Random Popups, No Internet Connection

V-P

I haven't had an internet connection on this particular laptop for the past two weeks and today is the first time I've connected. It was fine before I went to Florida two weeks ago and all of a sudden I'm noticing problems like Automatic Updates is enabled but windows keeps showing me a dialog that says it's disabled. Here's the HiJackThis log. Any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:58 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [74231231] rundll32.exe "C:\WINDOWS\system32\qetehakn.dll",b
O4 - HKLM\..\Run: [BM771021ad] Rundll32.exe "C:\WINDOWS\system32\dmlmlxcj.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA9046] command /c del "C:\WINDOWS\system32\dmlmlxcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9836] cmd /c del "C:\WINDOWS\system32\dmlmlxcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2530] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7670] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9581] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9608] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215736016904
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5059 bytes

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

No Antivirus

I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list ( Home users only)
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST




Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Installed Programs

Please could you give me a list of the programs that are installed.

• Start HijackThis
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

V-P

Malwarebytes' Anti-Malware 1.24
Database version: 1042
Windows 5.1.2600 Service Pack 3

3:41:25 PM 8/11/2008
mbam-log-8-11-2008 (15-41-25).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 190907
Time elapsed: 1 hour(s), 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d1adf58-65b2-4def-81b5-f2db6c26455f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d1adf58-65b2-4def-81b5-f2db6c26455f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jvsxmq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temp\sljegsxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\4MFKWJRQ\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\4MFKWJRQ\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\NBJHKUYO\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\QEVX59O2\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP48\A0022316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP48\A0022330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP49\A0023403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP49\A0023405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP49\A0023462.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP50\A0023474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024741.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP51\A0024743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76DB93D-73FA-47E3-BA79-0AABB618DCE6}\RP52\A0024856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\asmwvqmi.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\didfhiae.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\fccyxxYO.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jvsxmq.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kybghiyo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\mkawelhv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\oyqqjasc.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pihypu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\pzydsv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\svfjipcb.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\tijtvfid.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\tuvvUNhf.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\yayvUKaY.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\yblxue.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ycvkxhua.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onivygui.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hexhkgwx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyljjgvj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM771021ad.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM771021ad.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
BearShare
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bonjour
CCleaner (remove only)
CrossLoop 2.20
DivX Codec
DivX Player
DivX Web Player
EA*SPORTS™ NBA*LIVE*08
FlashGet 1.9.0.1012
foobar2000 v0.9.5.4
Foxit Reader
Free FTP
HijackThis 2.0.2
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
mIRC
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
Nero 7 Ultra Edition
neroxml
Netflix Movie Viewer
nLite 1.4.7
NVIDIA Drivers
PDF Settings
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Trillian
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.6h
VirtualCloneDrive
Winamp
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:21 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3B4F5066-DC5F-4C34-BA2A-DBCB6A5D14FC} - C:\WINDOWS\system32\fccyxxYO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {f55462c6-bd2f-5b18-fed4-2b5685fda1d9} - {9d1adf58-65b2-4def-81b5-f2db6c26455f} - C:\WINDOWS\system32\jvsxmq.dll (file missing)
O2 - BHO: (no name) - {D23FAAE1-3F8A-4BC2-9ABB-D48840F153CD} - C:\WINDOWS\system32\tuvvUNhf.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [74231231] rundll32.exe "C:\WINDOWS\system32\svfjipcb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215736016904
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6017 bytes

Katana

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

V-P

ComboFix 08-08-12.01 - Me 2008-08-12 20:03:47.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2194 [GMT -4:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Me\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Me\Application Data\macromedia\Flash Player\#SharedObjects\HAE8KEBP\interclick.com
C:\Documents and Settings\Me\Application Data\macromedia\Flash Player\#SharedObjects\HAE8KEBP\interclick.com\ud.sol
C:\Documents and Settings\Me\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Me\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\ehcnholg.ini
C:\WINDOWS\system32\fhNUvvut.ini
C:\WINDOWS\system32\fhNUvvut.ini2
C:\WINDOWS\system32\moflvgox.ini
C:\WINDOWS\system32\nkaheteq.ini
C:\WINDOWS\system32\qnkmltvf.ini

.
(((((((((((((((((((((((((   Files Created from 2008-07-13 to 2008-08-13  )))))))))))))))))))))))))))))))
.

