0

Hi, Due to your website i have found some very useful information. I am not fully sure what i am supposed to do now (I'm getting on a bit and am not a tech wizard).

Here is a logfile from HiJack this.

Thankyou very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:25, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Save\Save.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Curly Wurly\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: {63ffc0f1-11ab-7759-a964-fdc4e0233965} - {5693320e-4cdf-469a-9577-ba111f0cff36} - C:\WINDOWS\system32\lvenhcvk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6689cc3b-6774-4e85-ba35-7801141c63e6} - C:\WINDOWS\system32\reqloqhh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [c827efdb] rundll32.exe "C:\WINDOWS\system32\ypsaayio.dll",sitypnow
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: hggfgfe - hggfgfe.dll (file missing)
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11068 bytes

2
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

Can you please do the following.

===============

Go to Add/Remove programs and uninstall the following, if present:

WhenUSave

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: {63ffc0f1-11ab-7759-a964-fdc4e0233965} - {5693320e-4cdf-469a-9577-ba111f0cff36} - C:\WINDOWS\system32\lvenhcvk.dll (file missing)
O2 - BHO: (no name) - {6689cc3b-6774-4e85-ba35-7801141c63e6} - C:\WINDOWS\system32\reqloqhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: hggfgfe - hggfgfe.dll (file missing)
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Save

Search for...

ALCMTR.EXE

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

1. Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

0

Thanks for the fast reply mate :)

 ComboFix 07-10-12.4 - Curly Wurly 2007-10-13 12:09:54.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.120 [GMT 1:00]
Running from: C:\Documents and Settings\Curly Wurly\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
(((((((((((((((((((((((((   Files Created from 2007-09-13 to 2007-10-13  )))))))))))))))))))))))))))))))
.

2007-10-13 12:09    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-10-13 11:02    <DIR>    d--------   C:\Documents and Settings\Roy\Application Data\Motive
2007-10-13 11:02    <DIR>    d--------   C:\Documents and Settings\Roy\Application Data\Grisoft
2007-10-11 22:45    <DIR>    d--------   C:\Documents and Settings\Roy\Application Data\Apple Computer
2007-10-11 21:02    <DIR>    d--------   C:\Documents and Settings\Curly Wurly\Application Data\Grisoft
2007-10-11 21:01    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 21:01    10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-11 17:16    139,536 --a------   C:\WINDOWS\system32\javaee.dll
2007-10-10 21:38    <DIR>    d--------   C:\WINDOWS\SxsCaPendDel
2007-10-10 17:30    584,192 -----c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 21:39    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-09 20:07    <DIR>    d--------   C:\Documents and Settings\Curly Wurly\Application Data\Yahoo!
2007-10-09 20:06    131,072 --a------   C:\WINDOWS\system32\ypclsp.dll
2007-10-09 20:06    86,016  --a------   C:\WINDOWS\system32\YPcservice.exe
2007-10-09 20:04    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-09 20:04    24,576  --a------   C:\WINDOWS\system32\msxml3a.dll
2007-10-09 20:03    <DIR>    d--------   C:\Program Files\Yahoo!
2007-10-09 20:03    84,992  --a------   C:\WINDOWS\system32\ATL70.DLL
2007-10-09 20:03    65,536  --a------   C:\WINDOWS\system32\YCRWin32.dll
2007-10-09 20:02    <DIR>    d--------   C:\WINDOWS\Motive
2007-10-09 20:02    <DIR>    d--------   C:\Program Files\btbb_wcm
2007-10-09 20:02    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Motive
2007-10-09 20:01    <DIR>    d--------   C:\Program Files\Motive
2007-10-09 20:01    <DIR>    d--------   C:\Program Files\Common Files\Motive
2007-10-09 20:01    <DIR>    d--------   C:\Program Files\BT Home Hub
2007-10-09 17:48    6,503   ---hs----   C:\WINDOWS\system32\ppqss.bak1
2007-10-07 15:03    <DIR>    d---s----   C:\Documents and Settings\Roy\UserData
2007-10-05 22:56    6,491   ---hs----   C:\WINDOWS\system32\ehhkj.bak1
2007-10-02 21:37    <DIR>    d--------   C:\Documents and Settings\Curly Wurly\Application Data\DivX
2007-10-02 21:35    <DIR>    d--------   C:\Program Files\DivX
2007-10-02 21:15    37,572  ---hs----   C:\WINDOWS\system32\jjkkj.bak2
2007-09-30 15:02    6,728   ---hs----   C:\WINDOWS\system32\jjkkj.bak1
2007-09-30 11:46    14,690  ---hs----   C:\WINDOWS\system32\jjkmp.bak2
2007-09-30 08:52    6,440   ---hs----   C:\WINDOWS\system32\jjkmp.bak1
2007-09-29 14:55    23,954  ---hs----   C:\WINDOWS\system32\fhhkj.bak2
2007-09-29 14:25    6,440   ---hs----   C:\WINDOWS\system32\fhhkj.bak1
2007-09-28 18:10    28,292  ---hs----   C:\WINDOWS\system32\ijllm.bak1
2007-09-28 14:09    <DIR>    d--------   C:\WINDOWS\system32\quicktime
2007-09-28 14:09    <DIR>    d--------   C:\Program Files\AVI Movie Player
2007-09-28 13:47    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-28 11:04    <DIR>    d---s----   C:\Documents and Settings\Curly Wurly\UserData
2007-09-28 08:33    <DIR>    d--------   C:\Program Files\Windows Live
2007-09-28 08:33    <DIR>    d--------   C:\Program Files\Messenger Plus! Live
2007-09-27 21:01    6,440   ---hs----   C:\WINDOWS\system32\egjlm.bak1
2007-09-27 16:30    6,440   ---hs----   C:\WINDOWS\system32\ttstv.bak1
2007-09-26 22:03    6,440   ---hs----   C:\WINDOWS\system32\vvvwa.bak1
2007-09-23 11:44    6,520   ---hs----   C:\WINDOWS\system32\prqss.bak1
2007-09-22 22:37    <DIR>    d--------   C:\Documents and Settings\Roy\Application Data\AVG7
2007-09-18 20:57    <DIR>    d--------   C:\Documents and Settings\Curly Wurly\Application Data\AVG7
2007-09-18 20:56    <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-18 20:56    <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-18 20:56    <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-18 20:55    <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg7
2007-09-18 20:34    <DIR>    d--------   C:\WINDOWS\.jagex_cache_32
2007-09-18 20:27    6,496   ---hs----   C:\WINDOWS\system32\kjjlm.bak2
2007-09-18 08:26    6,640   ---hs----   C:\WINDOWS\system32\kjjlm.bak1
2007-09-17 19:23    823,296 --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 19:23    823,296 --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 19:22    802,816 --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 19:22    739,840 --a------   C:\WINDOWS\system32\DivX.dll
2007-09-15 17:34    <DIR>    d--------   C:\Program Files\Google

