[ Done ] Fake Anti-Virus Pop Ups & Unwanted Redirection to Harmful Websites

  • 11 Replies
  • 3960 Views
*

Offline Haychee

  • Bronze Member
  • 6
Basically for the past number of weeks I have experienced a number of problems through my internet browsing. I only use Mozilla Firefox to browse the internet but have had problems to do with Internet Explorer also, I don't know how these problems arised.

I am constantly bombared by Fake Anti Virus pop ups on Internet Explorer, they pop up about every 15 minutes no matter what I am doing, and are a nusiance to close.
Also on some occasions when this happens it says Microsoft Office Small Business is attempting to install something but fails as I don't have the disc inserted. This makes closing the pop ups even harder.

When I search on google using Firefox sometimes the links I click from the search results, redirect me to hamrful gambling, porn and other fake anti virus websites.

I have free versions of Ad-Aware and Malwarebytes Anti-Malware installed, whenever I do system scans they find the same tracking cookies, privacy objects, spyware objects and rogue anti spyware trojans. They claim to remove them but the problems constantly persist.

I would appreciate any help anyone could offer to stop these problems.
Thank You.
Haychee

Here is my HijackThis log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:39, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\pp05.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCguard] C:\Program Files\Virgin Broadband\PCguard\Rps.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld03.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp05.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10642 bytes
« Last Edit: April 01, 2009, 03:24:21 PM by bamajim »

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: Fake Anti-Virus Pop Ups & Unwanted Redirection to Harmful Websites
« Reply #1 on: April 01, 2009, 10:59:22 AM »
Haychee

1. Go HERE and download File Lister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • As the program runs, it will appear that nothing is happening.
  • When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.

2008-2010
Rights cannot exist without morals

*

Offline Haychee

  • Bronze Member
  • 6

+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.8             +
+                                                                    +
+  By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  01/04/2009 19:50:37


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\windows\pp05.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's ======

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll

BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll

BHO: (NO NAME) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: (NO NAME) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[DLCCCATS] = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
[MSKDetectorExe] = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[ISUSScheduler] = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[ehTray] = C:\WINDOWS\ehome\ehtray.exe
[dlccmon.exe] = "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
[DLA] = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[Adobe Photo Downloader] = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[Broadbandadvisor.exe] = "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[PCguard] = C:\Program Files\Virgin Broadband\PCguard\Rps.exe
[Sony Ericsson PC Suite] = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[4oD] = "C:\Program Files\Kontiki\KHost.exe" -all
[AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[sysldtray] = C:\windows\ld03.exe
[pp] = C:\windows\pp05.exe
[Ad-Watch] = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[ISUSPM Startup] = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[DellSupport] = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
[kdx] = C:\Program Files\Kontiki\KHost.exe -all
[WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
[dll] = rundll32 dll32,sm

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{4F3F81C3-9661-4C68-955F-DD231EC407CA}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{5D3DD9D1-CEF2-46B3-B22C-4F0882D5D44F}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{6CB5BF21-E34B-43D1-803D-2DCB4B7FBC40}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{BF1F293B-E43C-4DBC-86D0-1B127F7C5CDD}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{4F3F81C3-9661-4C68-955F-DD231EC407CA}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{5D3DD9D1-CEF2-46B3-B22C-4F0882D5D44F}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{6CB5BF21-E34B-43D1-803D-2DCB4B7FBC40}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{BF1F293B-E43C-4DBC-86D0-1B127F7C5CDD}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{4F3F81C3-9661-4C68-955F-DD231EC407CA}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{5D3DD9D1-CEF2-46B3-B22C-4F0882D5D44F}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{6CB5BF21-E34B-43D1-803D-2DCB4B7FBC40}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{BF1F293B-E43C-4DBC-86D0-1B127F7C5CDD}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

