help required
 

hi, my computer has aquired a virus of some kind, i am inundated with pop ups, re directed on searches etc. I installed webroot spy sweeper prosearching.com appeared but was quarantined however the problem remains. the following is my hijackthis log. please help, all help much appreciated, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:26, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKLM\..\Policies\Explorer\Run: [9WkqTfjoCX] rundll32.exe "C:\WINDOWS\nargryxu.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9039 bytes

Re: help required
 

hi, just did another hjt as my pc got worse. this is the current log, so please disregard the previous. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:07, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKLM\..\Policies\Explorer\Run: [9WkqTfjoCX] rundll32.exe "C:\WINDOWS\nargryxu.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9541 bytes

Re: help required
 

Hi pete17 and welcome to DaniWeb

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Re: help required
 

hi there MoralTerror thanks for the reply, the following is the combo fix log followed by the hjt log. just thought i'd mention when combofix rebooted and was preparing the log my ad-aware came on which i quickly disabled. dont know whether this will affect the log or not. thanks - here goes,

ComboFix 08-03-03.6 - Asif 2008-03-03 13:03:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\fcvidgzm.dll
C:\Documents and Settings\Asif\Application Data\AntiSpywareBot
C:\Documents and Settings\Asif\Application Data\AntiSpywareBot\Log\2008 Feb 29 - 06_37_34 PM_835.log
C:\Documents and Settings\Asif\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Asif\Application Data\AntiSpywareBot\Settings\ScanResults.pie
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\ecurit~1\?ecurity\
C:\Program Files\version.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\cpahkpsz.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\9WkqTfjoCXwp.exe
C:\WINDOWS\system32\akeukltk.ini
C:\WINDOWS\system32\bdbrveca.dll
C:\WINDOWS\system32\cjbciafm.dll
C:\WINDOWS\system32\dugdywwl.ini
C:\WINDOWS\system32\elhipqmh.dll
C:\WINDOWS\system32\gudjdbqb.dll
C:\WINDOWS\system32\hsmyfsfn.dll
C:\WINDOWS\system32\ihhprcvr.ini
C:\WINDOWS\system32\jaiufxlq.ini
C:\WINDOWS\system32\jkkhhih.dll
C:\WINDOWS\system32\jkvfwqrr.ini
C:\WINDOWS\system32\ktlkueka.dll
C:\WINDOWS\system32\ldhrhpat.ini
C:\WINDOWS\system32\lwwydgud.dll
C:\WINDOWS\system32\mctxhnau.dll
C:\WINDOWS\system32\mfaicbjc.ini
C:\WINDOWS\system32\onnpo.ini
C:\WINDOWS\system32\onnpo.ini2
C:\WINDOWS\system32\opnno.dll
C:\WINDOWS\system32\qlxfuiaj.dll
C:\WINDOWS\system32\rrqwfvkj.dll
C:\WINDOWS\system32\rvcrphhi.dll
C:\WINDOWS\system32\sinasucu.dll
C:\WINDOWS\system32\taebqytw.ini
C:\WINDOWS\system32\taphrhdl.dll
C:\WINDOWS\system32\ufjemlxn.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-03 13:11 . 2008-03-03 13:11 <DIR> d-------- C:\WINDOWS\PerfInfo
2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-01 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-29 00:07 . 2008-02-29 00:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-27 23:21 . 2008-02-27 23:21 <DIR> d-------- C:\WINDOWS\ifbkcsif
2008-02-27 23:21 . 2008-02-27 23:21 3,801,830 --a------ C:\WINDOWS\9WkqTfjoCX.exe
2008-02-27 23:21 . 2008-02-27 23:21 187,904 --a------ C:\WINDOWS\nargryxu.dll
2008-02-27 23:21 . 2008-02-27 23:21 89,107 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-02-27 23:21 . 2008-02-27 23:21 89,107 --a------ C:\WINDOWS\rijidgne.exe
2008-02-27 23:21 . 2008-02-27 23:21 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-27 23:20 . 2008-02-27 23:20 46,592 --a------ C:\WINDOWS\obmnateh.exe
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-27 09:12 . 2008-03-02 13:55 99,436 --a------ C:\WINDOWS\BMbfd2f053.xml
2008-02-27 09:12 . 2008-03-03 09:18 22 --a------ C:\WINDOWS\pskt.ini
2008-02-25 11:19 . 2008-02-25 11:42 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\WINDOWS\RegCure
2008-02-04 12:05 . 2008-02-04 12:05 <DIR> d-------- C:\Program Files\iPod
2008-02-04 12:01 . 2008-02-04 12:03 <DIR> d-------- C:\Program Files\QuickTime
2008-02-04 12:00 . 2008-02-04 12:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-04 11:59 . 2008-02-04 11:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-04 11:59 . 2008-02-04 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:03 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12 517632]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BBC News alerts"="D:\Program Files\BBC News alerts\skinkers.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="D:\Program Files\qttask.exe" [ ]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"9WkqTfjoCX"= rundll32.exe "C:\WINDOWS\nargryxu.dll",DllCleanServer

