[inactive]Infected by Project1 Virus... NEED HELP!!!
ive been infected by project 1 virus and ive read on other threads here people who have had similar problems and seem to have been resolved... if i can get some help it will be greatly appreciated!!!
0
This discussion has been closed.
Comments
Click here to download HJTsetup.exe. Save it to your Desktop!
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.Logfile of HijackThis v1.99.1
Scan saved at 10:22:08 PM, on 12/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\ctfmon.exe
C:\dfndrff_e75.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\joseph.ROOM\My Documents\Chris's folder\Chris stuff\technical mumbojumbo\LimeWire\LimeWire.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourstartingpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - (no file)
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\System32\SearchTool\nsiE3.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\System32\SmartShopper\SmartShopper0.dll
O2 - BHO: (no name) - {7ECD3451-57C4-42F9-997D-FA5A71249E1E} - C:\Program Files\Outlook Express\megovamaf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Win WinAmp] winamp.exe
O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Microsoft Update] Wupdate32.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [xag08a1c] RUNDLL32.EXE w3bb2ae7.dll,n 00508a170000000a3bb2ae7
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e56.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e91.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e91.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [windows] C:\\windows_e56.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Win WinAmp] winamp.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Wupdate32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win WinAmp] winamp.exe
O4 - HKCU\..\Run: [ownsuser] C:\DOCUME~1\JOSEPH~1.ROO\APPLIC~1\INSIDE~1\Poll Locks.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\fnl0213mg.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\dwkquoui.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dwkquoui.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
Please post back with the combofix.txt log and a fresh Hijack This log.
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{FCB42AAD-0267-4D10-B5E2-0F1E203D85F2}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{FCB42AAD-0267-4D10-B5E2-0F1E203D85F2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{FCB42AAD-0267-4D10-B5E2-0F1E203D85F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{FCB42AAD-0267-4D10-B5E2-0F1E203D85F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwkquoui.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{010288A3-A4C8-4123-BCBC-3D94363EEA47}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{010288A3-A4C8-4123-BCBC-3D94363EEA47}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{010288A3-A4C8-4123-BCBC-3D94363EEA47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{010288A3-A4C8-4123-BCBC-3D94363EEA47}\InprocServer32]
@="C:\\WINDOWS\\system32\\wX2topl.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{ACB5AE89-3554-44FE-8717-DE6482B0E258}]
@=""