2008-08-11 14:09 . 2008-08-11 14:09	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 14:09 . 2008-08-11 14:09	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-08-11 14:09 . 2008-08-11 14:09	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 14:09 . 2008-07-30 20:07	38,472	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 14:09 . 2008-07-30 20:07	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 21:37 . 2008-08-10 21:37	<DIR>	d--------	C:\Program Files\Lavasoft
2008-08-10 21:37 . 2008-08-10 21:38	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 21:36 . 2008-08-10 21:36	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 21:11 . 2008-08-10 21:11	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-08-10 15:20 . 2008-08-10 16:33	<DIR>	d--------	C:\Downloads
2008-08-10 15:19 . 2008-08-12 20:24	<DIR>	d--------	C:\Program Files\FlashGet
2008-08-10 15:07 . 2008-08-10 15:07	<DIR>	d--------	C:\Program Files\Trend Micro
2008-08-10 15:07 . 2008-08-10 15:07	<DIR>	d--------	C:\Program Files\Panda Security
2008-08-09 20:57 . 2008-08-11 15:41	<DIR>	d--------	C:\VundoFix Backups
2008-08-06 10:29 . 2008-08-06 10:29	21,986	--a------	C:\WINDOWS\system32\iddadvpk.dll
2008-08-05 23:17 . 2008-08-05 23:17	22,004	--a------	C:\WINDOWS\system32\wkupefpd.dll
2008-08-05 17:02 . 2008-08-05 17:02	<DIR>	d--------	C:\Program Files\KLC
2008-08-05 16:53 . 2000-05-22 00:00	203,976	--a------	C:\WINDOWS\system32\RICHTX32.OCX
2008-08-05 16:53 . 1999-12-07 07:00	61,491	--a------	C:\WINDOWS\system32\wbemdisp.TLB
2008-08-03 03:30 . 2008-05-06 02:01	45,056	--a------	C:\WINDOWS\system32\WNASPI32.DLL
2008-08-03 03:30 . 2008-05-06 02:01	16,512	--a------	C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-03 01:00 . 2008-08-03 01:00	<DIR>	d--------	C:\temp
2008-08-03 01:00 . 2008-08-03 01:00	<DIR>	d--------	C:\Program Files\PQDVD
2008-08-03 00:08 . 2008-08-03 00:10	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Apple Computer
2008-08-03 00:07 . 2008-08-03 00:07	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-08-03 00:07 . 2008-08-03 00:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-03 00:07 . 2008-07-22 20:32	32,000	--a------	C:\WINDOWS\system32\drivers\usbaapl.sys
2008-08-03 00:06 . 2008-08-03 00:06	<DIR>	d--------	C:\Program Files\Common Files\Apple
2008-08-03 00:06 . 2008-08-03 00:06	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple
2008-08-02 23:30 . 2008-08-02 23:30	<DIR>	d--------	C:\WINDOWS\tiinst
2008-08-02 11:07 . 2008-04-14 05:42	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2008-08-02 11:07 . 2008-04-14 00:15	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-02 11:07 . 2008-04-14 00:15	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-02 11:07 . 2001-08-17 22:36	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2008-07-28 23:29 . 2008-07-28 23:29	<DIR>	d--------	C:\Program Files\EA SPORTS
2008-07-28 23:29 . 2004-07-09 04:26	354,816	--a------	C:\WINDOWS\system32\psisdecd.dll
2008-07-28 23:29 . 2004-07-09 04:26	354,816	--a--c---	C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-07-28 23:29 . 2004-07-09 04:26	47,104	--a--c---	C:\WINDOWS\system32\dllcache\wstdecod.dll
2008-07-28 23:29 . 2004-07-09 04:26	30,208	--a------	C:\WINDOWS\system32\psisrndr.ax
2008-07-28 23:29 . 2004-07-09 04:26	30,208	--a--c---	C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-07-26 23:04 . 2008-07-26 23:04	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-07-26 23:04 . 2008-07-26 23:04	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\SystemRequirementsLab
2008-07-24 20:22 . 2008-08-03 01:00	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-07-24 10:16 . 2008-07-24 10:16	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-23 23:36 . 2008-07-23 23:36	<DIR>	d--------	C:\Program Files\Common Files\Adobe AIR
2008-07-23 23:36 . 2008-07-23 23:36	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2008-07-23 13:58 . 2008-07-23 16:52	<DIR>	d--------	C:\Program Files\EA GAMES
2008-07-23 13:58 . 2004-08-18 04:34	442,368	-ra------	C:\WINDOWS\system32\vp6vfw.dll
2008-07-23 13:14 . 2008-07-23 13:15	<DIR>	d--------	C:\Program Files\Free FTP
2008-07-22 23:20 . 2008-07-22 23:20	<DIR>	d--------	C:\Program Files\CrossLoop
2008-07-22 22:40 . 2008-07-24 23:40	<DIR>	d--------	C:\Program Files\nLite
2008-07-22 18:00 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2008-07-22 18:00 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2008-07-22 18:00 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2008-07-22 17:39 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-07-22 17:38 . 2008-07-22 17:38	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-07-22 17:37 . 2008-07-22 17:37	<DIR>	d--------	C:\Program Files\MSBuild
2008-07-22 17:36 . 2008-07-22 17:36	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-07-22 17:33 . 2008-07-22 17:34	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8
2008-07-22 17:32 . 2008-07-22 17:37	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-07-22 17:31 . 2008-07-22 17:31	<DIR>	dr-h-----	C:\MSOCache
2008-07-22 17:31 . 2008-08-03 03:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 14:53 . 2008-04-23 00:16	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-21 14:53 . 2007-04-17 05:32	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-21 14:53 . 2007-03-08 01:10	991,232	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-21 14:53 . 2008-04-23 00:16	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-21 14:53 . 2008-04-23 00:16	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-21 14:53 . 2008-04-23 00:16	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-21 14:53 . 2008-04-23 00:16	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-21 14:53 . 2008-04-23 00:16	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-21 14:53 . 2008-04-22 03:39	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-21 14:45 . 2008-07-21 14:45	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-07-16 22:29 . 2008-04-14 00:10	10,240	---------	C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-07-16 22:28 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]02671_.tmp