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffcaw]
iiffcaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmoy32]
winmoy32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Asif\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2005-05-25 11:12 517632 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BBC News alerts]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 d:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 14:29 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]
S3 pohci13F;pohci13F;C:\DOCUME~1\Asif\LOCALS~1\Temp\pohci13F.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 13:12:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-03 13:14:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 13:14:40
.
2008-02-13 12:12:58 --- E O F ---



HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:00, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKLM\..\Policies\Explorer\Run: [9WkqTfjoCX] rundll32.exe "C:\WINDOWS\nargryxu.dll",DllCleanServer
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iiffcaw - iiffcaw.dll (file missing)
O20 - Winlogon Notify: winmoy32 - winmoy32.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9871 bytes

Re: help required
 

Hi pete

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -



Remember to close all other windows and click Fix Checked

-------------------------------


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


Attachment 5300

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

-------------------------------

Upload this file C:\WINDOWS\system32\windrv.sys to http://virusscan.jotti.org/ and submit it. Wait for the analysis and post it here in your next reply.

-------------------------------
Required Logs

c:\ComboFix.txt
Kaspersky report
Jotti results
new HijackThis log << taken after the online scan


Please also provide an update on system behaviour

Re: help required
 

hi there, since i performed the combifix the pc has been running fine, no popups at all, i'm over the moon thanks very much. i did do what you told me to on the last reply though. the results of the hjt show prosearching but even when i fix them they still appear on the next scan, but still pc is fine. i ran the combofix as prescribed. when i ran the kaspersky online scan, because it was going to take some time , i went to bed. after a few hours sleep checked pc and xoftspy se had performed a scan, dont no how that happened.so i closed it. the kaspersky had done the scan but there was no option to save a log report. it had found 7 viruses and 63 suspicious objects but no report other than that. when i clicked stop scan (which was the only button to click) pop up said you have not saved scan report do you want to continue, checked again but no save report anywhere, so unfortunately had to close it with no report. that was a shame as it had ran for 4.5 hours. i ran the jotti scan on the file you mentioned except my file did noy have the .sys at the end of it. the scan came clear as the results show but at the bottom of the jotti page was some other report but i am not sure whether it applies to my pc as therr was a similar report before the scan, not sure if it was the same, dont think it was. sorry for the long winded report but look forward to your reply. thanks in the meantime, pc still running fine
start with the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:12:26, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9993 bytes






