Croc

Members
  • Content Count

    6
  • Joined

  • Last visited

Posts posted by Croc

  1. Hijack log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 23:56:17, on 19/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\system32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --

    End of file - 4609 bytes

    Thanks alot !

  2. Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:26:19, on 19/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\System32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {3DE17103-AC5E-4059-A348-DFF8C0CF30E7} - C:\WINDOWS\system32\ddaya.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O2 - BHO: {86228fef-8e12-270b-3f24-b12a36c2861d} - {d1682c63-a21b-42f3-b072-21e8fef82268} - C:\WINDOWS\system32\icmbeltg.dll

    O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing)

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --

    End of file - 4971 bytes

    Cheers!

  3. Vundo log:

    VundoFix V7.0.3

    Scan started at 16:35:27 19/03/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqonm.dll

    C:\WINDOWS\system32\lldxnxgr.dll

    C:\WINDOWS\system32\rgxnxdll.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqonm.dll

    C:\WINDOWS\system32\awtqonm.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\lldxnxgr.dll

    C:\WINDOWS\system32\lldxnxgr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rgxnxdll.ini

    C:\WINDOWS\system32\rgxnxdll.ini Has been deleted!

    Performing Repairs to the registry.

    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqonm.dll

    C:\WINDOWS\system32\awtqonm.dll Has been deleted!

    Performing Repairs to the registry.

    Done!

    Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:46:24, on 19/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\system32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\lldxnxgr.dll",b

    O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --

    End of file - 4837 bytes

    Thanks alot!

  4. Here's the latest hijack log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:25:40, on 19/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\system32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {6B3E61A6-CB38-4772-8449-93CA79ECCA08} - C:\WINDOWS\system32\ddaya.dll

    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqonm.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O2 - BHO: {86228fef-8e12-270b-3f24-b12a36c2861d} - {d1682c63-a21b-42f3-b072-21e8fef82268} - C:\WINDOWS\system32\icmbeltg.dll

    O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing)

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\lldxnxgr.dll",b

    O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: awtqonm - C:\WINDOWS\SYSTEM32\awtqonm.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --

    End of file - 5569 bytes

    Thanks alot!

  5. Hijack this log :

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:52:17, on 19/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\system32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqonm.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing)

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: awtqonm - C:\WINDOWS\SYSTEM32\awtqonm.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --

    End of file - 5340 bytes

    Combofix log:

    ComboFix 08-03-18.1 - H Kalsi 2008-03-19 14:42:28.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.260 [GMT 0:00]

    Running from: C:\Documents and Settings\H Kalsi\Desktop\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Program Files\outlook