[HKEY_CLASSES_ROOT\clsid\{ACB5AE89-3554-44FE-8717-DE6482B0E258}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{ACB5AE89-3554-44FE-8717-DE6482B0E258}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{ACB5AE89-3554-44FE-8717-DE6482B0E258}\InprocServer32]
@="C:\\WINDOWS\\system32\\iBssvcs.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{765E50AC-CE39-4C9F-87EE-A4BA140FB9FA}]
@=""
[HKEY_CLASSES_ROOT\clsid\{765E50AC-CE39-4C9F-87EE-A4BA140FB9FA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{765E50AC-CE39-4C9F-87EE-A4BA140FB9FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{765E50AC-CE39-4C9F-87EE-A4BA140FB9FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\drcompos.dll
C:\WINDOWS\system32\fp6m03j1e.dll
C:\WINDOWS\system32\jLvaprxy.dll
C:\WINDOWS\system32\iBssvcs.dll
C:\WINDOWS\system32\n4p40e7qeh.dll
C:\WINDOWS\system32\i060lajm1doa.dll
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\joseph.ROOM\Application Data\Dxcknwrd.dll
C:\Documents and Settings\matts\Application Data\Dxcdmns.dll
C:\Documents and Settings\matts\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll
C:\Program Files\DeluxeCommunications\Dxc.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\WINDOWS\system32\dxclib303562752.dll
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll
C:\Program Files\DeluxeCommunications\Dxc.exe
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e16.exe
C:\dfndrff_e18.exe
C:\dfndrff_e17.exe
C:\dfndrff_e23.exe
C:\dfndrff_e19.exe
C:\dfndrff_e20.exe
C:\dfndrff_e21.exe
C:\dfndrff_e22.exe
C:\dfndrff_e25.exe
C:\dfndrff_e24.exe
C:\dfndrff_e26.exe
C:\dfndrff_e31.exe
C:\dfndrff_e27.exe
C:\dfndrff_e28.exe
C:\dfndrff_e29.exe
C:\dfndrff_e30.exe
C:\dfndrff_e32.exe
C:\dfndrff_e33.exe
C:\dfndrff_e34.exe
C:\dfndrff_e35.exe
C:\dfndrff_e36.exe
C:\dfndrff_e37.exe
C:\dfndrff_e38.exe
C:\dfndrff_e40a.exe
C:\dfndrff_e41.exe
C:\dfndrff_e42.exe
C:\dfndrff_e43.exe
C:\dfndrff_e44a.exe
C:\dfndrff_e45.exe
C:\dfndrff_e46a.exe
C:\dfndrff_e47.exe
C:\dfndrff_e48.exe
C:\dfndrff_e49.exe
C:\dfndrff_e50.exe
C:\dfndrff_e51.exe
C:\dfndrff_e52.exe
C:\dfndrff_e53.exe
C:\dfndrff_e54.exe
C:\dfndrff_e55.exe
C:\dfndrff_e56.exe
C:\dfndrff_e62.exe
C:\dfndrff_e64.exe
C:\dfndrff_e65.exe
C:\dfndrff_e66.exe
C:\dfndrff_e68.exe
C:\dfndrff_e69.exe
C:\dfndrff_e72.exe
C:\dfndrff_e73.exe
C:\dfndrff_e75.exe
C:\dfndrff_e76.exe
C:\dfndrff_e91.exe
C:\dfndrff_e98.exe
C:\dfndrff_101.exe
C:\dfndrff_104.exe
C:\dfndrff_109.exe
C:\drsmartload.exe
C:\drsmartload45a45a45k.exe
C:\drsmartload45a45a45l.exe
C:\drsmartload45a45a45m.exe
C:\drsmartload45a45a45n.exe
C:\drsmartload45a45a45s.exe
C:\drsmartload45a45a45t.exe
C:\deskbar_e13.exe
C:\deskbar_e15.exe
C:\deskbar_e17.exe
C:\deskbar_e18.exe
C:\deskbar_e19.exe
C:\deskbar_e20.exe
C:\deskbar_e21.exe
C:\deskbar_e25.exe
C:\deskbar_e26.exe
C:\deskbar_e28.exe
C:\deskbar_e29.exe
C:\deskbar_e31.exe
C:\deskbar_e34.exe
C:\deskbar_e37.exe
C:\deskbar_e39.exe
C:\deskbar_e41.exe
C:\deskbar_e42.exe
C:\deskbar_e44.exe
C:\deskbar_e45.exe
C:\deskbar_e46.exe
C:\deskbar_e47.exe
C:\deskbar_e48.exe
C:\deskbar_e49.exe
C:\deskbar_e50.exe
C:\deskbar_e51.exe
C:\deskbar_e52.exe
C:\deskbar_e53.exe
C:\deskbar_e55.exe
C:\deskbar_e62.exe
C:\deskbar_e64.exe
C:\deskbar_e65.exe
C:\deskbar_e66.exe
C:\deskbar_e68.exe
C:\deskbar_e69.exe
C:\deskbar_e72.exe
C:\deskbar_e73.exe
C:\deskbar_e75.exe
C:\deskbar_e76.exe
C:\deskbar_e91.exe
C:\deskbar_e98.exe
C:\deskbar_e101.exe
C:\deskbar_e104.exe
C:\deskbar_e109.exe
C:\deskbar_e111.exe
C:\kybrdff_e17.exe
C:\kybrdff_e18.exe
C:\kybrdff_e16.exe
C:\kybrdff_e19.exe
C:\kybrdff_e20.exe
C:\kybrdff_e23.exe
C:\kybrdff_e21.exe
C:\kybrdff_e22.exe
C:\kybrdff_e24.exe
C:\kybrdff_e31.exe
C:\kybrdff_e27.exe
C:\kybrdff_e28.exe
C:\kybrdff_e29.exe
C:\kybrdff_e30.exe
C:\kybrdff_e32.exe
C:\kybrdff_e33.exe
C:\kybrdff_e34.exe
C:\kybrdff_e35.exe
C:\kybrdff_e36.exe
C:\kybrdff_e37.exe
C:\kybrdff_e38.exe
C:\kybrdff_e40a.exe
C:\kybrdff_e42.exe
C:\kybrdff_e45.exe
C:\kybrdff_e46.exe
C:\kybrdff_e47.exe
C:\kybrdff_e48.exe
C:\kybrdff_e49.exe
C:\kybrdff_e50.exe
C:\kybrdff_e51.exe
C:\kybrdff_e52.exe
C:\kybrdff_e53.exe
C:\kybrdff_e54.exe
C:\kybrdff_e55.exe
C:\kybrdff_e56.exe
C:\kybrdff_e62.exe
C:\kybrdff_e64.exe
C:\kybrdff_e65.exe
C:\kybrdff_e66.exe
C:\kybrdff_e68.exe
C:\kybrdff_e69.exe
C:\kybrdff_e72.exe
C:\kybrdff_e73.exe
C:\kybrdff_e75.exe
C:\kybrdff_e76.exe
C:\kybrdff_e91.exe
C:\kybrdff_e98.exe
C:\kybrdff_e101.exe
C:\kybrdff_e104.exe
C:\kybrdff_e109.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\nwnmff_e23.exe
C:\nwnmff_e16.exe
C:\nwnmff_e17.exe
C:\nwnmff_e24.exe
C:\nwnmff_e25.exe
C:\nwnmff_e26.exe
C:\nwnmff_e27.exe
C:\nwnmff_e28.exe
C:\nwnmff_e32.exe
C:\nwnmff_e33.exe
C:\nwnmff_e34.exe
C:\nwnmff_e35.exe
C:\nwnmff_e36.exe
C:\nwnmff_e37.exe
C:\nwnmff_e42.exe
C:\nwnmff_e45.exe
C:\nwnmff_e46.exe
C:\nwnmff_e47.exe
C:\nwnmff_e48.exe
C:\nwnmff_e49.exe
C:\nwnmff_e51.exe
C:\nwnmff_e52.exe
C:\nwnmff_e53.exe
C:\nwnmff_e55.exe
C:\Documents and Settings\joseph.ROOM\Local Settings\Temporary Internet Files\Content.IE5\E9W1GJO5\dfndrff_e_uit[1].exe
C:\Documents and Settings\joseph.ROOM\Local Settings\Temporary Internet Files\Content.IE5\C7H1AVVE\deskbar_e[1].exe
C:\Documents and Settings\joseph.ROOM\Local Settings\Temporary Internet Files\Content.IE5\5UUN6HLH\kybrdff_e[1].exe
C:\ac3_0010.exe
C:\RDFX4.exe
C:\Installer4.exe
C:\dollarrev.exe
C:\mc44a48.exe
C:\windows.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Program Files\TheSearchAccelerator
C:\dfndrff_111.exe
C:\kybrdff_e111.exe
C:\nwnmff_e56.exe
C:\Program Files\Common Files\{0B111DDD-02B9-1033-0307-010713200001}
((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))
2006-12-10 02:14 <DIR> d
C:\Documents and Settings\joseph.ROOM\Application Data\Corel
2006-12-08 03:14 83,968 --a
C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-08 03:14 7,424 --a
C:\WINDOWS\system32\drivers\mskssrv.sys
2006-12-08 03:14 52,096 --a
C:\WINDOWS\system32\drivers\msdv.sys
2006-12-08 03:14 5,504 --a
C:\WINDOWS\system32\drivers\mstee.sys
2006-12-08 03:14 5,248 --a
C:\WINDOWS\system32\drivers\mspclock.sys
2006-12-08 03:14 48,512 --a
C:\WINDOWS\system32\drivers\stream.sys
2006-12-08 03:14 47,104 --a
C:\WINDOWS\system32\wstdecod.dll
2006-12-08 03:14 4,608 --a
C:\WINDOWS\system32\drivers\mspqm.sys
2006-12-08 03:14 4,096 --a
C:\WINDOWS\system32\ksuser.dll
2006-12-08 03:14 4,096 --a
C:\WINDOWS\system32\drivers\swenum.sys
2006-12-08 03:14 354,816 --a
C:\WINDOWS\system32\psisdecd.dll
2006-12-08 03:14 18,688 --a
C:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-08 03:14 16,896 --a
C:\WINDOWS\system32\msyuv.dll