the results of the combifix

ComboFix 08-03-03.6 - Asif 2008-03-03 21:13:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.248 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Asif\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\9WkqTfjoCX.exe
C:\WINDOWS\BMbfd2f053.xml
C:\WINDOWS\nargryxu.dll
C:\WINDOWS\obmnateh.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\rijidgne.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\scan.log
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\WINDOWS\9WkqTfjoCX.exe
C:\WINDOWS\BMbfd2f053.xml
C:\WINDOWS\ifbkcsif
C:\WINDOWS\ifbkcsif\1.png
C:\WINDOWS\ifbkcsif\2.png
C:\WINDOWS\ifbkcsif\3.png
C:\WINDOWS\ifbkcsif\4.png
C:\WINDOWS\ifbkcsif\5.png
C:\WINDOWS\ifbkcsif\6.png
C:\WINDOWS\ifbkcsif\7.png
C:\WINDOWS\ifbkcsif\8.png
C:\WINDOWS\ifbkcsif\9.png
C:\WINDOWS\ifbkcsif\bottom-rc.gif
C:\WINDOWS\ifbkcsif\config.png
C:\WINDOWS\ifbkcsif\content.png
C:\WINDOWS\ifbkcsif\download.gif
C:\WINDOWS\ifbkcsif\frame-bg.gif
C:\WINDOWS\ifbkcsif\frame-bottom-left.gif
C:\WINDOWS\ifbkcsif\frame-h1bg.gif
C:\WINDOWS\ifbkcsif\head.png
C:\WINDOWS\ifbkcsif\icon.png
C:\WINDOWS\ifbkcsif\indexwp.html
C:\WINDOWS\ifbkcsif\main.css
C:\WINDOWS\ifbkcsif\memory-prots.png
C:\WINDOWS\ifbkcsif\net.png
C:\WINDOWS\ifbkcsif\pc-mag.gif
C:\WINDOWS\ifbkcsif\pc.gif
C:\WINDOWS\ifbkcsif\poloska1.png
C:\WINDOWS\ifbkcsif\poloska2.png
C:\WINDOWS\ifbkcsif\poloska3.png
C:\WINDOWS\ifbkcsif\promowp1.html
C:\WINDOWS\ifbkcsif\promowp2.html
C:\WINDOWS\ifbkcsif\promowp3.html
C:\WINDOWS\ifbkcsif\promowp4.html
C:\WINDOWS\ifbkcsif\promowp5.html
C:\WINDOWS\ifbkcsif\reg.png
C:\WINDOWS\ifbkcsif\repair.png
C:\WINDOWS\ifbkcsif\scr-1.png
C:\WINDOWS\ifbkcsif\scr-2.png
C:\WINDOWS\ifbkcsif\start.png
C:\WINDOWS\ifbkcsif\styles.css
C:\WINDOWS\ifbkcsif\Thumbs.db
C:\WINDOWS\ifbkcsif\top-rc.gif
C:\WINDOWS\ifbkcsif\vline.gif
C:\WINDOWS\ifbkcsif\wp.png
C:\WINDOWS\nargryxu.dll
C:\WINDOWS\obmnateh.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\9WkqTfjoCXwp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\rijidgne.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POHCI13F
-------\pohci13F


((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-01 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-25 11:19 . 2008-02-25 11:42 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\WINDOWS\RegCure
2008-02-04 12:05 . 2008-02-04 12:05 <DIR> d-------- C:\Program Files\iPod
2008-02-04 12:01 . 2008-02-04 12:03 <DIR> d-------- C:\Program Files\QuickTime
2008-02-04 12:00 . 2008-02-04 12:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-04 11:59 . 2008-02-04 11:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-04 11:59 . 2008-02-04 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:03 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12 517632]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BBC News alerts"="D:\Program Files\BBC News alerts\skinkers.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="D:\Program Files\qttask.exe" [ ]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Asif\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2005-05-25 11:12 517632 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 d:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 14:29 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 21:18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-03 21:21:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 21:21:08
ComboFix2.txt 2008-03-03 13:14:47
.
2008-02-13 12:12:58 --- E O F ---


jotti scan results

Scan taken on 04 Mar 2008 05:00:38 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing




the other info at the bottom of the jotti page;

Last file scanned at least one scanner reported something about: bxlrvps.dll (MD5: 868f972e28faa7aad561ae97de2a30bb, size: 323584 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir ADSPY/Agent.PB
ArcaVir Adware.Vapsup.Bvr
Avast Win32:Agent-LTS
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web Trojan.Mutastik
F-Prot Antivirus X
F-Secure Anti-Virus not-a-virus:AdWare.Win32.Vapsup.bvr (4, 1, 400)
Fortinet X
Ikarus Virus.Win32.Agent.LTS
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.Vapsup.bvr
NOD32 a variant of Win32/Adware.Vapsup.X application
Norman Virus Control W32/Vapsup.BCX
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Downloader.Zlob.7

Re: help required
 

Hi pete

I see no evidence of an Anti-virus program on board. Please install update and run an Anti-virus (or if you do have 1 make sure it is enabled). Here are some links for anti-virus software.

AVG
Avast
BitDefender Free Edition v7.2

*NOTE It is important you only have 1 anti-virus program running.

---------------------------------------

Please disable the following programs (and your anti-virus program) so they don't interfere with the fixes. You can re-enable them again after completing the steps in this post.

AD-AWARE AD-WATCH

• Right click on the Ad-Watch icon in the system tray.
• At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
  • Active: This will turn Ad-Watch On\Off without closing it.
  • Automatic: Suspicious activity will be blocked automatically.
• Uncheck both of those boxes.
• (When done, you can re-enable it using the same steps but this time check both boxes.)

AVG ANTI-SPYWARE

• Launch AVG Anti-Spyware.
• From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
• Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

SPY SWEEPER

• Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".
• On the left click "shields" and then uncheck everything there.
• Uncheck "home page shield".
• Uncheck "automatically restore default without notification".
• Exit the program.
• (When we are done, you can re-enable it using the same steps but this time reverse them.)

---------------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe


Remember to close all other windows and click Fix Checked

---------------------------------------

Please re-scan at Kaspersky, once the scan has completed the 'Stop Scan' button will no longer be available and the 'Save Report' button will be active. Leaving your other security programs disabled may speed the scan up a bit. You can disconnect from the internet once the scan has started, remember to re-connect BEFORE clicking on Save Report.

---------------------------------------
Required Logs

Kaspersky report
new HijackThis log

Re: help required
 

hi. installed and ran avg anti virus and then hjt (log below). i then ran kaspersky again but as before does not give me an option to save the report. it indicates that the scan has been 'done' but the stop scan button is the only option to click. at the bottom of the windows page appears the yellow warning sign followed by error on page. the number of viruses found has decreased to 6 and number of infected to 17 down from 63


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:22, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9460 bytes

Re: help required
 

OK pete try this one

• Please go to the following link ESET Online Scanner Link
• Tick the box YES, I accept the Terms Of Use
• Click the Start button
• Now click the Install button
• Click Start
  
  The scanner engine will initialise and update
  
• Do Not tick the box Remove found threats
• Click the Scan button
  
  The scan will now run, please be patient
  
• When the scan finishes click the Details tab
• Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

Re: help required
 

hi, results of eset scan are, 2 threats found. clicked details to reveal;

Win32/Adware.Virtumonde application
C\:QooBox\Quarantine\C\Windows\system32\jkkhhih.dll.vir

Win32/Adware.UltimateDefender application
C:\QooBox\Quarantine\C\Windows\9WkgTfjoCX.exe.vir

it would not allow copy & paste so typed the above in and no sign of, %ProgramFiles%\EsetOnlineScanner\log.txt

would it be ok for me to use my ebay account and access my online bank account now?
much thanks

Re: help required
 

Hi pete

Yes it's ok your logs are clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. UNINSTALL COMBOFIX
   This process will also perform some final cleanup steps
   Click Start > Run and type ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
   
   
   
4. Microsoft Windows Update
   Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
   
5. SPYBOT - SEARCH & DESTROY
   Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
   
   
   
6. AD-AWARE
   Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• Google Toolbar - Get the free google toolbar to help stop pop up windows.
  
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
  
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

If there are no more issues please mark this thread as resolved.

Re: help required
 

hi MoralTerror, thanks for all your help, very much appreciated i will follow your latest advice fastidiously. many thanks once again

Re: help required
 

your very welcome, glad we could help

Re: help required
 

Hi pete

Regarding your PM please post a new HijackThis log.

Please also download an updated version of ComboFix.exe from any of the links below, and save it to your desktop. (Remember to delete your existing copy 1st if you haven't already)

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Re: help required
 

hi, thanks for the reply. here are the logs

ComboFix 08-03-05.1 - Asif 2008-03-05 18:50:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-05 18:45 . 2004-08-03 23:56 388,608 --a------ C:\CF24114.exe
2008-03-05 18:43 . 2008-03-05 18:43 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\WinPatrol
2008-03-05 17:43 . 2008-03-05 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 19:10 . 2008-03-04 19:10 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-03-04 17:17 . 2008-03-05 01:44 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-03-04 09:20 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-04 09:20 . 2008-03-05 09:11 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\AVG7
2008-03-04 09:20 . 2008-03-04 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-25 11:19 . 2008-02-25 11:42 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\WINDOWS\RegCure
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:05 --------- d-----w C:\Program Files\iPod
2008-02-04 12:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 12:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-04 11:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-04 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12 517632]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BBC News alerts"="D:\Program Files\BBC News alerts\skinkers.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 09:22 579072]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [ ]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="D:\Program Files\qttask.exe" [ ]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 09:20 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Asif\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2005-05-25 11:12 517632 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BBC News alerts]
D:\Program Files\BBC News alerts\skinkers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 d:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 14:29 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 12:00:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 17:29:17 C:\WINDOWS\Tasks\RegCure Program Check.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-02-06 21:16:22 C:\WINDOWS\Tasks\RegCure.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-03-05 17:29:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-04 04:46:17 C:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 18:54:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-05 18:55:25
ComboFix-quarantined-files.txt 2008-03-05 18:55:20
ComboFix2.txt 2008-03-03 21:21:14
.
2008-02-13 12:12:58 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:26, on 05/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11038 bytes

Re: help required
 

Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here.

Re: help required
 

hi, as requested

Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
AXIS Media Control
Creative DMP Drivers
Creative MediaSource
Creative System Information
DivX Content Uploader
DivX Web Player
ElsaWin
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Web-To-Page
ERUNT 1.1j
ESC46 Reference Guide
ESC46 Software Guide
ESET Online Scanner
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Image Converter 3
ISO Compressor by Winnydows
iTunes
Java(TM) 6 Update 3
Kaspersky Online Scanner
Korean Fonts Support For Adobe Reader 8
Letts Maths Explorer
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Ultra Edition
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Manual NW-A800 Series
PSP ISO Compressor
QuickTime
RegCure
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SonicStage 4.3
Sony Video Shared Library
Sound Blaster Live!
Spy Sweeper
Spybot - Search & Destroy
Steganos Internet Trace Destructor 7.1.6
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb944965)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
Update Manager
VobSub v2.23 (Remove Only)
WALKMAN Launcher
WavePad Uninstall
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPatrol 2007
WinRAR archiver
XoftSpySE
XTNDConnect Blue Manager 3.3
Zune Desktop Theme

Re: help required
 

Hi pete


XoftSpy was previously listed as a Rogue. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. While it has been de-listed I'd recommend you uninstall XoftSpySE See this site for more information.

---------------------------------

Please disable the following programs

Spy Sweeper
Spybot - Search & Destroy
WinPatrol 2007
AVG Anti-Spyware 7.5
Ad-Aware SE Professional
AVG 7.5


---------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com


Remember to close all other windows and click Fix Checked

---------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


Attachment 5322

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------

Run a new scan with HijackThis and post the new log.

Re: help required
 

hi there here are the logs; is it still safe for me to access my accounts whilst the prosearching entries are in the registry

ComboFix 08-03-05.1 - Asif 2008-03-05 21:12:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.212 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Asif\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NoAdware5.0
C:\Program Files\NoAdware5.0\noadware4_022508.na

.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-05 18:45 . 2004-08-03 23:56 388,608 --a------ C:\CF24114.exe
2008-03-05 18:43 . 2008-03-05 18:43 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\WinPatrol
2008-03-05 17:43 . 2008-03-05 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 19:10 . 2008-03-04 19:10 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-03-04 17:17 . 2008-03-05 01:44 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-03-04 09:20 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-04 09:20 . 2008-03-05 19:52 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\AVG7
2008-03-04 09:20 . 2008-03-04 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\WINDOWS\RegCure
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:05 --------- d-----w C:\Program Files\iPod
2008-02-04 12:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 12:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-04 11:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-04 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12 517632]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 09:22 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 09:20 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Asif\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2005-05-25 11:12 517632 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 d:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 14:29 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 12:00:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 20:55:30 C:\WINDOWS\Tasks\RegCure Program Check.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-02-06 21:16:22 C:\WINDOWS\Tasks\RegCure.job"
- d:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 21:15:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-05 21:16:56
ComboFix-quarantined-files.txt 2008-03-05 21:16:51
ComboFix2.txt 2008-03-05 18:55:28
ComboFix3.txt 2008-03-03 21:21:14
.
2008-02-13 12:12:58 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:51, on 05/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10872 bytes

Re: help required
 

Hi pete

I suspect one of your security programs is preventing those entries from being removed. Please boot to safe mode (by repeatedly tapping the F8 key until the menu appears) and fix these with HijackThis

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com



Reboot back to normal mode, click Start > Run and type

ComboFix /SysRst


Post the new C:\ComboFix.txt along with a new HijackThis log taken from Normal mode

If you're accessing your accounts make sure that you use the secure page i.e. https:// instead of http:// Double-click on the padlock icon in the browser status bar to check the security certificate is valid.

Re: help required
 

hi, i have realised that when i do a hjt with lavasoft adwatch on(which is the spyware i have always had and used) the prosearching isnt removed. When i disable adwatch and do a hjt scan and fix the prosearching entries they are removed. but when i enable adwatch afterwards and do a hjt scan the prosearching entries re-appear.

Re: help required
 

these are the log files after doing as instructed. if i now enable adwatch and hjt scan it ,the prosearching entries will appear. instead i am using AVG Anti-Spyware 7.5 or should i uninstall adwatch then re install it. your advice is much anticipated. thanks


ComboFix 08-03-05.1 - Asif 2008-03-06 10:19:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
Command switches used :: /SysRst

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 09:28 . 2008-03-06 09:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-03-05 18:45 . 2004-08-03 23:56 388,608 --a------ C:\CF24114.exe
2008-03-05 18:43 . 2008-03-05 18:43 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\WinPatrol
2008-03-05 17:43 . 2008-03-05 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 19:10 . 2008-03-05 22:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-03-04 17:17 . 2008-03-05 01:44 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-03-04 09:20 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-04 09:20 . 2008-03-06 09:04 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\AVG7
2008-03-04 09:20 . 2008-03-04 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:27 . 2008-03-03 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 <DIR> d-------- C:\WINDOWS\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 08:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:05 --------- d-----w C:\Program Files\iPod
2008-02-04 12:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 12:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-04 11:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-04 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_21.16.18.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\ERDNT.EXE
+ 2008-03-06 09:03:48 6,774,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\Users\00000001\ntuser.dat
+ 2008-03-06 09:03:48 237,568 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2006-02-08 19:23 0 C:\Documents and Settings\Asif\Application Data\WinPatrol\Autoexec.bat
2006-02-08 19:23 0 {CB50611D-B0A7-4084-977C-4A431BEE56FA}\RP390\A0243374.bat

2006-02-08 19:23 0 C:\Documents and Settings\Asif\Application Data\WinPatrol\Config.sys
2006-02-08 19:23 0 {CB50611D-B0A7-4084-977C-4A431BEE56FA}\RP390\A0243375.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BBC News alerts"="D:\Program Files\BBC News alerts\skinkers.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 09:22 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="D:\Program Files\qttask.exe" [ ]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 09:20 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 12:00:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 09:53:26 C:\WINDOWS\Tasks\RegCure Program Check.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-02-06 21:16:22 C:\WINDOWS\Tasks\RegCure.job"
- d:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 10:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 10:23:56
ComboFix-quarantined-files.txt 2008-03-06 10:23:51
ComboFix2.txt 2008-03-06 10:15:34
ComboFix3.txt 2008-03-05 21:16:57
ComboFix4.txt 2008-03-05 18:55:28
ComboFix5.txt 2008-03-03 21:21:14
.
2008-03-06 09:07:05 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:53, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10868 bytes

Re: help required
 

Uninstalling and re-installing may help. You have adequate protection without AdWatch but let's check your settings first. Open AdWatch and make sure you have a 'red cross' next to Automatic and a 'green tick' next to Active. With AdWatch set to active you will recieve alerts when changes are made. If you install/unistall/change settings you should allow the changes for the program mentioned in the alert. This would include changes to the registry made by HijackThis or some other tools. Should you unexpectedly recieve an alert then examine the whole alert before deciding whether to block or allow the change.

Fix those prosearching.com entries with HijackThis and when you recieve the AdWatch Alert allow the change. (Remember to disable your other security programs 1st)

Does this stop prosearching.com from returning?

-------------------------------

Some of those other entries have also returned. They appeared to be orphan entries but please do the following to check if they actually exist or not.

Click Start > Run and copy/paste the following into the run box

"D:\Program Files\BBC News alerts\skinkers.exe"


press enter

Repeat for these lines also

"D:\Program Files\Winamp\winampa.exe"
"D:\Program Files\qttask.exe"
"C:\Program Files\AGEIA Technologies\TrayIcon.exe"


Let me know if any those produce an error.

Re: help required
 

thanks for the reply, i disabled the automatic option on adwatch and prosearching didnt come back. adwatch alerts did pop up for some items the ok ones i allowed but when i clicked block for prosearching the pop up didnt disappear, i clicked it a few times but it remained so i clicked allow and it went. i immediately did a hjt and it had not returned. here is a copy of the log. the other four entries i pasted into run and errors appeared. also my pc when starting up now takes a long time, is this due to all the startup programs i have now downloaded which are anti spyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:45:42, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\system32\WgaTray.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11773 bytes

Re: help required
 

Hi pete

You do have a lot of security programs, too many can cause problems.

Spyware Detector and SpywareTerminator were previously listed as Rogueware. Although now both de-listed I would recommend you uninstall both of those. See this page for more info

Also uninstall Crawler Toolbar which is adaware likely installed by SpywareTerminator.

-------------------------

Disable all your security programs again.

-------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


Attachment 5337

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt" along with a new HijackThis log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------

Remember to allow any changes made by ComboFix that AdWatch Alert may notify you of.


Did uninstalling those extra AntiSpyware programs improve your Startup time?

Re: help required
 

hi, uninstalled the programs mentioned pasted the text etc., here is the combo log followed by hjt. the pc does start up quicker now. also adwatch alert disappears now after prosearching is blocked. however it still appears on hjt log, if i fix them they should disappear



ComboFix 08-03-05.1 - Asif 2008-03-07 10:07:55.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.177 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Asif\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 09:55 . 2008-03-07 09:55 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-06 17:34 . 2008-03-06 17:34 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-03-06 17:34 . 2008-03-06 17:34 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-03-06 09:28 . 2008-03-06 09:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-03-05 18:45 . 2004-08-03 23:56 388,608 --a------ C:\CF24114.exe
2008-03-05 18:43 . 2008-03-05 18:43 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\WinPatrol
2008-03-05 17:43 . 2008-03-05 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 19:10 . 2008-03-05 22:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-03-04 17:17 . 2008-03-05 01:44 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-03-04 09:20 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-04 09:20 . 2008-03-07 09:23 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\AVG7
2008-03-04 09:20 . 2008-03-04 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-01 22:58 . 2008-03-01 22:58 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-04 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-24 18:22 . 2008-02-24 18:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 21:05 . 2008-02-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 <DIR> d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 <DIR> d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 <DIR> d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 <DIR> d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 <DIR> d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 23:09 . 2008-02-09 11:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 14:55 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 08:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:05 --------- d-----w C:\Program Files\iPod
2008-02-04 12:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 12:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-04 11:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-04 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 -c--a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 09:22 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 09:20 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]

C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 12:00:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 09:48:55 C:\WINDOWS\Tasks\RegCure Program Check.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-02-06 21:16:22 C:\WINDOWS\Tasks\RegCure.job"
- d:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 10:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-07 10:12:23
ComboFix-quarantined-files.txt 2008-03-07 10:12:18
ComboFix2.txt 2008-03-06 10:23:57
ComboFix3.txt 2008-03-06 10:15:34
ComboFix4.txt 2008-03-05 21:16:57
ComboFix5.txt 2008-03-05 18:55:28
.
2008-03-06 09:07:05 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:29, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10930 bytes

Re: help required
 

Hi pete

Those other entries came back as well. Please uninstall AdAware from Add/Remove Programs then delete the following Folder (if it still exists)

C:\Program Files\Lavasoft\Ad-Aware SE Professional


------------------------------

Disable all the other security programs


Fix the following entries with HijackThis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"



delete the following Folder (if it still exists)

C:\Program Files\Spyware Terminator


Reboot the PC for changes to take effect.

-----------------------------------

Re-install AdAware then post a new HijackThis log

Re: help required
 

hi, done as told except have not installed adaware yet as my brother installed it after he formatted my pc. will get it off him later today. here is the hjt log for now. opening applications on desktop and in general very slow

Re: help required
 

sorry forgot to post the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:22, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9828 bytes

Re: help required
 

heres the new hjt log after installing adaware 2007
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:22, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
d:\elsawin\bin\LcSvrAuf.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10072 bytes

Re: help required
 

Hi pete

Sorry for the delay, that looks better now. To improve the speed we can try a few things

Both Windows Messenger and MSN Messenger are available via Start > All Programs, you can fix the following entries to prevent them from starting on start up

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background




The following entry allows MS Office to open quicker, however it is a known resource hog and users who have disabled it report no difference. Unless you make use of the Office Shortcut Bar outside of the Office program then you can fix it.

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE


The next entry speeds up Adobe Reader's load not but is not required. You can fix it.

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


From the following 2 AntiSpyware programs choose 1 for realtime protection and disable the other

Spy Sweeper
AVG AntiSpyware


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Does that help speed things up a bit?

Re: help required
 

hi, have done as asked it still is running slow, i fixed the msn messenger as asked but after restart it came back on which i would rather prefer anyhow. i suspect it is the avg virus and spyware programs slowing me down. will the adaware/watch not be sufficient on its own. do i need to uninstall combofix and hjt

Re: help required
 

No AdAware on it's own would not be enough in this era. AVG AntiSpyware is a good on demand scanner but can slow some systems down considerably. Although I wouldn't normally recommend uninstalling AVG AntiSpyware you do have enough protection onboard to do without it. Try uninstalling AVG AntiSpyware to see if that helps with the speed issue.

To uninstall ComboFix click Start > Run and type ComboFix /u This would also perform some other final cleanup steps including clearing out System Restore points and creating a new clean System Restore point.

Leave HijackThis for a couple of weeks to make sure all is ok then you can uninstall/delete it. HijackThis would not use any system resources.

Sometimes having a large hosts file can slow things down a bit. Open HijackThis and click Open the misc tools section then Open hosts file manager. HijackThis will then display your hosts file in a text area. Just above that you should see a line similar to:

Host file is located at c:\WINDOWS\system32\drivers\etc\hosts (11322 lines A)


Let us know how many lines you have in your hosts file as well as letting us know if removing AVG AS has made any difference.

Re: help required
 

hi, uninstalling avg spyware has made a slight difference but not that much. the number of files is listed as 8017 ra.thanks

Re: help required
 

click Start > Run and type services.msc

• Scroll down to "DNS Client", Right-click and select: Properties
• Click the drop-down arrow for "Startup type"
• Select: Manual, or Disabled (recommended) click Apply/Ok and restart.

Does that help?

Re: help required
 

hi, pc running better, any other final technical tips appreciated. would like to end this thread as i feel i have bothered you enough as it is. thanks ever so much. gora pete

Re: help required
 

your very welcome pete it's no trouble. One last tip to improve speed would be to defragment the hard drive if it needs done. After all the activity we have put it through it probably would be needing it, now that all the changes are made it would be a good time. Other than that remember to keep everything updated including Windows.

Happy surfing Attachment 5385