    C:\Program Files\outlook\p.zip

    C:\Program Files\outlook\v.tmp

    C:\Program Files\winupdates

    C:\Program Files\winupdates\a.tmp

    C:\Program Files\winupdates\a.zip

    C:\WINDOWS\BM73fe8d8a.xml

    C:\WINDOWS\cookies.ini

    C:\WINDOWS\pskt.ini

    C:\WINDOWS\system32\abcromvi.dll

    C:\WINDOWS\system32\ahpsjhmg.dll

    C:\WINDOWS\system32\alog.txt

    C:\WINDOWS\system32\atcfctlx.dll

    C:\WINDOWS\system32\ayctgxso.ini

    C:\WINDOWS\system32\bbesdkvb.ini

    C:\WINDOWS\system32\bojxipyj.ini

    C:\WINDOWS\system32\cjcakenl.ini

    C:\WINDOWS\system32\cjxjyods.dll

    C:\WINDOWS\system32\cmcsijks.dll

    C:\WINDOWS\system32\cnmjapbn.dll

    C:\WINDOWS\system32\conf.dat

    C:\WINDOWS\system32\dbfqnjbq.dll

    C:\WINDOWS\system32\eqksawxr.ini

    C:\WINDOWS\system32\etxidgxu.dll

    C:\WINDOWS\system32\gngsjxid.dll

    C:\WINDOWS\system32\hbplrvyr.ini

    C:\WINDOWS\system32\hrapvtiv.ini

    C:\WINDOWS\system32\hwcymshx.ini

    C:\WINDOWS\system32\ivmorcba.ini

    C:\WINDOWS\system32\iwxwxfof.dll

    C:\WINDOWS\system32\jbsbepbo.ini

    C:\WINDOWS\system32\jmarsufr.ini

    C:\WINDOWS\system32\kadnknrm.ini

    C:\WINDOWS\system32\kebywdku.dll

    C:\WINDOWS\system32\kkxgxkty.dll

    C:\WINDOWS\system32\kmvcujyt.dll

    C:\WINDOWS\system32\lnekacjc.dll

    C:\WINDOWS\system32\lxrubaum.dll

    C:\WINDOWS\system32\mcrh.tmp

    C:\WINDOWS\system32\muaburxl.ini

    C:\WINDOWS\system32\obpebsbj.dll

    C:\WINDOWS\system32\opqss.ini

    C:\WINDOWS\system32\opqss.ini2

    C:\WINDOWS\system32\osxgtcya.dll

    C:\WINDOWS\system32\rfusramj.dll

    C:\WINDOWS\system32\rmsxqmhw.ini

    C:\WINDOWS\system32\rxurfmxk.dll

    C:\WINDOWS\system32\rxwaskqe.dll

    C:\WINDOWS\system32\sbtcahsf.dll

    C:\WINDOWS\system32\ssqpo.dll

    C:\WINDOWS\system32\twgswpkd.dll

    C:\WINDOWS\system32\tyjucvmk.ini

    C:\WINDOWS\system32\ujgtjguy.ini

    C:\WINDOWS\system32\vhosts.exe

    C:\WINDOWS\system32\vitvparh.dll

    C:\WINDOWS\system32\vkhkbteh.dll

    C:\WINDOWS\system32\vmgsgmvk.dll

    C:\WINDOWS\system32\wbckgpsu.dll

    C:\WINDOWS\system32\whmqxsmr.dll

    C:\WINDOWS\system32\xbhuufsb.ini

    C:\WINDOWS\system32\xhsmycwh.dll

    C:\WINDOWS\system32\xorfqqrf.ini

    C:\WINDOWS\system32\yjvtxoho.ini

    C:\WINDOWS\system32\yugjtgju.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_MSUPDATE

    -------\Service_msupdate

    ((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))

    .

    2008-03-17 14:05 . 2008-03-17 14:05 <DIR> d-------- C:\Program Files\Trend Micro

    2008-03-16 21:20 . 2008-03-16 21:20 <DIR> d-------- C:\Program Files\Windows Defender

    2008-03-13 21:22 . 2008-03-17 16:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-03-13 21:22 . 2008-03-13 21:22 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-03-13 08:09 . 2008-03-13 08:09 1,974 ---hs---- C:\WINDOWS\system32\foxlstso.tmp

    2008-02-19 11:28 . 2008-03-16 20:37 1,751,388 ---hs---- C:\WINDOWS\system32\jgulmgcn.ini

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-19 14:05 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\Skype

    2008-03-17 16:11 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\AdobeUM

    2008-03-16 20:34 --------- d-----w C:\Program Files\Windows Live Safety Center

    2008-03-16 20:34 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\uTorrent

    2008-02-08 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2007-11-26 18:28 42,888 ----a-w C:\Documents and Settings\H Kalsi\Application Data\GDIPFONTCACHEV1.DAT

    2006-06-04 00:25 446,512 ----a-w C:\Program Files\mozilla firefox\plugins\MPAMedia.dll

    2006-06-04 00:25 41,001 ----a-w C:\Program Files\mozilla firefox\plugins\mpazip.dll

    2006-06-04 00:25 28,716 ----a-w C:\Program Files\mozilla firefox\plugins\pdbm3210.dll

    2006-06-04 00:25 73,783 ----a-w C:\Program Files\mozilla firefox\plugins\pdgenxferplug.dll

    2006-06-04 00:25 49,197 ----a-w C:\Program Files\mozilla firefox\plugins\rjcfspln.dll

    2006-06-04 00:25 61,483 ----a-w C:\Program Files\mozilla firefox\plugins\rjm4pln.dll

    2006-06-04 00:25 45,101 ----a-w C:\Program Files\mozilla firefox\plugins\rjmp3pln.dll

    2006-06-04 00:25 24,621 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmapln.dll

    2006-06-04 00:25 409,645 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmjpln.dll

    2006-06-04 00:25 73,773 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmxpln.dll

    2006-06-04 00:25 176,171 ----a-w C:\Program Files\mozilla firefox\plugins\tcdinfo.dll

    2006-06-04 00:25 430,123 ----a-w C:\Program Files\mozilla firefox\plugins\tdwnmgr.dll

    2006-06-04 00:25 57,383 ----a-w C:\Program Files\mozilla firefox\plugins\teall.dll

    2006-06-04 00:25 61,480 ----a-w C:\Program Files\mozilla firefox\plugins\team4a.dll

    2006-06-04 00:25 98,345 ----a-w C:\Program Files\mozilla firefox\plugins\teamp3.dll

    2006-06-04 00:25 61,480 ----a-w C:\Program Files\mozilla firefox\plugins\teasdk.dll

    2006-06-04 00:25 36,907 ----a-w C:\Program Files\mozilla firefox\plugins\teawave.dll

    2006-06-04 00:25 45,097 ----a-w C:\Program Files\mozilla firefox\plugins\teawma.dll

    2006-06-04 00:25 77,865 ----a-w C:\Program Files\mozilla firefox\plugins\tpdmgr.dll

    2006-06-04 00:25 86,064 ----a-w C:\Program Files\mozilla firefox\plugins\wmaimprtpln.dll

    2004-08-04 04:00 28,672 ----a-w C:\Program Files\opera\program\plugins\custsat.dll

    2004-08-04 04:00 368,640 ----a-w C:\Program Files\opera\program\plugins\mpvis.dll

    2004-08-11 00:45 47,616 ----a-w C:\Program Files\opera\program\plugins\msoobci.dll

    2004-08-04 04:00 98,304 ----a-w C:\Program Files\opera\program\plugins\wmpband.dll

    2004-08-04 04:00 221,184 ----a-w C:\Program Files\opera\program\plugins\wmpns.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

    2007-12-10 15:49 23728 --a------ C:\WINDOWS\system32\awtqonm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1290342-AAFF-4f7c-9F45-D665E4BF1A00}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 07:50 139264]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]

    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]

    "DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 C:\WINDOWS\system32\delttray.exe]

    "M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-26 22:43 56320]

    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 04:00 98304]

    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32 155648]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]

    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\awtqonm.dll [2007-12-10 15:49 23728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqonm]

    awtqonm.dll 2007-12-10 15:49 23728 C:\WINDOWS\system32\awtqonm.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk

    backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KBC Financial Products VPN Client.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KBC Financial Products VPN Client.lnk

    backup=C:\WINDOWS\pss\KBC Financial Products VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

    --a------ 2004-07-19 06:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

    --a------ 2005-11-01 02:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eyeball Chat]

    --a------ 2002-10-11 13:52 2863176 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    --a------ 2005-06-10 09:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    --a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

    --a------ 2002-12-10 17:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

    --a------ 2002-12-10 16:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

    --a------ 2005-07-12 18:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

    --a------ 2006-06-04 00:25 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shellapi32]

    --a------ 2006-10-31 15:14 36120 C:\WINDOWS\system32\svcnet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

    --a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2006-06-04 00:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\StubInstaller.exe"=

    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\WINDOWS\\system32\\rundll32.exe"=

    "C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe"=

    "C:\\Program Files\\Golden FTP Server\\GFTP.exe"=

    "C:\\Program Files\\Opera\\Opera.exe"=

    "C:\\Program Files\\iTunes\\iTunes.exe"=

    "C:\\Program Files\\uTorrent\\utorrent.exe"=

    "C:\\Program Files\\Soulseek-Test\\slsk.exe"=

    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\Program Files\\NetMeeting\\conf.exe"=

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]

    R3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-12-15 12:45]

    S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 07:51]

    S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 07:51]

    S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 07:51]

    S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 07:51]

    S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 07:51]

    S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 07:51]

    S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 07:51]

    S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-12-15 12:45]

    S3 USBMM2X2;Midiman USB MidiSport 2x2 Midi Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys []

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-03-12 20:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    "2008-03-19 02:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Program Files\Windows Defender\MpCmdRun.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-19 14:48:12

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe

    -> C:\WINDOWS\system32\awtqonm.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe

    -> C:\WINDOWS\system32\wsock3.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    .

    **************************************************************************

    .

    Completion time: 2008-03-19 14:50:38 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-03-19 14:50:34

    Thanks!

  6. Hi

    Every time I search in google, the first entry of the results always directs me to 'topsearch10' search page. I've noticed that my internet's been a bit weird (slow, unresponsive) since this has started too. Hope someone can help! Here's a log file from hijack this:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:05:56, on 17/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\WINDOWS\System32\DeltTray.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Winamp\winamp.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

    O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\kmvcujyt.dll",b

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\cjxjyods.dll",s

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe

    --

    End of file - 5292 bytes

    Thanks!