2008-07-15 14:37 . 2008-07-15 14:39	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Ahead
2008-07-15 14:35 . 2008-07-15 14:35	<DIR>	d--------	C:\Program Files\Nero
2008-07-15 14:35 . 2008-07-15 14:36	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2008-07-15 14:35 . 2008-07-15 14:35	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
2008-07-15 01:16 . 2008-07-15 01:16	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\Roxio
2008-07-15 01:16 . 2008-08-11 23:36	156	--a------	C:\WINDOWS\Twunk001.MTX
2008-07-15 01:16 . 2008-08-11 23:36	3	--a------	C:\WINDOWS\Twain001.Mtx
2008-07-15 01:16 . 2008-07-15 01:16	0	--a------	C:\WINDOWS\Twunk002.MTX
2008-07-15 01:10 . 2008-07-15 01:10	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Roxio
2008-07-15 01:10 . 2008-07-15 01:10	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Research In Motion
2008-07-15 01:10 . 2008-08-11 23:49	256	--a------	C:\WINDOWS\system32\pool.bin
2008-07-15 01:09 . 2008-07-15 01:09	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-15 01:09 . 2008-07-15 01:09	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-15 01:08 . 2008-07-15 01:08	<DIR>	d--------	C:\Program Files\Roxio
2008-07-15 01:08 . 2008-07-15 01:08	<DIR>	d--------	C:\Program Files\Common Files\Sonic Shared
2008-07-15 01:08 . 2008-07-15 01:08	<DIR>	d--------	C:\Program Files\Common Files\Roxio Shared
2008-07-15 01:08 . 2008-07-15 01:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-15 01:07 . 2007-01-18 10:24	26,496	-ra------	C:\WINDOWS\system32\drivers\RimSerial.sys
2008-07-15 01:06 . 2008-07-15 01:06	<DIR>	d--------	C:\Program Files\Research In Motion
2008-07-15 01:06 . 2008-07-15 01:06	<DIR>	d--------	C:\Program Files\Common Files\Research In Motion
2008-07-14 22:48 . 2008-07-14 22:48	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\DivX
2008-07-14 22:46 . 2008-07-14 22:46	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-14 22:45 . 2008-07-14 22:45	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-07-14 21:41 . 2008-07-14 22:32	<DIR>	d--------	C:\Documents and Settings\Me\Application Data\Download Manager
2008-07-13 19:35 . 2008-08-10 23:03	1,220	--a------	C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 00:10	---------	d-----w	C:\Documents and Settings\Me\Application Data\mIRC
2008-08-12 18:39	---------	d-----w	C:\Program Files\mIRC
2008-08-12 18:20	---------	d-----w	C:\Documents and Settings\Me\Application Data\dvdcss
2008-08-12 17:07	---------	d-----w	C:\Program Files\PeerGuardian2
2008-08-12 17:07	---------	d-----w	C:\Documents and Settings\Me\Application Data\uTorrent
2008-08-11 14:28	---------	d-----w	C:\Program Files\Trillian
2008-08-08 04:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 04:08	---------	d-----w	C:\Program Files\QuickTime
2008-08-03 04:08	---------	d-----w	C:\Program Files\Bonjour
2008-08-03 03:36	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-22 05:30	---------	d-----w	C:\Documents and Settings\Me\Application Data\Winamp
2008-07-15 16:43	---------	d-----w	C:\Program Files\BearShare
2008-07-15 05:08	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-13 23:23	---------	d-----w	C:\Program Files\CCleaner
2008-07-12 16:47	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 15:59	---------	d-----w	C:\Program Files\MP3Gain
2008-07-12 15:26	---------	d-----w	C:\Documents and Settings\Me\Application Data\vlc
2008-07-12 15:04	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-07-12 15:00	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2008-07-12 14:46	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-07-12 03:32	---------	d-----w	C:\Program Files\Unlocker
2008-07-12 00:49	---------	d-----w	C:\Program Files\Elaborate Bytes
2008-07-11 18:53	---------	d-----w	C:\Program Files\Realtek
2008-07-11 18:53	---------	d-----w	C:\Documents and Settings\Me\Application Data\InstallShield
2008-07-11 03:53	---------	d-----w	C:\Program Files\Netflix
2008-07-11 03:29	359,040	----a-w	C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-07-11 01:41	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-07-11 01:35	---------	d-----w	C:\Program Files\uTorrent
2008-07-11 01:35	---------	d-----w	C:\Documents and Settings\Me\Application Data\DAEMON Tools
2008-07-11 01:34	---------	d-----w	C:\Documents and Settings\Me\Application Data\foobar2000
2008-07-11 01:33	---------	d-----w	C:\Program Files\VideoLAN
2008-07-11 01:33	---------	d-----w	C:\Program Files\foobar2000
2008-07-11 01:31	---------	d-----w	C:\Program Files\Winamp
2008-07-11 01:30	---------	d-----w	C:\Program Files\DivX
2008-07-11 01:28	---------	d-----w	C:\Program Files\Windows Media Connect 2
2008-07-11 01:27	---------	d-----w	C:\Program Files\Foxit Software
2008-07-11 01:21	---------	d-----w	C:\Program Files\Java
2008-07-11 01:20	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-11 01:11	---------	d-----w	C:\Program Files\Intel
2008-07-11 01:05	---------	d-----w	C:\Program Files\Synaptics
2008-07-11 00:25	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-07-11 00:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-10 23:36	---------	d-----w	C:\Program Files\microsoft frontpage
2008-07-03 21:03	4,745,216	----a-w	C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-03 20:51	16,876,032	----a-w	C:\WINDOWS\RTHDCPL.exe
2008-06-20 11:51	361,600	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40	138,496	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08	225,856	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 20:42	2,808,832	----a-w	C:\WINDOWS\alcwzrd.exe
2008-06-19 20:27	9,715,200	----a-w	C:\WINDOWS\RTLCPL.exe
2008-06-19 20:20	57,344	----a-w	C:\WINDOWS\Alcmtr.exe
2008-06-18 22:01	77,824	----a-w	C:\WINDOWS\SoundMan.exe
2008-06-13 11:05	272,128	----a-w	C:\WINDOWS\system32\drivers\bthport.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 12:22 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 13:51 8523776]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 07:44 1990704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-08 12:22 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-11 13:51 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-03-06 16:19 236016 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

.
- - - - ORPHANS REMOVED - - - -

BHO-{3B4F5066-DC5F-4C34-BA2A-DBCB6A5D14FC} - C:\WINDOWS\system32\fccyxxYO.dll
BHO-{D23FAAE1-3F8A-4BC2-9ABB-D48840F153CD} - C:\WINDOWS\system32\tuvvUNhf.dll
HKLM-Run-74231231 - C:\WINDOWS\system32\svfjipcb.dll
ShellExecuteHooks-{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - (no file)
MSConfigStartUp-74231231 - C:\WINDOWS\system32\mkawelhv.dll
MSConfigStartUp-BM771021ad - C:\WINDOWS\system32\vshppmrg.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\9idweqod.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - yahoo.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 20:24:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-08-12 20:30:41 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-13 00:29:37

Pre-Run: 96,484,786,176 bytes free
Post-Run: 96,346,091,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

268	--- E O F ---	2008-08-03 07:05:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:22 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215736016904
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5567 bytes

Katana

I still can't see any Antivirus !!!



IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent
BearShare

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.



OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop

• Double-click OTMoveIt2.exe to run it.
• Copy the lines in the codebox below.

C:\WINDOWS\system32\iddadvpk.dll
C:\WINDOWS\system32\wkupefpd.dll
C:\temp\*.*

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small Save button and save the report to your desktop.
• Please post the report in your reply.

Veka

This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead