# Photo Gallery Virus... Again!



## WillWill56 (Sep 26, 2007)

Yep, that's right, I've had this one before  . Problem is, I forgot how to get rid of it.
I searched the internet and only found one thread and they haven't fixed the problem yet.
So I came here.

Edit: AAAAARRRRRGGGGGHHHHH! I forgot to tell you the most important bit! It's a windows installer package that starts itself whenever I start certain programs.
It runs through the "msiexec.exe" process.

PS: I got this virus after I cleaned my registry, so it either came with the reg cleaning program, or a faulty reg entry was holding it back. Hope that helps you.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:32 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {273D9CD8-7C64-7A9E-4510-58C7ED7DB1C2} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iiNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-image.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Billy.LEES-PC\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


----------



## Cheeseball81 (Mar 3, 2004)

Hi and welcome

Download the Trial version of *Superantispyware Pro (SAS)*: 
http://www.superantispyware.com/superantispyware.html?rid=3132

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.


----------



## WillWill56 (Sep 26, 2007)

Sorry for not posting a log, but SUPERAntispyware fixed the problem along with some other things and my computer is heaps faster. Thanks!


----------



## Cheeseball81 (Mar 3, 2004)

I would still post a new Hijack This log


----------



## WillWill56 (Sep 26, 2007)

Hey, sorry 'bout taking so long. Got a new virus.

It's a "Win32/Tenga.gen" virus, as described by NOD32, the anti-virus
program I was forced to use after it attacked AVG. How it did I don't know.
It infects all exe files.

Anyway, here's the log

Logfile of HijackThis v1.99.1
Scan saved at 5:58:07 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {273D9CD8-7C64-7A9E-4510-58C7ED7DB1C2} - (no file)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - Global Startup: Kodak EasyShare software.lnk = ?
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iiNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-image.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Billy.LEES-PC\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


----------



## Cheeseball81 (Mar 3, 2004)

Download *ComboFix* to your Desktop.


Double click *combofix.exe * and follow the prompts.
When finished, it will produce a log for you. Post that log and a new *HijackThis* log in your next reply
*Note: Do not mouseclick combofix's window while it's running as that may cause it to stall*


----------



## WillWill56 (Sep 26, 2007)

Here is one the logs. The HijackThis log is in a seperate post due to post length restrictions.
ComboFix also got rid of some more bad things (mainly a toolbar in Internet Explorer).