19/03/2009 19:26:38    1180014    C:\$AVG8.VAULT$
29/03/2009 14:59:29    2997    32    C:\aaw7boot.log
01/04/2009 19:50:37    0    32    C:\Files.txt
11/03/2009 19:01:08    2470956    C:\WINDOWS\$NtUninstallKB958690$
11/03/2009 19:01:08    624556    C:\WINDOWS\$NtUninstallKB958690$\spuninst
11/03/2009 19:00:19    11458860    C:\WINDOWS\$NtUninstallKB959772_WM11$
11/03/2009 19:00:19    623916    C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst
11/03/2009 19:01:15    768932    C:\WINDOWS\$NtUninstallKB960225$
11/03/2009 19:01:15    624548    C:\WINDOWS\$NtUninstallKB960225$\spuninst
11/02/2009 19:01:35    746210    C:\WINDOWS\$NtUninstallKB960715$
11/02/2009 19:01:35    623330    C:\WINDOWS\$NtUninstallKB960715$\spuninst
25/02/2009 19:01:03    9086732    C:\WINDOWS\$NtUninstallKB967715$
25/02/2009 19:01:03    625420    C:\WINDOWS\$NtUninstallKB967715$\spuninst
17/03/2009 23:47:05    1    32    C:\WINDOWS\9g234sdfdfgjf23
28/03/2009 14:32:29    1    32    C:\WINDOWS\9g234sdff3d23dfgjf23
11/03/2009 17:44:47    13698    32    C:\WINDOWS\KB958690.log
11/03/2009 19:00:18    5662    32    C:\WINDOWS\KB959772.log
11/03/2009 17:44:58    13978    32    C:\WINDOWS\KB960225.log
11/02/2009 19:01:33    14489    32    C:\WINDOWS\KB960715.log
11/02/2009 19:00:28    20119    32    C:\WINDOWS\KB961260-IE7.log
25/02/2009 16:41:15    13774    32    C:\WINDOWS\KB967715.log
28/03/2009 14:30:25    15872    2    C:\WINDOWS\ld03.exe
28/03/2009 14:32:29    11776    2    C:\WINDOWS\pp05.exe
17/03/2009 23:47:04    2    2    C:\WINDOWS\t55ft2807f44.dat
28/03/2009 14:31:18    2    2    C:\WINDOWS\t55ft2809f44.dat
18/03/2009 20:23:34    2    2    C:\WINDOWS\t55ft2950f44.dat
19/03/2009 17:04:16    2    2    C:\WINDOWS\t55ft2951f44.dat
06/02/2009 20:03:18    307576    32    C:\WINDOWS\WLXPGSS.SCR
28/03/2009 14:31:18    13312    32    C:\WINDOWS\system32\dll32.dll
29/03/2009 14:49:05    15688    32    C:\WINDOWS\system32\lsdelete.exe
17/03/2009 23:52:45    0    32    C:\WINDOWS\system32\nfr.assembly
28/03/2009 14:33:30    0    32    C:\WINDOWS\system32\nfr.gpref
06/02/2009 19:52:40    49504    32    C:\WINDOWS\system32\sirenacm.dll
12/03/2009 23:16:07    1900544    32    C:\WINDOWS\system32\usbaaplrc.dll

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

19/03/2009 19:20:50    0    C:\Program Files\AVG
19/03/2009 19:20:50    0    C:\Program Files\AVG\AVG8
12/03/2009 23:18:29    390387    C:\Program Files\Bonjour
12/03/2009 23:19:53    1485871    C:\Program Files\iPod
12/03/2009 23:19:53    1482536    C:\Program Files\iPod\bin
12/03/2009 23:19:53    826368    C:\Program Files\iPod\bin\iPodService.Resources
12/03/2009 23:19:53    43520    C:\Program Files\iPod\bin\iPodService.Resources\da.lproj
12/03/2009 23:19:53    44032    C:\Program Files\iPod\bin\iPodService.Resources\de.lproj
12/03/2009 23:19:53    43520    C:\Program Files\iPod\bin\iPodService.Resources\en.lproj
12/03/2009 23:19:54    43520    C:\Program Files\iPod\bin\iPodService.Resources\es.lproj
12/03/2009 23:19:54    43520    C:\Program Files\iPod\bin\iPodService.Resources\fi.lproj
12/03/2009 23:19:54    43520    C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj
12/03/2009 23:19:54    43520    C:\Program Files\iPod\bin\iPodService.Resources\it.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\ja.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\ko.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\nb.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\nl.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\pl.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\pt.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\pt_PT.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\ru.lproj
12/03/2009 23:19:55    43520    C:\Program Files\iPod\bin\iPodService.Resources\sv.lproj
12/03/2009 23:19:56    43520    C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj
12/03/2009 23:19:56    43520    C:\Program Files\iPod\bin\iPodService.Resources\zh_TW.lproj
16/02/2009 18:56:59    18913614    C:\Program Files\Last.fm
16/02/2009 18:57:01    1938238    C:\Program Files\Last.fm\data
16/02/2009 18:57:01    8519    C:\Program Files\Last.fm\data\buttons
16/02/2009 18:57:01    1664482    C:\Program Files\Last.fm\data\i18n
16/02/2009 18:57:02    82026    C:\Program Files\Last.fm\data\icons
16/02/2009 18:57:01    390144    C:\Program Files\Last.fm\imageformats
16/02/2009 18:57:00    1177387    C:\Program Files\Last.fm\Microsoft.VC80.CRT
24/02/2009 23:15:54    4153216    C:\Program Files\Malwarebytes' Anti-Malware
24/02/2009 23:15:55    372760    C:\Program Files\Malwarebytes' Anti-Malware\Languages