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 11:11    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-10-13 11:06    ---------   d-----w C:\Program Files\Steam
2007-10-09 17:13    ---------   d-----w C:\Documents and Settings\Curly Wurly\Application Data\LimeWire
2007-09-28 10:06    ---------   d-----w C:\Documents and Settings\Curly Wurly\Application Data\Image Zone Express
2007-09-28 10:02    ---------   d-----w C:\Documents and Settings\Curly Wurly\Application Data\Bioshock
2007-09-28 07:33    ---------   d-----w C:\Program Files\MSN Messenger
2007-09-18 21:17    ---------   d-----w C:\Program Files\WinAce
2007-09-15 16:12    ---------   d-----w C:\Documents and Settings\Curly Wurly\Application Data\AdobeUM
2007-09-11 23:14    156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-09 17:13    ---------   d-----w C:\Program Files\BitComet
2007-09-09 13:46    ---------   d-----w C:\Program Files\QuickTime
2007-09-09 13:46    ---------   d-----w C:\Program Files\Common Files\AOL
2007-09-09 13:46    ---------   d-----w C:\Program Files\BigFix
2007-09-09 13:46    ---------   d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-08 15:09    ---------   d--h--r C:\Documents and Settings\Curly Wurly\Application Data\SecuROM
2007-09-08 14:32    108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-08 14:22    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-09-08 14:22    ---------   d-----w C:\Program Files\2K Games
2007-09-08 14:21    ---------   d-----w C:\Documents and Settings\Curly Wurly\Application Data\InstallShield
2007-09-06 16:41    ---------   d-----w C:\Program Files\Kontiki
2007-09-06 16:41    ---------   d-----w C:\Program Files\Channel4
2007-09-06 16:41    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2007-09-02 12:47    ---------   d-----w C:\Program Files\Napster
2007-09-02 12:47    ---------   d-----w C:\Program Files\Common Files\Napster Shared
2007-09-02 12:47    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-08-26 21:08    ---------   d-----w C:\Documents and Settings\Roy\Application Data\Image Zone Express
2007-08-21 06:15    683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26    81,920  ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26    196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-18 12:50    28,104  ----a-w C:\Documents and Settings\Curly Wurly\Application Data\GDIPFONTCACHEV1.DAT
2007-08-18 07:43    ---------   d-----w C:\Documents and Settings\Roy\Application Data\AdobeUM
2007-08-15 22:33    9,464   ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-15 22:33    9,336   ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-15 22:33    524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33    43,528  ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-15 22:33    3,596,288   ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33    200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33    129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33    120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33    118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33    1,044,480   ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31    593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31    57,344  ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31    53,248  ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31    344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31    294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31    294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30    12,288  ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 18:19    92,504  ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19    549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19    53,080  ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19    43,352  ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19    325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19    203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19    1,712,984   ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18    33,624  ----a-w C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 22:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CHotkey"="zHotkey.exe" [2004-05-18 01:30 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 16:09 C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 02:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 18:50]
"SoundMan"="SOUNDMAN.EXE" [2004-08-25 02:14 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-08-25 02:01 C:\WINDOWS\ALCWZRD.EXE]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 22:18]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-18 04:10]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
"Motive SmartBridge"="C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 18:52]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-08 07:45]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"c827efdb"="C:\WINDOWS\system32\ypsaayio.dll" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 21:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-10-13 10:25]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Home Hub\Help\bin\matcli.exe [2007-10-09 20:01:20]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 09:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-13 12:11:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-13 12:12:33
.
    --- E O F ---













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:11, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Curly Wurly\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.co.uk/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.msn.co.uk[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.msn.co.uk/[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [c827efdb] rundll32.exe "C:\WINDOWS\system32\ypsaayio.dll",sitypnow
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8707 bytes

Edited by Nick Evan: Fixed formatting

0

Yeah seems one hell of a lot better. I cannot thank you enough for this.

Although i still get message "RUNDLL" When I boot up :S

0

Although i still get message "RUNDLL" When I boot up :S

I missed an entry in your log. Fixing it should rid you of the message :).

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O4 - HKLM\..\Run: [c827efdb] rundll32.exe "C:\WINDOWS\system32\ypsaayio.dll",sitypnow


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\ypsaayio.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.