ComboFix 07-10-12.4 - Billy 2007-10-14 10:14:56.1 - NTFSx86 
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.240 [GMT 10:00]
Running from: C:\Documents and Settings\Billy.LEES-PC\Desktop\Programs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\FNTS~1
C:\Documents and Settings\Billy.LEES-PC\Application Data\inst.exe
C:\Documents and Settings\Lees\Application Data\FNTS~1
C:\Documents and Settings\Lees\Application Data\inst.exe
C:\Program Files\asks~1
C:\Program Files\asks~1\?asks\
C:\Program Files\Common Files\{3C5CB~1
C:\Program Files\Common Files\{6C5CB~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\0013F773.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\001AE427.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\0002CE91.dat
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\budyicon\fwpbuddy.png
C:\Program Files\MyWebSearch\bar\Cache\0001F5F4
C:\Program Files\MyWebSearch\bar\Cache\000204E8
C:\Program Files\MyWebSearch\bar\Cache\00028A73
C:\Program Files\MyWebSearch\bar\Cache\0002B164.bin
C:\Program Files\MyWebSearch\bar\Cache\000327DC
C:\Program Files\MyWebSearch\bar\Cache\00033FE8
C:\Program Files\MyWebSearch\bar\Cache\0005B983
C:\Program Files\MyWebSearch\bar\Cache\00060DDD
C:\Program Files\MyWebSearch\bar\Cache\00068928
C:\Program Files\MyWebSearch\bar\Cache\0009D18C
C:\Program Files\MyWebSearch\bar\Cache\000A0B4A
C:\Program Files\MyWebSearch\bar\Cache\000AA9CC
C:\Program Files\MyWebSearch\bar\Cache\000EE71F
C:\Program Files\MyWebSearch\bar\Cache\00147FAE
C:\Program Files\MyWebSearch\bar\Cache\0016BB56.bin
C:\Program Files\MyWebSearch\bar\Cache\0016C018.bin
C:\Program Files\MyWebSearch\bar\Cache\001D0060
C:\Program Files\MyWebSearch\bar\Cache\00217FAF
C:\Program Files\MyWebSearch\bar\Cache\0023E5A2
C:\Program Files\MyWebSearch\bar\Cache\002413F6
C:\Program Files\MyWebSearch\bar\Cache\002BFF2F.bin
C:\Program Files\MyWebSearch\bar\Cache\002C4918.bin
C:\Program Files\MyWebSearch\bar\Cache\002C4E97
C:\Program Files\MyWebSearch\bar\Cache\002DC671
C:\Program Files\MyWebSearch\bar\Cache\003C5158
C:\Program Files\MyWebSearch\bar\Cache\004D4937.bin
C:\Program Files\MyWebSearch\bar\Cache\004D61C0.bin
C:\Program Files\MyWebSearch\bar\Cache\004D9360.bin
C:\Program Files\MyWebSearch\bar\Cache\004DB196.bin
C:\Program Files\MyWebSearch\bar\Cache\004DC117.bin
C:\Program Files\MyWebSearch\bar\Cache\005A9574
C:\Program Files\MyWebSearch\bar\Cache\006772D9
C:\Program Files\MyWebSearch\bar\Cache\006EBF51.bin
C:\Program Files\MyWebSearch\bar\Cache\00717FE8
C:\Program Files\MyWebSearch\bar\Cache\009725C9
C:\Program Files\MyWebSearch\bar\Cache\00F52A73
C:\Program Files\MyWebSearch\bar\Cache\012C3E7C
C:\Program Files\MyWebSearch\bar\Cache\086A9974
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\system32\_000121_.tmp.dll
C:\WINDOWS\system32\_000239_.tmp.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 10:14	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-11 10:44	512,096	---------	C:\WINDOWS\system32\drivers\amon.sys
2007-10-11 10:44	299,392	---------	C:\WINDOWS\system32\imon.dll
2007-10-11 10:44	15,424	---------	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-11 10:41	234	---------	C:\Documents and Settings\Billy.LEES-PC\dl.exe
2007-10-11 10:09 d--------	C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-11 09:30	16,384	-----c---	C:\WINDOWS\system32\dllcache\isignup.exe
2007-10-11 09:12	24,661	--a------	C:\WINDOWS\system32\spxcoins.dll
2007-10-11 09:12	24,661	-----c---	C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-11 09:12	13,312	--a------	C:\WINDOWS\system32\irclass.dll
2007-10-11 09:12	13,312	-----c---	C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-11 08:32 d--------	C:\Documents and Settings\Administrator\Application Data\wsInspector
2007-10-10 19:15 d--------	C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-10-10 19:03 d--------	C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-10 13:01 d--------	C:\WINDOWS\system32\Bigpond V8 Supercars Screensaver dir
2007-10-10 13:01	520,192	---------	C:\WINDOWS\system32\Bigpond V8 Supercars Screensaver.scr
2007-10-06 17:10	344,064	---------	C:\WINDOWS\system32\drivers\rt73.sys
2007-10-06 17:10	20,747	---------	C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-06 17:09	537,600	---------	C:\WINDOWS\system32\ASWL2K.exe
2007-10-06 17:09	499,712	---------	C:\WINDOWS\system32\ASWLSVC.exe
2007-10-06 17:09	159,744	---------	C:\WINDOWS\system32\RemSvc.exe
2007-10-06 17:07	104,320	---------	C:\WINDOWS\system32\drivers\rt2500usb.sys
2007-10-05 18:23 d--------	C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-05 18:22 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\NCH Swift Sound
2007-10-03 18:27 d--------	C:\Program Files\RamBooster 2.0
2007-09-30 17:07 d--------	C:\Program Files\Advanced GIF Animator
2007-09-29 16:15 d--------	C:\Program Files\SUPERAntiSpyware
2007-09-29 16:15 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\SUPERAntiSpyware.com
2007-09-29 16:15 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-29 16:13 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-09-29 15:52 d--------	C:\Program Files\MetaStream
2007-09-29 15:52 d--------	C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-29 15:00 d--------	C:\Program Files\Easy GIF Animator