2006-12-08 03:14 16,384 --a
C:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-08 03:14 15,104 --a
C:\WINDOWS\system32\drivers\mpe.sys
2006-12-08 03:14 14,976 --a
C:\WINDOWS\system32\drivers\streamip.sys
2006-12-08 03:14 130,304 --a
C:\WINDOWS\system32\drivers\ks.sys
2006-12-08 03:14 11,392 --a
C:\WINDOWS\system32\drivers\bdasup.sys
2006-12-08 03:14 10,880 --a
C:\WINDOWS\system32\drivers\slip.sys
2006-12-08 03:14 10,112 --a
C:\WINDOWS\system32\drivers\ndisip.sys
2006-12-08 03:14 1,230,336 --a
C:\WINDOWS\system32\msvidctl.dll
2006-12-08 03:13 98,816 --a
C:\WINDOWS\system32\dmstyle.dll
2006-12-08 03:13 974,848 --a
C:\WINDOWS\system32\dxdiag.exe
2006-12-08 03:13 80,896 --a
C:\WINDOWS\system32\dpvsetup.exe
2006-12-08 03:13 8,192 --a
C:\WINDOWS\system32\d3d8thk.dll
2006-12-08 03:13 797,184 --a
C:\WINDOWS\system32\d3dim700.dll
2006-12-08 03:13 79,360 --a
C:\WINDOWS\system32\dpwsockx.dll
2006-12-08 03:13 77,824 --a
C:\WINDOWS\system32\dpmodemx.dll
2006-12-08 03:13 76,800 --a
C:\WINDOWS\system32\dmscript.dll
2006-12-08 03:13 733,184 --a
C:\WINDOWS\system32\qedwipes.dll
2006-12-08 03:13 723,968 --a
C:\WINDOWS\system32\dpnet.dll
2006-12-08 03:13 68,096 --a
C:\WINDOWS\system32\dpnhupnp.dll
2006-12-08 03:13 667,648 --a
C:\WINDOWS\system32\dinput8.dll
2006-12-08 03:13 648,704 --a
C:\WINDOWS\system32\dinput.dll
2006-12-08 03:13 64,512 --a
C:\WINDOWS\system32\amstream.dll
2006-12-08 03:13 602,624 --a
C:\WINDOWS\system32\dx7vb.dll
2006-12-08 03:13 58,368 --a
C:\WINDOWS\system32\dmcompos.dll
2006-12-08 03:13 491,520 --a
C:\WINDOWS\system32\dsdmoprp.dll
2006-12-08 03:13 470,528 --a
C:\WINDOWS\system32\qdvd.dll
2006-12-08 03:13 46,592 --a
C:\WINDOWS\system32\dxdllreg.exe
2006-12-08 03:13 381,952 --a
C:\WINDOWS\system32\dsound.dll
2006-12-08 03:13 381,952 --a
C:\WINDOWS\system32\dpvoice.dll
2006-12-08 03:13 34,304 --a
C:\WINDOWS\system32\mciqtz32.dll
2006-12-08 03:13 33,280 --a
C:\WINDOWS\system32\dmloader.dll
2006-12-08 03:13 324,096 --a
C:\WINDOWS\system32\mswebdvd.dll
2006-12-08 03:13 32,768 --a
C:\WINDOWS\system32\dpnhpast.dll
2006-12-08 03:13 316,928 --a
C:\WINDOWS\system32\qdv.dll
2006-12-08 03:13 31,744 --a
C:\WINDOWS\system32\pid.dll
2006-12-08 03:13 3,072 --a
C:\WINDOWS\system32\dpnlobby.dll
2006-12-08 03:13 3,072 --a
C:\WINDOWS\system32\dpnaddr.dll
2006-12-08 03:13 292,864 --a
C:\WINDOWS\system32\ddraw.dll
2006-12-08 03:13 28,160 --a
C:\WINDOWS\system32\dplaysvr.exe
2006-12-08 03:13 27,136 --a
C:\WINDOWS\system32\dmband.dll
2006-12-08 03:13 257,024 --a
C:\WINDOWS\system32\qcap.dll
2006-12-08 03:13 24,064 --a
C:\WINDOWS\system32\ddrawex.dll
2006-12-08 03:13 230,400 --a
C:\WINDOWS\system32\dplayx.dll
2006-12-08 03:13 19,968 --a
C:\WINDOWS\system32\dpvacm.dll
2006-12-08 03:13 186,880 --a
C:\WINDOWS\system32\dsdmo.dll
2006-12-08 03:13 181,248 --a
C:\WINDOWS\system32\dmime.dll
2006-12-08 03:13 18,944 --a
C:\WINDOWS\system32\encapi.dll
2006-12-08 03:13 18,432 --a
C:\WINDOWS\system32\dswave.dll
2006-12-08 03:13 16,896 --a
C:\WINDOWS\system32\dpnsvr.exe
2006-12-08 03:13 132,608 --a
C:\WINDOWS\system32\devenum.dll
2006-12-08 03:13 13,312 --a
C:\WINDOWS\system32\msdmo.dll
2006-12-08 03:13 122,880 --a
C:\WINDOWS\system32\dmusic.dll
2006-12-08 03:13 112,128 --a
C:\WINDOWS\system32\dpvvox.dll
2006-12-08 03:13 100,864 --a
C:\WINDOWS\system32\dmsynth.dll
2006-12-08 03:13 1,962,496 --a
C:\WINDOWS\system32\quartz.dll
2006-12-08 03:13 1,798,144 --a
C:\WINDOWS\system32\qedit.dll
2006-12-08 03:13 1,769,472 --a
C:\WINDOWS\system32\dxdiagn.dll
2006-12-08 03:13 1,703,936 --a
C:\WINDOWS\system32\d3d9.dll
2006-12-08 03:13 1,294,336 --a
C:\WINDOWS\system32\dsound3d.dll
2006-12-08 03:13 1,201,152 --a
C:\WINDOWS\system32\d3d8.dll
2006-12-08 03:13 1,189,888 --a
C:\WINDOWS\system32\dx8vb.dll
2006-12-05 22:21 <DIR> d
C:\Program Files\Hijackthis
2006-12-05 17:43 <DIR> d
C:\Program Files\Common Files\Borland Shared
2006-12-05 17:37 <DIR> d
C:\Program Files\WordPerfect Office 11
2006-12-05 17:37 <DIR> d
C:\Program Files\Common Files\Corel
2006-12-05 16:21 <DIR> d
C:\Documents and Settings\joseph.ROOM\Application Data\MSNInstaller
2006-11-13 10:34 438,272 --a
C:\windows_e56.exe
2006-11-13 10:33 32,768 --a
C:\mc44a56.exe
2006-11-12 10:31 6,687 --a
C:\WINDOWS\system32\ldcore.dll
2006-11-12 10:30 425,984 --a
C:\windows_e55.exe
2006-11-12 10:30 32,768 --a
C:\mc44a55.exe
2006-11-12 00:00 20,480 --a
C:\mc44a54.exe
2006-11-10 07:20 143,360 --a
C:\yz02.exe
2006-11-10 00:02 434,176 --a
C:\windows_e53.exe
2006-11-10 00:00 20,480 --a
C:\mc44a53.exe
2006-11-08 15:10 430,080 --a
C:\windows_e52.exe
2006-11-08 15:10 24,576 --a
C:\mc44a52.exe
2006-11-08 00:01 442,368 --a
C:\windows_e51.exe
2006-11-08 00:00 24,576 --a
C:\mc44a51.exe
2006-11-07 00:01 24,576 --a
C:\mc44a50.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-13 10:57 49 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb41.dat
2006-12-13 10:57 382 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb1942.dat
2006-12-13 10:57 179200 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb4827.dat
2006-12-13 10:56 151 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb7098.dat
2006-12-13 10:56 13046 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb5436.dat
2006-12-13 10:56 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb4604.dat
2006-12-10 02:14 61678 --a
C:\Documents and Settings\joseph.ROOM\Application Data\PFP110JPR.{PB
2006-12-10 02:14 12358 --a
C:\Documents and Settings\joseph.ROOM\Application Data\PFP110JCM.{PB
2006-11-17 21:43 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb2391.dat
2006-11-16 21:42 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb153.dat
2006-11-13 11:17 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb8253.dat
2006-11-13 11:17 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb3902.dat
2006-11-06 00:01 28672 --a
C:\mc44a49.exe
2006-11-03 20:37 28672 --a
C:\mc44a47.exe
2006-11-02 17:15 28672 --a
C:\mc44a46.exe
2006-11-01 17:10 24576 --a
C:\mc44a45.exe
2006-11-01 00:01 24576 --a
C:\mc44a44.exe
2006-10-31 00:02 24576 --a
C:\mc44a43.exe
2006-10-29 07:21 24576 --a
C:\mc44a42.exe
2006-10-29 01:00 24576 --a
C:\mc44a41.exe
2006-10-28 00:01 24576 --a
C:\mc44a40a.exe
2006-10-27 00:01 16384 --a
C:\mc44a38.exe
2006-10-26 00:02 16384 --a
C:\mc44a37.exe
2006-10-24 14:59 16384 --a
C:\mc44a36.exe
2006-10-23 01:00 20480 --a
C:\mc44a35.exe
2006-10-22 00:01 20480 --a
C:\mc44a34.exe
2006-10-21 17:41 9216 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb8467.dat
2006-10-21 17:41 23 --a
C:\Documents and Settings\joseph.ROOM\Application Data\inifile41.ini