====== Files under "\System32\Drivers" Last 60 Days======

29/03/2009 14:09:31    64160    32    C:\WINDOWS\system32\drivers\Lbd.sys
24/02/2009 23:15:58    15504    32    C:\WINDOWS\system32\drivers\mbam.sys
24/02/2009 23:15:55    38496    32    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Harry\LOCALS~1\Temp\datAB.tmp
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_acbs0x8iyWeZfAuZmOjQ
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_BuKUN8rltMONaTQ5RVoC
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_esDHMFaJx2XA7fkaxgQi
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_MLjwNAcoIVRDuqJ7SmL3
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_PmlRzpJ33kkaZE5xi61P
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_Sdla9hzfMxHx9T4bkwkb
C:\DOCUME~1\Harry\LOCALS~1\Temp\etilqs_wljdbYihSeV9JYi6p5rI
C:\DOCUME~1\Harry\LOCALS~1\Temp\INU25B.tmp
C:\DOCUME~1\Harry\LOCALS~1\Temp\INU25D.tmp
C:\DOCUME~1\Harry\LOCALS~1\Temp\INU25F.tmp
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI16634.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI16635.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI1f968.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI305e7.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI478b4.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI4adf7.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI4adf8.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI71f94.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI71f95.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI745ea.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI84e9c.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI8a816.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI9450f.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI94510.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI97abf.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI9b787.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI9cfed.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI9cfee.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSI9f88d.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSIdc803.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\MSIebe85.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\qdiagd.log
C:\DOCUME~1\Harry\LOCALS~1\Temp\TWAIN.LOG
C:\DOCUME~1\Harry\LOCALS~1\Temp\Twain001.Mtx
C:\DOCUME~1\Harry\LOCALS~1\Temp\Twunk001.MTX
C:\DOCUME~1\Harry\LOCALS~1\Temp\Twunk002.MTX
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog00.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog01.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog02.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog03.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog04.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog05.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog06.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog07.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog08.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog09.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog10.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog11.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog12.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog13.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog14.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog15.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog16.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog17.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog18.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\wmplog19.sqm
C:\DOCUME~1\Harry\LOCALS~1\Temp\~$nathanBloggs.doc

58 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

16/02/2009 18:57:34    685966    C:\Documents and Settings\All Users\Application Data\Last.fm
16/02/2009 18:57:34    685966    C:\Documents and Settings\All Users\Application Data\Last.fm\Client
16/02/2009 18:57:34    685874    C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstITW
24/02/2009 23:15:54    1691869    C:\Documents and Settings\All Users\Application Data\Malwarebytes
24/02/2009 23:15:54    1691869    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
12/03/2009 23:19:50    540120    C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
12/03/2009 23:20:18    540120    C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86
12/03/2009 23:20:18    131216    C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\x86
29/03/2009 14:06:14    10408525    C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\
rundll32 dll32,sm

====== Services ( Services that are Whitelisted are not shown) ======

BCM43XX (BCM 802.11b Network Adapter Driver)- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys - Manual/Running
CSS DVP (CSS DVP)- C:\WINDOWS\system32\DRIVERS\css-dvp.sys - Auto/Running
DLABOIOM (DLABOIOM)- C:\WINDOWS\system32\DLA\DLABOIOM.SYS - Auto/Running
DLACDBHM (DLACDBHM)- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResN (DLADResN)- C:\WINDOWS\system32\DLA\DLADResN.SYS - Auto/Running
DLAIFS_M (DLAIFS_M)- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - Auto/Running
DLAOPIOM (DLAOPIOM)- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - Auto/Running
DLAPoolM (DLAPoolM)- C:\WINDOWS\system32\DLA\DLAPoolM.SYS - Auto/Running
DLARTL_N (DLARTL_N)- C:\WINDOWS\system32\Drivers\DLARTL_N.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - Auto/Running
DLAUDF_M (DLAUDF_M)- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - Auto/Running
DRVMCDB (DRVMCDB)- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS - Boot/Running
DRVNDDM (DRVNDDM)- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS - Auto/Running
E100B (Intel(R) PRO Network Connection Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
Freedom (Freedom Miniport)- C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS - Manual/Running
FreeTdi (Radialpoint Filter (RPS-12798))- C:\WINDOWS\system32\Drivers\FreeTdi.sys - Auto/Running
FTDIBUS (SEMC DSS-20 SyncStation Serial Converter Driver)- C:\WINDOWS\system32\drivers\ftdibus.sys - Manual/Stopped
hcwPP2 (Hauppauge WinTV PVR PCI II ([23|25|26]xxx))- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys - Manual/Running
Jukebox3 (Jukebox3)- C:\WINDOWS\system32\DRIVERS\ctpdusb.sys - Manual/Stopped
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7)- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys - Auto/Running
MHNDRV (MHN driver)- C:\WINDOWS\system32\DRIVERS\mhndrv.sys - Manual/Stopped
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
STEC3 (STEC3)- \??\C:\WINDOWS\system32\STEC3.sys - Auto/Running
STHDA (SigmaTel High Definition Audio CODEC)- C:\WINDOWS\system32\drivers\sthda.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbsermpt (Motorola USB Modem Driver for MPT)- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys - Manual/Stopped
w810bus (Sony Ericsson W810 Driver driver (WDM))- C:\WINDOWS\system32\DRIVERS\w810bus.sys - Manual/Stopped
w810mdfl (Sony Ericsson W810 USB WMC Modem Filter)- C:\WINDOWS\system32\DRIVERS\w810mdfl.sys - Manual/Stopped
w810mdm (Sony Ericsson W810 USB WMC Modem Driver)- C:\WINDOWS\system32\DRIVERS\w810mdm.sys - Manual/Stopped
w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM))- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys - Manual/Stopped
w810obex (Sony Ericsson W810 USB WMC OBEX Interface)- C:\WINDOWS\system32\DRIVERS\w810obex.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List From Registry ======

GemMaster Mystic
4oD
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player 11
Audacity 1.2.4
BBC iPlayer Download Manager
Caesar 3
Creative Jukebox Driver
Microsoft Windows XP Video Decoder Checkup Utility
Dell Photo AIO Printer 924
Dell Support 5.0.0 (630)
Democracy
Diablo II
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
ESPNMotion
Virgin Broadband PCguard
SEMC DSS-20 SyncStation Driver
GCH Guitar academy
Heroes of Might and Magic® III
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Fable - The Lost Chapters
Kaspersky Online Scanner
High Definition Audio Driver Package - KB835221
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Update Rollup 2 for Windows XP Media Center Edition 2005
Hotfix for Windows Media Player 10 (KB903157)
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Update for Windows Media Player 10 (KB910393)
Security Update for Windows Media Player 10 (KB911565)
Update for Windows Media Player 10 (KB913800)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Windows XP Media Center Edition 2005 KB925766
Update for Windows Media Player 10 (KB926251)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Hotfix for Windows XP (KB954708)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Critical Update for Windows Media Player 11 (KB959772)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Update for Windows XP (KB967715)
Last.fm 1.5.4.24567
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.8)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Norton Security Scan (Symantec Corporation)
Intel(R) PRO Network Connections Drivers
Virgin Broadband advisor 1.5.10
RealPlayer
Shockwave
Adobe Flash Player 9 ActiveX
Sierra Utilities
SimCity 3000 Unlimited
Unity Web Player
Viewpoint Media Player
VideoLAN VLC media player 0.8.6h
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Live Essentials
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Office 2000 Small Business
Microsoft Office 2000 Disc 2
PPSDKRedistributables
Bonjour
Roxio RecordNow Data
Windows Live Messenger
Security Update for CAPICOM (KB931906)
Roxio DLA
Apple Mobile Device Support
ARTEuro
Windows Live Upload Tool
QuickTime
MSVCRT
Championship Manager 2007
Java(TM) 6 Update 11
The Battle for Middle-earth (tm) II
Sonic Update Manager
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Live Toolbar Extension (Windows Live Toolbar)
Media Center Karaoke Plug-in
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Windows Live Communications Platform
Windows Live Photo Gallery
Norton Security Scan
Dell CinePlayer
Microsoft Windows Journal Viewer
Windows Live Sign-in Assistant
Adobe® Photoshop® Album Starter Edition 3.0
Junk Mail filter update
Dell Driver Reset Tool
Sonic Activation Module
Windows Live Mail
Apple Software Update
Windows Media Player Firefox Plugin
Windows Live Writer
Power Tab Editor 1.7
Disc2Phone
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
Map Button (Windows Live Toolbar)
Windows Live Favorites for Windows Live Toolbar
Jasc Paint Shop Pro 8
Intel(R) PROSet for Wired Connections
MSXML 4.0 SP2 (KB954430)
PCguard
Intel(R) Graphics Media Accelerator Driver
Microsoft Sync Framework Runtime Native v1.0 (x86)
4oD
Choice Guard
Microsoft PowerPoint 2002
924PLC32
Microsoft Application Error Reporting
Sonic Encoders
Windows Live Toolbar
Microsoft Search Enhancement Pack
MobileMe Control Panel
Windows Live Sync
Segoe UI
Highlight Viewer (Windows Live Toolbar)
Roxio RecordNow Audio
Adobe Reader 7.1.0
ABBYY FineReader 6.0 Sprint
Roxio RecordNow Copy
Citrix Presentation Server Client
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Sync Framework Services Native v1.0 (x86)
MSXML 4.0 SP2 (KB936181)
Fable - The Lost Chapters
Sony Ericsson PC Suite 1.20.173
Windows Live Essentials
Microsoft .NET Framework 1.1
MCU
Authentium
BBC iPlayer Download Manager
GameShadow
Safari
Creative Zen Micro
Ad-Aware
iTunes
Black and White
Smart Menus (Windows Live Toolbar)
Microsoft SQL Server 2005 Compact Edition [ENU]
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
BT Voyager Wireless Utility
User Profile Hive Cleanup Service

======== Other Info ========

TOTAL PHYSICAL RAM: 1063 MB


====== Files with Hidden Attributes======


*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Haychee

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

(How to extract (decompress) zipped or compressed files, help in the link here: )
[/list]
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to Delete:
C:\windows\pp05.exe
C:\windows\ld03.exe
C:\WINDOWS\9g234sdfdfgjf23
C:\WINDOWS\9g234sdff3d23dfgjf23
C:\WINDOWS\t55ft2807f44.dat
C:\WINDOWS\t55ft2809f44.dat
C:\WINDOWS\t55ft2950f44.dat
C:\WINDOWS\t55ft2951f44.dat
C:\WINDOWS\system32\dll32.dll
C:\WINDOWS\system32\nfr.assembly
C:\WINDOWS\system32\nfr.gpref



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply

2008-2010
Rights cannot exist without morals

*

Offline Haychee

  • Bronze Member
  • 6
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\windows\pp05.exe" deleted successfully.
File "C:\windows\ld03.exe" deleted successfully.
File "C:\WINDOWS\9g234sdfdfgjf23" deleted successfully.
File "C:\WINDOWS\9g234sdff3d23dfgjf23" deleted successfully.
File "C:\WINDOWS\t55ft2807f44.dat" deleted successfully.
File "C:\WINDOWS\t55ft2809f44.dat" deleted successfully.
File "C:\WINDOWS\t55ft2950f44.dat" deleted successfully.
File "C:\WINDOWS\t55ft2951f44.dat" deleted successfully.
File "C:\WINDOWS\system32\dll32.dll" deleted successfully.
File "C:\WINDOWS\system32\nfr.assembly" deleted successfully.
File "C:\WINDOWS\system32\nfr.gpref" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Haychee

Nice work

Rerun Hijackthis and post a fresh Hiajckthis log

2008-2010
Rights cannot exist without morals

*

Offline Haychee

  • Bronze Member
  • 6
Awesome dude thank you so much :D
It appears to have stopped!

Here is my log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:13, on 01/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCguard] C:\Program Files\Virgin Broadband\PCguard\Rps.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld03.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp05.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10595 bytes

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Haychee

Great. Glad to hear it.

1. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld03.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp05.exe
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm


Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

2008-2010
Rights cannot exist without morals

*

Offline Haychee

  • Bronze Member
  • 6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:26, on 01/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCguard] C:\Program Files\Virgin Broadband\PCguard\Rps.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10449 bytes

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Haychee

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

Lets create a clean System Restore point:
  • The instructions are here
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis
  • To a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe

2008-2010
Rights cannot exist without morals

*

Offline Haychee

  • Bronze Member
  • 6
Thank you very very much!

Do you take donations?

I appreciate this so much!

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Thank you very very much!

Do you take donations?

I appreciate this so much!
You are most welcome.
And we do not take donations at this time, but thank you for asking.  :)

surf safe

2008-2010
Rights cannot exist without morals