2007-09-26 14:57 d--------	C:\WINDOWS\pss
2007-09-26 10:53 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\wsInspector
2007-09-26 10:51 d--------	C:\Program Files\Startup Inspector for Windows
2007-09-25 18:14 d--------	C:\Documents and Settings\Billy.LEES-PC\Support
2007-09-25 18:14 d--------	C:\Documents and Settings\Billy.LEES-PC\DirectX
2007-09-25 18:14 d--------	C:\Documents and Settings\Billy.LEES-PC\AutoRun
2007-09-25 18:14	380,928	---------	C:\Documents and Settings\Billy.LEES-PC\server.dll
2007-09-25 18:14	23,552	---------	C:\Documents and Settings\Billy.LEES-PC\setup.exe
2007-09-25 18:12	625,035,295	---------	C:\Documents and Settings\Billy.LEES-PC\0compressed.zip
2007-09-25 18:12	7,577,600	---------	C:\Documents and Settings\Billy.LEES-PC\nfsc_demo.exe
2007-09-25 18:12	720,896	---------	C:\Documents and Settings\Billy.LEES-PC\EAInstall.dll
2007-09-25 18:12	569,344	---------	C:\Documents and Settings\Billy.LEES-PC\AutoRun.exe
2007-09-25 18:12	528,384	---------	C:\Documents and Settings\Billy.LEES-PC\AutoRunGUI.dll
2007-09-25 18:12	499,712	---------	C:\Documents and Settings\Billy.LEES-PC\msvcp71.dll
2007-09-25 18:12	348,160	---------	C:\Documents and Settings\Billy.LEES-PC\msvcr71.dll
2007-09-25 18:12	253,952	---------	C:\Documents and Settings\Billy.LEES-PC\eauninstall.exe
2007-09-25 18:12	53,248	---------	C:\Documents and Settings\Billy.LEES-PC\nfs_inst.exe
2007-09-25 18:12	258	---------	C:\Documents and Settings\Billy.LEES-PC\dat.bin
2007-09-25 17:57 d--------	C:\Program Files\Abexo
2007-09-25 09:11 d--------	C:\Program Files\AC3Filter
2007-09-25 07:43 d--------	C:\Program Files\Codec Pack - All In 1
2007-09-24 20:29 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\Ahead
2007-09-24 20:11 d--------	C:\Program Files\Nero
2007-09-19 10:07 d--------	C:\Documents and Settings\Lees\Application Data\IDM
2007-09-19 10:07 d--------	C:\Documents and Settings\Lees\Application Data\DMCache
2007-09-18 14:55 d--------	C:\Program Files\Internet Download Manager
2007-09-18 14:55 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\IDM
2007-09-18 14:55 d--------	C:\Documents and Settings\Billy.LEES-PC\Application Data\DMCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 01:53	90,112	------w	C:\WINDOWS\Updreg.EXE
2007-10-11 01:53	411,648	------w	C:\WINDOWS\system32\drivers\KodakCCS.exe
2007-10-11 01:53	233,472	------w	C:\WINDOWS\UNRecode.exe
2007-10-11 01:53	233,472	------w	C:\WINDOWS\UNNeroVision.exe
2007-10-11 01:53	233,472	------w	C:\WINDOWS\UNNeroShowTime.exe
2007-10-11 01:53	233,472	------w	C:\WINDOWS\UNNeroMediaHome.exe
2007-10-11 01:53	100,352	------w	C:\WINDOWS\UninstallThunderbird.exe
2007-10-11 01:52	99,840	------w	C:\WINDOWS\UninstallFirefox.exe
2007-10-11 01:52	87,040	------w	C:\WINDOWS\UnGins.exe
2007-10-11 01:52	737,280	------w	C:\WINDOWS\iun6002.exe
2007-10-11 01:52	61,440	------w	C:\WINDOWS\MIDIDEF.EXE
2007-10-11 01:52	60,416	------w	C:\WINDOWS\ST4UNST.EXE
2007-10-11 01:52	46,080	------w	C:\WINDOWS\setdebug.exe
2007-10-11 01:52	184,320	------w	C:\WINDOWS\PSCONV.EXE
2007-10-11 01:52	176,128	------w	C:\WINDOWS\READREG.EXE
2007-10-11 01:52	106,496	------w	C:\WINDOWS\SiSUSBrg.exe
2007-10-11 00:54	314,368	------w	C:\WINDOWS\uninst.exe
2007-10-11 00:52	700,416	------w	C:\StubInstaller.exe
2007-10-11 00:52	162,304	------w	C:\UNWISE.EXE
2007-10-11 00:50	306,688	------w	C:\WINDOWS\IsUninst.exe
2007-10-11 00:10	---------	d-----w	C:\Program Files\Microsoft Plus!
2007-10-09 09:37	91,112	------w	C:\Documents and Settings\Lees\Application Data\GDIPFONTCACHEV1.DAT
2007-10-05 08:23	---------	d-----w	C:\Program Files\NCH Swift Sound
2007-10-03 08:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-09-30 06:37	---------	d-----w	C:\Program Files\Bug Doctor
2007-09-30 06:22	---------	d-----w	C:\Program Files\Opera
2007-09-29 06:36	---------	d-----w	C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-24 22:48	---------	d-----w	C:\Program Files\Motocross The Force
2007-09-24 22:39	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-24 10:11	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-09-19 00:51	---------	d-----w	C:\Program Files\LimeWire
2007-09-18 04:57	---------	d-----w	C:\Program Files\GetRight
2007-09-17 00:04	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-09-08 01:43	---------	d-----w	C:\Program Files\SourceTec
2007-09-08 01:43	---------	d-----w	C:\Program Files\Common Files\SourceTec
2007-09-08 01:16	---------	d-----w	C:\Program Files\Eltima Software
2007-09-08 01:16	---------	d-----w	C:\Documents and Settings\Billy.LEES-PC\Application Data\Eltima Software
2007-09-08 00:26	---------	d-----w	C:\Program Files\Kahootz
2007-09-07 07:27	---------	d-----w	C:\Program Files\DebugMode
2007-09-06 01:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GetRight
2007-09-04 03:02	---------	d-----w	C:\Documents and Settings\Guest\Application Data\GetRight
2007-09-04 03:01	---------	d-----w	C:\Documents and Settings\Guest\Application Data\iiNet
2007-09-01 07:39	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-08-31 07:11	---------	d-----w	C:\Documents and Settings\Richard Lees\Application Data\GetRight
2007-08-30 08:19	---------	d-----w	C:\Documents and Settings\Billy.LEES-PC\Application Data\GetRightToGo
2007-08-26 06:47	---------	d-----w	C:\Program Files\Numbers Up! VP V1.2.5
2007-08-26 05:37	---------	d-----w	C:\Program Files\Incomplete
2007-08-26 05:37	---------	d-----w	C:\Program Files\IMVU
2007-08-26 05:37 ---------	d-----w	C:\Program Files\iiNet Web Accelerator
2007-08-26 02:12	---------	d-----w	C:\Program Files\ASUS
2007-08-26 02:11	---------	d-----w	C:\Program Files\Windows Media Connect 2
2007-08-26 02:11	---------	d-----w	C:\Program Files\Winamp
2007-08-24 07:55	---------	d-----w	C:\Documents and Settings\Billy.LEES-PC\Application Data\Echo Software
2007-08-16 08:37	---------	d-----w	C:\Program Files\Windows Live Safety Center
2007-08-15 08:55	---------	d-----w	C:\Program Files\MSXML 6.0
2007-06-29 03:51	90,720	------w	C:\Documents and Settings\Princess Tam'z\Application Data\GDIPFONTCACHEV1.DAT
2007-05-26 04:21	47,360	------w	C:\Documents and Settings\Lees\Application Data\pcouffin.sys
2007-05-21 07:40	90,720	------w	C:\Documents and Settings\Billy.LEES-PC\Application Data\GDIPFONTCACHEV1.DAT
2007-05-20 07:45	47,360	------w	C:\Documents and Settings\Billy.LEES-PC\Application Data\pcouffin.sys
2007-05-04 23:07	5,632	--sh--w	C:\Program Files\Thumbs.db
2007-01-05 03:29	337	------w	C:\Documents and Settings\Lees\Application Data\internaldb1942.dat
2006-12-29 08:18	7,852	------w	C:\Documents and Settings\Princess Tam'z\My Documents.zip
2006-12-29 07:18	7,852	------w	C:\Documents and Settings\Lees\My Documents.zip
2006-12-29 07:18	7,852	------w	C:\Documents and Settings\Billy.LEES-PC\My Documents.zip
2006-10-24 11:34	49	------w	C:\Documents and Settings\Lees\Application Data\internaldb41.dat
2006-10-24 11:34	49	------w	C:\Documents and Settings\All Users\Application Data\internaldb41.dat
2006-10-24 11:34	337	------w	C:\Documents and Settings\All Users\Application Data\internaldb1942.dat
2006-10-24 11:08	13,046	------w	C:\Documents and Settings\Lees\Application Data\internaldb5436.dat
2006-10-24 11:08	13,046	------w	C:\Documents and Settings\All Users\Application Data\internaldb5436.dat
2006-10-24 11:08	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb4604.dat
2006-10-24 11:08	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb4604.dat
2006-10-24 06:57	179,200	------w	C:\Documents and Settings\Lees\Application Data\internaldb4827.dat
2006-10-24 06:57	179,200	------w	C:\Documents and Settings\All Users\Application Data\internaldb4827.dat
2006-10-07 05:38	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb8253.dat
2006-10-07 05:38	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb8253.dat
2006-10-07 05:37	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb3902.dat
2006-10-07 05:37	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb153.dat
2006-10-07 05:37	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb3902.dat
2006-10-07 05:37	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb153.dat
2006-10-07 05:36	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb2391.dat
2006-10-07 05:36	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb2391.dat
2006-10-07 05:31	9,216	------w	C:\Documents and Settings\Lees\Application Data\internaldb8467.dat
2006-10-07 05:31	9,216	------w	C:\Documents and Settings\All Users\Application Data\internaldb8467.dat
2006-10-07 05:31	0	-c----w	C:\Documents and Settings\Lees\Application Data\internaldb6334.dat
2006-10-07 05:31	0	-c----w	C:\Documents and Settings\All Users\Application Data\internaldb6334.dat
2006-06-29 03:26	808	------w	C:\Program Files\INSTALL.LOG
2006-03-01 07:14	320	------w	C:\Documents and Settings\Lees\rockconfig.dat
2005-10-17 01:51	774,144	------w	C:\Program Files\RngInterstitial.dll
2007-01-05 01:57:45	80	--sh--r	C:\WINDOWS\system32\3201AF5AAC.dll
2007-01-10 06:12:40	68	--sh--w	C:\WINDOWS\system32\windzfa0.sys
2007-02-24 03:59:05	15,805,472	--sh--w	C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-24 03:59:05	135,200	--sh--w	C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{273D9CD8-7C64-7A9E-4510-58C7ED7DB1C2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-11 10:41]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2007-10-11 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2007-10-11 11:52]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2007-10-11 11:56]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2007-10-11 11:53]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Propel Accelerator"="C:\Program Files\iiNet Web Accelerator\trayctl.exe" [2007-10-11 10:54]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-10-11 12:38]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 15:22]
"nwiz"="nwiz.exe" [2007-10-11 11:59 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-09-29 01:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-10-11 10:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Richard Lees\Start Menu\Programs\Startup\
Typing Tutor.lnk - C:\TYPING\FLYING.EXE [2007-05-17 17:09:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 hide_evr2;!!!!;\??\C:\WINDOWS\hide_evr2.sys
S3 KBSRV;KBSRV;\??\C:\WINDOWS\system32\DRIVERS\KBSRV.SYS
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S4 Tdp7rslea;Tdp7rslea;C:\WINDOWS\system32\drivers\nwlnknb.sys
play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"

*Newly Created Service* - ASNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 12:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 23:40:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-14 00:15:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0A68028F-0CF9-4853-9DC4-FA8BCA7C27B0}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 10:22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 10:24:54 - machine was rebooted 
.
--- E O F ---


----------



## WillWill56 (Sep 26, 2007)

Logfile of HijackThis v1.99.1
Scan saved at 10:52:45 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {273D9CD8-7C64-7A9E-4510-58C7ED7DB1C2} - (no file)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - Global Startup: Kodak EasyShare software.lnk = ?
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iiNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-image.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Billy.LEES-PC\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E1B6F1E-202F-4C41-9E87-EA1D3DD36053}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


----------



## Cheeseball81 (Mar 3, 2004)

Please go to this site: http://virusscan.jotti.org/

Use the Browse button at Jotti.
Navigate to the file's location on your hard drive and submit them:

*C:\WINDOWS\system32\3201AF5AAC.dll
C:\WINDOWS\system32\windzfa0.sys*

Let me know what it says regarding the file.


----------



## WillWill56 (Sep 26, 2007)

I got one file scanned, but the server is almost always busy  . So I'll post the results of one file to help speed things along.

Scan taken on 25 Oct 2007 09:15:06 (GMT)

Results for *C:\WINDOWS\system32\3201AF5AAC.dll*
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


----------



## Cheeseball81 (Mar 3, 2004)

Okay


----------



## WillWill56 (Sep 26, 2007)

Here's the other file's results.
Oh, and now I also have an infected svchost.exe file that sucks up all my CPU.
I have tried re-installing Windows, but it doesn't change much except it downgrades IE7 and WMP11.

And if you ever wanted to see what my computer looks like from the outside right now, here's your chance:










Scan taken on 26 Oct 2007 07:24:59 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Hmm... I'm guessing that you were expecting an infection, so, this must be strange to you.


----------



## Cheeseball81 (Mar 3, 2004)

Indeed
Please rerun ComboFix and post the results


----------

