------   C:\Windows\System32\9510.bat
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\Users\All Users\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\ProgramData\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\Program Files\Diskeeper Corporation
2007-12-26 12:17 . 2007-12-26 12:18   <DIR>   d--------   C:\Users\Dale\Diskeeper
2007-12-26 08:11 . 2007-12-26 08:11   77   --a------   C:\Windows\System32\3730.bat
2007-12-24 08:22 . 2007-12-24 08:22   <DIR>   d--------   C:\Program Files\Coupons
2007-12-24 07:15 . 2007-12-24 07:15   77   --a------   C:\Windows\System32\8915.bat
2007-12-23 08:48 . 2008-01-08 09:38   54,634   --a------   C:\VETlog.dmp
2007-12-23 08:16 . 2007-12-23 08:16   77   --a------   C:\Windows\System32\5003.bat
2007-12-22 15:35 . 2007-12-22 15:35   77   --a------   C:\Windows\System32\2106.bat
2007-12-22 08:24 . 2007-12-22 08:24   77   --a------   C:\Windows\System32\2029.bat
2007-12-21 07:51 . 2007-12-21 07:51   <DIR>   d--------   C:\Program Files\Empire Interactive
2007-12-21 07:42 . 2007-12-21 07:42   77   --a------   C:\Windows\System32\8933.bat
2007-12-20 09:03 . 2007-12-20 09:03   254   --a------   C:\Windows\dellstat.ini
2007-12-20 07:52 . 2007-12-20 07:52   77   --a------   C:\Windows\System32\5032.bat
2007-12-19 11:14 . 2007-12-19 11:14   3,120   --a------   C:\Windows\553VKVT8.ocx
2007-12-19 08:24 . 2007-12-19 08:24   77   --a------   C:\Windows\System32\6879.bat
2007-12-18 07:41 . 2007-12-18 07:41   77   --a------   C:\Windows\System32\1771.bat
2007-12-17 07:22 . 2007-12-17 07:22   77   --a------   C:\Windows\System32\1228.bat
2007-12-16 09:31 . 2007-12-16 09:31   77   --a------   C:\Windows\System32\1546.bat
2007-12-15 21:45 . 2007-12-15 21:45   77   --a------   C:\Windows\System32\8210.bat
2007-12-15 13:36 . 2007-12-15 13:36   77   --a------   C:\Windows\System32\4661.bat
2007-12-14 08:11 . 2007-12-14 08:11   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-12-14 08:01 . 2007-12-14 08:01   77   --a------   C:\Windows\System32\8019.bat
2007-12-13 07:35 . 2007-12-13 07:35   77   --a------   C:\Windows\System32\7012.bat
2007-12-12 13:23 . 2007-12-12 13:23   1,327,104   --a------   C:\Windows\System32\quartz.dll
2007-12-12 13:23 . 2007-12-12 13:23   223,232   --a------   C:\Windows\System32\WMASF.DLL
2007-12-12 13:23 . 2007-12-12 13:23   9,728   --a------   C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:23 . 2007-12-12 13:23   2,048   --a------   C:\Windows\System32\asferror.dll
2007-12-12 13:19 . 2007-12-12 13:19   3,504,824   --a------   C:\Windows\System32\ntkrnlpa.exe
2007-12-12 13:19 . 2007-12-12 13:19   3,470,520   --a------   C:\Windows\System32\ntoskrnl.exe
2007-12-12 13:19 . 2007-12-12 13:19   2,048   --a------   C:\Windows\System32\tzres.dll
2007-12-12 13:11 . 2007-12-12 13:11   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\InterVideo
2007-12-12 13:10 . 2007-12-12 13:10   77   --a------   C:\Windows\System32\2809.bat
2007-12-12 12:55 . 2007-12-12 12:56   <DIR>   d--------   C:\Program Files\QuickTime
2007-12-12 12:55 . 2007-12-12 12:55   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-12-12 12:42 . 2007-12-12 12:55   <DIR>   d--------   C:\Users\All Users\Apple Computer
2007-12-12 12:42 . 2007-12-12 12:55   <DIR>   d--------   C:\ProgramData\Apple Computer
2007-12-12 12:41 . 2007-12-12 12:41   <DIR>   d--------   C:\Program Files\InterVideo Information Service
2007-12-12 12:41 . 2007-12-12 12:41   <DIR>   d--------   C:\Program Files\Common Files\Ulead
2007-12-12 12:41 . 2006-05-11 18:41   654   ---------   C:\Windows\remove.iss
2007-12-12 12:38 . 2007-12-12 12:39   <DIR>   d--------   C:\Program Files\InterVideo
2007-12-12 12:32 . 2007-12-12 12:33   <DIR>   d--h-----   C:\Windows\msdownld.tmp
2007-12-12 12:02 . 2007-12-12 12:16   <DIR>   d--------   C:\Program Files\Common Files\PX Storage Engine
2007-12-12 11:58 . 2007-12-12 11:58   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\vlc
2007-12-12 11:56 . 2007-12-12 11:56   <DIR>   d--------   C:\Program Files\VideoLAN
2007-12-12 07:59 . 2007-12-12 07:59   77   --a------   C:\Windows\System32\8417.bat
2007-12-11 12:55 . 2007-12-11 12:55   <DIR>   d--------   C:\Program Files\Easy File Sharing Web Server
2007-12-11 11:44 . 2007-12-11 11:44   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\.wyzo
2007-12-11 10:54 . 2007-12-11 10:54   3,120   --a------   C:\Windows\System32\PMVCIH2J.ocx
2007-12-11 10:52 . 2007-12-19 11:16   <DIR>   d--------   C:\Program Files\123CopyDVD 2008
2007-12-11 10:16 . 2007-12-11 10:16   3,120   --a------   C:\Windows\System32\FGD2FH5B.ocx
2007-12-11 10:16 . 2007-12-11 10:16   3,120   --a------   C:\Windows\DF8MLHS2.ocx
2007-12-11 10:14 . 2007-12-19 11:14   <DIR>   d--------   C:\Program Files\AviSynth 2.5
2007-12-11 08:27 . 2007-12-11 08:27   77   --a------   C:\Windows\System32\5763.bat
2007-12-10 08:57 . 2007-12-10 08:57   77   --a------   C:\Windows\System32\9422.bat

dalecon5 · « **Reply #2 on:** January 08, 2008, 09:46:49 PM »

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:15   ---------   d-----w   C:\Program Files\Common Files\aol
2008-01-08 18:10   ---------   d-----w   C:\Users\Dale\AppData\Roaming\AOL
2008-01-08 18:10   ---------   d-----w   C:\ProgramData\AOL
2008-01-08 18:09   ---------   d-----w   C:\Program Files\Common Files\Nullsoft
2008-01-08 17:45   ---------   d-----w   C:\ProgramData\AOL Downloads
2008-01-08 16:31   98,304   ----a-w   C:\Windows\System32\igfxtray.exe
2008-01-08 16:31   81,920   ----a-w   C:\Windows\System32\igfxpers.exe
2008-01-08 16:31   106,496   ----a-w   C:\Windows\System32\hkcmd.exe
2008-01-07 18:22   ---------   d---a-w   C:\ProgramData\TEMP
2008-01-07 18:22   ---------   d-----w   C:\Program Files\Chainz 2 Relinked
2008-01-02 17:39   147,456   ----a-w   C:\Users\Dale\vbzip10.dll
2008-01-02 17:39   ---------   d-----w   C:\Users\Dale\AppData\Roaming\LimeWire
2008-01-02 17:34   36,864   ----a-w   C:\Users\Dale\services.exe
2007-12-28 17:20   ---------   d-----w   C:\ProgramData\CyberLink
2007-12-28 17:19   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-28 17:18   ---------   d-----w   C:\Program Files\CyberLink
2007-12-28 17:14   ---------   d-----w   C:\Program Files\LimeWire
2007-12-23 05:13   ---------   d-----w   C:\ProgramData\Viewpoint
2007-12-13 00:53   ---------   d-----w   C:\Program Files\Windows Mail
2007-12-12 21:24   704,000   ----a-w   C:\Windows\System32\PhotoScreensaver.scr
2007-12-12 21:24   67,584   ----a-w   C:\Windows\System32\wlanhlp.dll
2007-12-12 21:24   542,720   ----a-w   C:\Windows\System32\sysmain.dll
2007-12-12 21:24   502,784   ----a-w   C:\Windows\System32\wlansvc.dll
2007-12-12 21:24   47,104   ----a-w   C:\Windows\System32\wlanapi.dll
2007-12-12 21:24   297,984   ----a-w   C:\Windows\System32\wlansec.dll
2007-12-12 21:24   290,816   ----a-w   C:\Windows\System32\wlanmsm.dll
2007-12-12 21:24   28,344   ----a-w   C:\Windows\system32\drivers\battc.sys
2007-12-12 21:24   258,232   ----a-w   C:\Windows\system32\drivers\acpi.sys
2007-12-12 21:24   24,064   ----a-w   C:\Windows\System32\wtsapi32.dll
2007-12-12 21:24   20,920   ----a-w   C:\Windows\system32\drivers\compbatt.sys
2007-12-12 21:24   2,923,520   ----a-w   C:\Windows\explorer.exe
2007-12-12 21:24   2,027,008   ----a-w   C:\Windows\System32\win32k.sys
2007-12-12 21:24   14,208   ----a-w   C:\Windows\system32\drivers\CmBatt.sys
2007-12-12 21:24   11,264   ----a-w   C:\Windows\system32\drivers\wmiacpi.sys
2007-12-12 21:21   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
2007-12-12 21:21   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 21:21   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2007-12-12 21:21   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2007-12-12 21:21   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2007-12-12 21:21   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
2007-12-12 21:21   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 20:17   ---------   d-----w   C:\Program Files\DivX
2007-12-11 19:44   ---------   d-----w   C:\Users\Dale\AppData\Roaming\.wyzo
2007-12-08 00:36   ---------   d-----w   C:\ProgramData\JollyBear
2007-12-08 00:36   ---------   d-----w   C:\Program Files\DishGAMES
2007-12-06 22:42   ---------   d-----w   C:\Program Files\Common Files\AVSMedia
2007-12-06 22:42   ---------   d-----w   C:\Program Files\AVSMedia
2007-12-04 14:53   23,152   ----a-w   C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52   45,648   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51   42,912   ----a-w   C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04   837,496   ----a-w   C:\Windows\System32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\Windows\System32\AvastSS.scr
2007-11-30 00:50   4,096   ----a-w   C:\Windows\System32\sysres.dll
2007-11-30 00:50   38,567   ----a-w   C:\Windows\System32\pcpbios.exe
2007-11-29 22:30   43,528   ------w   C:\Windows\system32\drivers\pxhelp20.sys
2007-11-28 21:55   156,992   ----a-w   C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-20 23:21   ---------   d-----w   C:\Program Files\Nova Development
2007-11-20 23:20   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-11-20 22:18   ---------   d-----w   C:\Program Files\Street Challenge LLC
2007-11-20 16:57   ---------   d-----w   C:\Users\Dale\AppData\Roaming\Sonic
2007-11-20 16:56   ---------   d-----w   C:\Users\Dale\AppData\Roaming\Leadertech
2007-11-20 16:50   ---------   d-----w   C:\ProgramData\InstallShield
2007-11-20 16:48   ---------   d-----w   C:\ProgramData\Sonic
2007-11-20 16:47   ---------   d-----w   C:\Program Files\Common Files\TiVo Shared
2007-11-20 16:47   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2007-11-20 16:44   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2007-11-20 16:40   ---------   d-----w   C:\Program Files\Roxio
2007-11-19 18:44   ---------   d-----w   C:\Program Files\Invoice by Click
2007-11-19 18:43   73,216   ----a-w   C:\Windows\ST6UNST.EXE
2007-11-19 18:43   299,008   ------w   C:\Windows\Setup1.exe
2007-11-16 17:48   ---------   d-----w   C:\Program Files\bfgclient
2007-11-16 17:01   ---------   d-----w   C:\Program Files\MSECache
2007-11-13 21:32   174   --sha-w   C:\Program Files\desktop.ini
2007-11-13 21:29   ---------   d-----w   C:\Program Files\Windows Defender
2007-11-13 21:29   ---------   d-----w   C:\Program Files\Windows Calendar
2007-11-13 16:47   8,192   ----a-w   C:\Windows\System32\riched32.dll
2007-11-13 16:46   77,824   ----a-w   C:\Windows\System32\rascfg.dll
2007-11-13 16:46   70,144   ----a-w   C:\Windows\system32\drivers\pacer.sys
2007-11-13 16:46   694,784   ----a-w   C:\Windows\System32\localspl.dll
2007-11-13 16:46   619,008   ----a-w   C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-13 16:46   61,952   ----a-w   C:\Windows\system32\drivers\wanarp.sys
2007-11-13 16:46   52,736   ----a-w   C:\Windows\System32\rasdiag.dll
2007-11-13 16:46   48,640   ----a-w   C:\Windows\system32\drivers\ndproxy.sys
2007-11-13 16:46   384,000   ----a-w   C:\Windows\System32\netcfgx.dll
2007-11-13 16:46   36,864   ----a-w   C:\Windows\System32\cdd.dll
2007-11-13 16:46   33,280   ----a-w   C:\Windows\System32\traffic.dll
2007-11-13 16:46   32,768   ----a-w   C:\Windows\System32\rasmxs.dll
2007-11-13 16:46   286,208   ----a-w   C:\Windows\System32\ipnathlp.dll
2007-11-13 16:46   22,016   ----a-w   C:\Windows\System32\rasser.dll
2007-11-13 16:46   20,480   ----a-w   C:\Windows\system32\drivers\ndistapi.sys
2007-11-13 16:46   15,360   ----a-w   C:\Windows\System32\pacerprf.dll
2007-11-13 16:46   134,656   ----a-w   C:\Windows\System32\dps.dll
2007-11-13 16:46   13,824   ----a-w   C:\Windows\System32\wshqos.dll
2007-11-13 16:46   13,824   ----a-w   C:\Windows\System32\icsunattend.exe
2007-11-13 16:45   8,147,968   ----a-w   C:\Windows\System32\wmploc.DLL
2007-11-13 16:45   7,680   ----a-w   C:\Windows\System32\spwmp.dll
2007-11-13 16:45   4,096   ----a-w   C:\Windows\System32\dxmasf.dll
2007-11-13 16:45   356,864   ----a-w   C:\Windows\System32\MediaMetadataHandler.dll
2007-11-13 16:44   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2007-11-13 16:44   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
.

Code: [Select]

<pre>
----a-w            71,216 2008-01-08 15:55:58  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            52,256 2008-01-08 17:58:58  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w           761,947 2008-01-08 15:55:57  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           106,496 2008-01-08 15:55:57  C:\Windows\System32\hkcmd .exe
----a-w            81,920 2008-01-08 15:55:57  C:\Windows\System32\igfxpers .exe
----a-w            98,304 2008-01-08 15:55:57  C:\Windows\System32\igfxtray .exe
</pre>

dalecon5 · « **Reply #3 on:** January 08, 2008, 09:47:26 PM »

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:34 201728]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-17 22:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\awvtt.dll" [2007-12-28 09:26 38912]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 08:46 1006264]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-08 08:31 761948]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-08 08:31 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-08 08:31 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-08 08:31 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-08 08:31 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]

C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-11-13 08:46:57]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3B556978-10EB-4F71-A61E-A736354D1269}"= C:\Windows\system32\awvtt.dll [2007-12-28 09:26 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\Users\Dale\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-03-20 17:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 17:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 06:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService   REG_MULTI_SZ     nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted   REG_MULTI_SZ     hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8dcedce-8fe4-11dc-bc4f-00038a000015}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 17:08:05 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-08 17:58:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-08 17:58:49 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 12:32:24
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
-> C:\Windows\system32\awvtt.dll

PROCESS: C:\Windows\Explorer.EXE [6.00.6000.16549]
-> C:\Windows\system32\awvtt.dll
.
Completion time: 2008-01-08 12:37:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 20:37:20
.
2008-01-07 22:31:35   --- E O F ---

dalecon5 · « **Reply #4 on:** January 08, 2008, 09:48:25 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:29 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\aol\1199815578\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.0\waol.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partsplusportal.com/login-pp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awvtt.dll,#1
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6289 bytes

essexboy · « **Reply #5 on:** January 08, 2008, 09:58:43 PM »

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote

File::
C:\Windows\System32\awvtt.dll
C:\Windows\System32\opnli.dll
C:\Windows\System32\7631.bat
C:\Windows\System32\7952.bat
C:\Windows\System32\9510.bat
C:\Windows\System32\3730.bat
C:\Windows\System32\8915.bat
C:\Windows\System32\5003.bat
C:\Windows\System32\2106.bat
C:\Windows\System32\2029.bat
C:\Windows\System32\8933.bat
C:\Windows\System32\5032.bat
C:\Windows\553VKVT8.ocx
C:\Windows\System32\6879.bat
C:\Windows\System32\1771.bat
C:\Windows\System32\1228.bat
C:\Windows\System32\1546.bat
C:\Windows\System32\8210.bat
C:\Windows\System32\4661.bat
c:\Windows\System32\8019.bat
C:\Windows\System32\7012.bat
C:\Windows\System32\2809.bat
C:\Windows\System32\5763.bat
C:\Windows\System32\9422.bat

RENV::
<pre>
----a-w 71,216 2008-01-08 15:55:58 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 52,256 2008-01-08 17:58:58 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w 761,947 2008-01-08 15:55:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 106,496 2008-01-08 15:55:57 C:\Windows\System32\hkcmd .exe
----a-w 81,920 2008-01-08 15:55:57 C:\Windows\System32\igfxpers .exe
----a-w 98,304 2008-01-08 15:55:57 C:\Windows\System32\igfxtray .exe
</pre>

Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{3B556978-10EB-4F71-A61E-A736354D1269}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

dalecon5 · « **Reply #6 on:** January 08, 2008, 10:29:20 PM »

ComboFix 08-01-07.5 - Dale 2008-01-08 13:23:38.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1325 [GMT -8:00]
Running from: C:\Users\Dale\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 12:24 . 2000-08-31 08:00   51,200   --a------   C:\Windows\NirCmd.exe
2008-01-08 11:59 . 2008-01-08 11:59   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58   <DIR>   d--------   C:\Users\All Users\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58   <DIR>   d--------   C:\ProgramData\Grisoft
2008-01-08 11:58 . 2007-05-30 04:10   10,872   --a------   C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 10:08 . 2008-01-08 09:41   54,832   --a------   C:\Windows\System32\AOLParconLink.exe
2008-01-08 10:06 . 2008-01-08 10:09   <DIR>   d--------   C:\Program Files\Common Files\aolshare
2008-01-08 10:06 . 2008-01-08 12:32   <DIR>   d--------   C:\Program Files\AOL 9.0
2008-01-08 09:55 . 2008-01-08 09:55   4   --a------   C:\Windows\msoffice.ini
2008-01-08 09:10 . 2008-01-08 09:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-08 08:33 . 2008-01-08 13:25   4,712   --a------   C:\Windows\System32\Config.MPF
2008-01-08 08:32 . 2008-01-08 08:32   <DIR>   d--------   C:\mcafee_mcpr
2008-01-08 08:32 . 2007-03-02 14:17   120,360   --a------   C:\Windows\System32\drivers\Mpfp.sys
2008-01-08 08:31 . 2008-01-08 08:32   <DIR>   d--------   C:\Program Files\McAfee.com
2008-01-08 08:31 . 2008-01-08 09:59   <DIR>   d--------   C:\Program Files\McAfee
2008-01-08 08:31 . 2008-01-08 08:32   <DIR>   d--------   C:\Program Files\Common Files\McAfee
2008-01-08 08:26 . 2008-01-08 08:33   <DIR>   d--------   C:\Users\All Users\McAfee
2008-01-08 08:26 . 2008-01-08 08:33   <DIR>   d--------   C:\ProgramData\McAfee
2008-01-04 07:46 . 2008-01-04 07:46   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-01-03 09:35 . 2008-01-03 09:35   <DIR>   d--------   C:\Users\All Users\Office Genuine Advantage
2008-01-03 09:35 . 2008-01-03 09:35   <DIR>   d--------   C:\ProgramData\Office Genuine Advantage
2008-01-03 08:56 . 2008-01-04 07:51   376   --a------   C:\Windows\ODBC.INI
2008-01-03 08:52 . 2008-01-04 07:46   <DIR>   d--------   C:\Windows\ShellNew
2008-01-02 09:33 . 2008-01-08 07:55   106,496   --a------   C:\Windows\System32\hkcmd.exe
2008-01-02 09:33 . 2008-01-08 07:55   98,304   --a------   C:\Windows\System32\igfxtray.exe
2008-01-02 09:33 . 2008-01-08 07:55   81,920   --a------   C:\Windows\System32\igfxpers.exe
2007-12-28 09:29 . 2007-12-28 09:29   <DIR>   d--------   C:\Users\Public\CyberLink
2007-12-28 09:21 . 2007-12-28 09:21   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\CyberLink
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\Users\All Users\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\ProgramData\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27   <DIR>   d--------   C:\Program Files\Diskeeper Corporation
2007-12-26 12:17 . 2007-12-26 12:18   <DIR>   d--------   C:\Users\Dale\Diskeeper
2007-12-24 08:22 . 2007-12-24 08:22   <DIR>   d--------   C:\Program Files\Coupons
2007-12-23 08:48 . 2008-01-08 13:17   50,912   --a------   C:\VETlog.dmp
2007-12-21 07:51 . 2007-12-21 07:51   <DIR>   d--------   C:\Program Files\Empire Interactive
2007-12-20 09:03 . 2007-12-20 09:03   254   --a------   C:\Windows\dellstat.ini
2007-12-14 08:11 . 2007-12-14 08:11   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-12-12 13:23 . 2007-12-12 13:23   1,327,104   --a------   C:\Windows\System32\quartz.dll
2007-12-12 13:23 . 2007-12-12 13:23   223,232   --a------   C:\Windows\System32\WMASF.DLL
2007-12-12 13:23 . 2007-12-12 13:23   9,728   --a------   C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:23 . 2007-12-12 13:23   2,048   --a------   C:\Windows\System32\asferror.dll
2007-12-12 13:19 . 2007-12-12 13:19   3,504,824   --a------   C:\Windows\System32\ntkrnlpa.exe
2007-12-12 13:19 . 2007-12-12 13:19   3,470,520   --a------   C:\Windows\System32\ntoskrnl.exe
2007-12-12 13:19 . 2007-12-12 13:19   2,048   --a------   C:\Windows\System32\tzres.dll
2007-12-12 13:11 . 2007-12-12 13:11   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\InterVideo
2007-12-12 12:55 . 2007-12-12 12:56   <DIR>   d--------   C:\Program Files\QuickTime
2007-12-12 12:55 . 2007-12-12 12:55   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-12-12 12:42 . 2007-12-12 12:55   <DIR>   d--------   C:\Users\All Users\Apple Computer
2007-12-12 12:42 . 2007-12-12 12:55   <DIR>   d--------   C:\ProgramData\Apple Computer
2007-12-12 12:41 . 2007-12-12 12:41   <DIR>   d--------   C:\Program Files\InterVideo Information Service
2007-12-12 12:41 . 2007-12-12 12:41   <DIR>   d--------   C:\Program Files\Common Files\Ulead
2007-12-12 12:41 . 2006-05-11 18:41   654   ---------   C:\Windows\remove.iss
2007-12-12 12:38 . 2007-12-12 12:39   <DIR>   d--------   C:\Program Files\InterVideo
2007-12-12 12:32 . 2007-12-12 12:33   <DIR>   d--h-----   C:\Windows\msdownld.tmp
2007-12-12 12:02 . 2007-12-12 12:16   <DIR>   d--------   C:\Program Files\Common Files\PX Storage Engine
2007-12-12 11:58 . 2007-12-12 11:58   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\vlc
2007-12-12 11:56 . 2007-12-12 11:56   <DIR>   d--------   C:\Program Files\VideoLAN
2007-12-12 07:59 . 2007-12-12 07:59   77   --a------   C:\Windows\System32\8417.bat
2007-12-11 12:55 . 2007-12-11 12:55   <DIR>   d--------   C:\Program Files\Easy File Sharing Web Server
2007-12-11 11:44 . 2007-12-11 11:44   <DIR>   d--------   C:\Users\Dale\AppData\Roaming\.wyzo
2007-12-11 10:54 . 2007-12-11 10:54   3,120   --a------   C:\Windows\System32\PMVCIH2J.ocx
2007-12-11 10:52 . 2007-12-19 11:16   <DIR>   d--------   C:\Program Files\123CopyDVD 2008
2007-12-11 10:16 . 2007-12-11 10:16   3,120   --a------   C:\Windows\System32\FGD2FH5B.ocx
2007-12-11 10:16 . 2007-12-11 10:16   3,120   --a------   C:\Windows\DF8MLHS2.ocx
2007-12-11 10:14 . 2007-12-19 11:14   <DIR>   d--------   C:\Program Files\AviSynth 2.5

dalecon5 · « **Reply #7 on:** January 08, 2008, 10:30:04 PM »

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:15   ---------   d-----w   C:\Program Files\Common Files\aol
2008-01-08 18:10   ---------   d-----w   C:\Users\Dale\AppData\Roaming\AOL
2008-01-08 18:10   ---------   d-----w   C:\ProgramData\AOL
2008-01-08 18:09   ---------   d-----w   C:\Program Files\Common Files\Nullsoft
2008-01-08 17:45   ---------   d-----w   C:\ProgramData\AOL Downloads
2008-01-07 18:22   ---------   d---a-w   C:\ProgramData\TEMP
2008-01-07 18:22   ---------   d-----w   C:\Program Files\Chainz 2 Relinked
2008-01-02 17:39   147,456   ----a-w   C:\Users\Dale\vbzip10.dll
2008-01-02 17:39   ---------   d-----w   C:\Users\Dale\AppData\Roaming\LimeWire
2008-01-02 17:34   36,864   ----a-w   C:\Users\Dale\services.exe
2007-12-28 17:20   ---------   d-----w   C:\ProgramData\CyberLink
2007-12-28 17:19   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-28 17:18   ---------   d-----w   C:\Program Files\CyberLink
2007-12-28 17:14   ---------   d-----w   C:\Program Files\LimeWire
2007-12-23 05:13   ---------   d-----w   C:\ProgramData\Viewpoint
2007-12-13 00:53   ---------   d-----w   C:\Program Files\Windows Mail
2007-12-12 21:24   704,000   ----a-w   C:\Windows\System32\PhotoScreensaver.scr
2007-12-12 21:24   67,584   ----a-w   C:\Windows\System32\wlanhlp.dll
2007-12-12 21:24   542,720   ----a-w   C:\Windows\System32\sysmain.dll
2007-12-12 21:24   502,784   ----a-w   C:\Windows\System32\wlansvc.dll
2007-12-12 21:24   47,104   ----a-w   C:\Windows\System32\wlanapi.dll
2007-12-12 21:24   297,984   ----a-w   C:\Windows\System32\wlansec.dll
2007-12-12 21:24   290,816   ----a-w   C:\Windows\System32\wlanmsm.dll
2007-12-12 21:24   28,344   ----a-w   C:\Windows\system32\drivers\battc.sys
2007-12-12 21:24   258,232   ----a-w   C:\Windows\system32\drivers\acpi.sys
2007-12-12 21:24   24,064   ----a-w   C:\Windows\System32\wtsapi32.dll
2007-12-12 21:24   20,920   ----a-w   C:\Windows\system32\drivers\compbatt.sys
2007-12-12 21:24   2,923,520   ----a-w   C:\Windows\explorer.exe
2007-12-12 21:24   2,027,008   ----a-w   C:\Windows\System32\win32k.sys
2007-12-12 21:24   14,208   ----a-w   C:\Windows\system32\drivers\CmBatt.sys
2007-12-12 21:24   11,264   ----a-w   C:\Windows\system32\drivers\wmiacpi.sys
2007-12-12 21:21   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
2007-12-12 21:21   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 21:21   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2007-12-12 21:21   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2007-12-12 21:21   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2007-12-12 21:21   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
2007-12-12 21:21   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 20:17   ---------   d-----w   C:\Program Files\DivX
2007-12-11 19:44   ---------   d-----w   C:\Users\Dale\AppData\Roaming\.wyzo
2007-12-08 00:36   ---------   d-----w   C:\ProgramData\JollyBear
2007-12-08 00:36   ---------   d-----w   C:\Program Files\DishGAMES
2007-12-06 22:42   ---------   d-----w   C:\Program Files\Common Files\AVSMedia
2007-12-06 22:42   ---------   d-----w   C:\Program Files\AVSMedia
2007-12-04 14:53   23,152   ----a-w   C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52   45,648   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51   42,912   ----a-w   C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04   837,496   ----a-w   C:\Windows\System32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\Windows\System32\AvastSS.scr
2007-11-30 00:50   4,096   ----a-w   C:\Windows\System32\sysres.dll
2007-11-30 00:50   38,567   ----a-w   C:\Windows\System32\pcpbios.exe
2007-11-29 22:30   43,528   ------w   C:\Windows\system32\drivers\pxhelp20.sys
2007-11-28 21:55   156,992   ----a-w   C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-20 23:21   ---------   d-----w   C:\Program Files\Nova Development
2007-11-20 23:20   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-11-20 22:18   ---------   d-----w   C:\Program Files\Street Challenge LLC
2007-11-20 16:57   ---------   d-----w   C:\Users\Dale\AppData\Roaming\Sonic
2007-11-20 16:56   ---------   d-----w   C:\Users\Dale\AppData\Roaming\Leadertech
2007-11-20 16:50   ---------   d-----w   C:\ProgramData\InstallShield
2007-11-20 16:48   ---------   d-----w   C:\ProgramData\Sonic
2007-11-20 16:47   ---------   d-----w   C:\Program Files\Common Files\TiVo Shared
2007-11-20 16:47   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2007-11-20 16:44   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2007-11-20 16:40   ---------   d-----w   C:\Program Files\Roxio
2007-11-19 18:44   ---------   d-----w   C:\Program Files\Invoice by Click
2007-11-19 18:43   73,216   ----a-w   C:\Windows\ST6UNST.EXE
2007-11-19 18:43   299,008   ------w   C:\Windows\Setup1.exe
2007-11-16 17:48   ---------   d-----w   C:\Program Files\bfgclient
2007-11-16 17:01   ---------   d-----w   C:\Program Files\MSECache
2007-11-13 21:32   174   --sha-w   C:\Program Files\desktop.ini
2007-11-13 21:29   ---------   d-----w   C:\Program Files\Windows Defender
2007-11-13 21:29   ---------   d-----w   C:\Program Files\Windows Calendar
2007-11-13 16:47   8,192   ----a-w   C:\Windows\System32\riched32.dll
2007-11-13 16:46   77,824   ----a-w   C:\Windows\System32\rascfg.dll
2007-11-13 16:46   70,144   ----a-w   C:\Windows\system32\drivers\pacer.sys
2007-11-13 16:46   694,784   ----a-w   C:\Windows\System32\localspl.dll
2007-11-13 16:46   619,008   ----a-w   C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-13 16:46   61,952   ----a-w   C:\Windows\system32\drivers\wanarp.sys
2007-11-13 16:46   52,736   ----a-w   C:\Windows\System32\rasdiag.dll
2007-11-13 16:46   48,640   ----a-w   C:\Windows\system32\drivers\ndproxy.sys
2007-11-13 16:46   384,000   ----a-w   C:\Windows\System32\netcfgx.dll
2007-11-13 16:46   36,864   ----a-w   C:\Windows\System32\cdd.dll
2007-11-13 16:46   33,280   ----a-w   C:\Windows\System32\traffic.dll
2007-11-13 16:46   32,768   ----a-w   C:\Windows\System32\rasmxs.dll
2007-11-13 16:46   286,208   ----a-w   C:\Windows\System32\ipnathlp.dll
2007-11-13 16:46   22,016   ----a-w   C:\Windows\System32\rasser.dll
2007-11-13 16:46   20,480   ----a-w   C:\Windows\system32\drivers\ndistapi.sys
2007-11-13 16:46   15,360   ----a-w   C:\Windows\System32\pacerprf.dll
2007-11-13 16:46   134,656   ----a-w   C:\Windows\System32\dps.dll
2007-11-13 16:46   13,824   ----a-w   C:\Windows\System32\wshqos.dll
2007-11-13 16:46   13,824   ----a-w   C:\Windows\System32\icsunattend.exe
2007-11-13 16:45   8,147,968   ----a-w   C:\Windows\System32\wmploc.DLL
2007-11-13 16:45   7,680   ----a-w   C:\Windows\System32\spwmp.dll
2007-11-13 16:45   4,096   ----a-w   C:\Windows\System32\dxmasf.dll
2007-11-13 16:45   356,864   ----a-w   C:\Windows\System32\MediaMetadataHandler.dll
2007-11-13 16:44   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2007-11-13 16:44   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2007-11-13 16:44   4,247,552   ----a-w   C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-13 16:44   229,888   ----a-w   C:\Windows\System32\msshsq.dll
2007-11-13 16:44   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
.

dalecon5 · « **Reply #8 on:** January 08, 2008, 10:30:46 PM »

((((((((((((((((((((((((((((( snapshot@2008-01-08_12.36.21.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 20:31:49   67,584   --s-a-w   C:\Windows\bootstat.dat
+ 2008-01-08 21:15:57   67,584   --s-a-w   C:\Windows\bootstat.dat
- 2008-01-08 20:32:06   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-08 21:18:39   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-01-08 20:32:06   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-08 21:25:22   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-08 21:25:22   262,144   ---ha-w   C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-08 19:59:09   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-08 21:19:33   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-08 19:59:09   81,920   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-08 21:19:33   81,920   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-08 19:59:09   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-08 21:19:33   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-08 18:05:55   104,024   ----a-w   C:\Windows\System32\perfc009.dat
+ 2008-01-08 21:22:01   104,024   ----a-w   C:\Windows\System32\perfc009.dat
- 2008-01-08 18:05:55   618,648   ----a-w   C:\Windows\System32\perfh009.dat
+ 2008-01-08 21:22:01   618,648   ----a-w   C:\Windows\System32\perfh009.dat
- 2008-01-08 18:01:31   6,104   ----a-w   C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2327955247-1941978558-2415635277-1000_UserData.bin
+ 2008-01-08 21:19:18   6,622   ----a-w   C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2327955247-1941978558-2415635277-1000_UserData.bin
- 2008-01-08 18:01:31   49,076   ----a-w   C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-08 21:19:17   49,760   ----a-w   C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:34 201728]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-17 22:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 08:46 1006264]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-08 07:55 761947]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-08 07:55 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-08 07:55 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-08 07:55 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-08 07:55 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]

C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-11-13 08:46:57]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-03-20 17:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-03-20 17:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 06:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 06:52]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 23:30]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 10:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService   REG_MULTI_SZ     nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted   REG_MULTI_SZ     hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8dcedce-8fe4-11dc-bc4f-00038a000015}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 17:08:05 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-08 17:58:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-08 17:58:49 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 13:25:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 13:26:52
ComboFix-quarantined-files.txt 2008-01-08 21:26:46
ComboFix2.txt 2008-01-08 21:19:18
ComboFix3.txt 2008-01-08 20:37:30
.
2008-01-07 22:31:35   --- E O F ---

dalecon5 · « **Reply #9 on:** January 08, 2008, 10:31:46 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:03 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\aol\1199815578\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.0\waol.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partsplusportal.com/login-pp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6212 bytes

essexboy · « **Reply #10 on:** January 09, 2008, 11:46:11 AM »

Your logs look clean now. How is it running ?

Author Topic: dalecon5 (Read 5707 times)

essexboy

dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

essexboy

Re: dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

dalecon5

Re: dalecon5

essexboy

Re: dalecon5