2006-10-21 17:40 0 --a
C:\Documents and Settings\joseph.ROOM\Application Data\internaldb6334.dat
2006-10-19 00:00 24576 --a
C:\mc44a3.exe
2006-10-18 00:01 24576 --a
C:\mc44a2.exe
2006-10-15 12:44
d
C:\Program Files\Thomson
2006-10-13 00:05 69165 --a
C:\pp4ico.exe
2006-10-08 14:51
d
C:\Program Files\Spybot - Search & Destroy
2006-10-07 16:36 96768
C:\WINDOWS\system32\dxclib303562752.dll
2006-10-07 16:35 32768 --a
C:\DXC9.exe
2006-09-28 19:42 4 --a
C:\WINDOWS\info147.sys
2006-09-27 22:22 1233 --a
C:\WINDOWS\system32\xag08a1c.sys
2006-09-27 22:20 53120 --a
C:\WINDOWS\srviolfssx.exe
2006-09-27 22:20 367616 --a
C:\919_133.exe
2006-09-15 17:17 53248 --a
C:\WINDOWS\uni_e6h.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Win WinAmp"="winamp.exe"
"ownsuser"="C:\\DOCUME~1\\JOSEPH~1.ROO\\APPLIC~1\\INSIDE~1\\Poll Locks.exe"
"Registry Cleaner"="\"C:\\Program Files\\Registry Cleaner Trial\\regclean.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus1.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Win WinAmp"="winamp.exe"
"Tsl2"="C:\\PROGRA~1\\COMMON~1\\tsa\\tsl2.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"StandardInstall"=""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus1.exe\""
"Microsoft Update"="Wupdate32.exe"
"BlockChecker"="C:\\Program Files\\Block Checker\\block-checker.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"2Search"="C:\\Program Files\\2search\\main.exe"
"xag08a1c"="RUNDLL32.EXE w3bb2ae7.dll,n 00508a170000000a3bb2ae7"
"windows"="C:\\\\windows_e56.exe"
"QuickFinder Scheduler"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"="mstask.exe"
"Win WinAmp"="winamp.exe"
"Microsoft Update"="Wupdate32.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,8a,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ClassicShell"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-14 3:00:37.01
C:\ComboFix3.txt ... 06-12-07 18:11
C:\ComboFix2.txt ... 06-12-13 06:36
C:\ComboFix.txt ... 06-12-14 03:00
Logfile of HijackThis v1.99.1
Scan saved at 3:09:51 AM, on 12/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\windows_e56.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\wallpap.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourstartingpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - (no file)
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\System32\SearchTool\nsiE3.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\System32\SmartShopper\SmartShopper0.dll
O2 - BHO: (no name) - {7ECD3451-57C4-42F9-997D-FA5A71249E1E} - C:\Program Files\Outlook Express\megovamaf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Win WinAmp] winamp.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Microsoft Update] Wupdate32.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [xag08a1c] RUNDLL32.EXE w3bb2ae7.dll,n 00508a170000000a3bb2ae7
O4 - HKLM\..\Run: [windows] C:\\windows_e56.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Win WinAmp] winamp.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Wupdate32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win WinAmp] winamp.exe
O4 - HKCU\..\Run: [ownsuser] C:\DOCUME~1\JOSEPH~1.ROO\APPLIC~1\INSIDE~1\Poll Locks.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead