can somebody help me please?a message appears on my screen everytime i open the internet 'TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!my hard drive suddenly has low disc space even if i have already deleted unnecessary files. i have downloaded free version of avast, avg7 and ad aware 2007 but still it did not remove the virus. here is my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:03 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\msiexec.exe
D:\aawservice.exe
D:\Ad-Aware2007.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\lyra\Local Settings\Temp\EI40_\msxml4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
--
End of file - 7915 bytes
Hello lyraphilline,
Welcome to Gladiator Security Forum
You're running 2 AntiVirus programs. This causes more problems than it helps, so please disable or uninstall either Avast! or AVG.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Please download ATF Cleaner by Atribune.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
Welcome to Gladiator Security Forum
You're running 2 AntiVirus programs. This causes more problems than it helps, so please disable or uninstall either Avast! or AVG.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
hi!thanks so much!the message "TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU!" was gone already. you were great guys! 
here is the log file of combo fix and the new logfile of hijackthis.
ComboFix 07-08-13.2 - "lyra" 2007-08-13 10:42:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.194 [GMT 8:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Autorun.inf
c:\autorun.inf
c:\TTMS81.dll.vbs
c:\TTMS810.dll.vbs
c:\TTMS811.dll.vbs
c:\TTMS82.dll.vbs
c:\TTMS83.dll.vbs
c:\TTMS84.dll.vbs
c:\TTMS85.dll.vbs
c:\TTMS86.dll.vbs
c:\TTMS87.dll.vbs
c:\TTMS88.dll.vbs
c:\TTMS89.dll.vbs
C:\WINDOWS\TTMS81.dll.vbs
C:\WINDOWS\TTMS810.dll.vbs
C:\WINDOWS\TTMS811.dll.vbs
C:\WINDOWS\TTMS812.dll.vbs
C:\WINDOWS\TTMS82.dll.vbs
C:\WINDOWS\TTMS83.dll.vbs
C:\WINDOWS\TTMS84.dll.vbs
C:\WINDOWS\TTMS85.dll.vbs
C:\WINDOWS\TTMS86.dll.vbs
C:\WINDOWS\TTMS87.dll.vbs
C:\WINDOWS\TTMS88.dll.vbs
C:\WINDOWS\TTMS89.dll.vbs
e:\autorun.inf
E:\Autorun.inf
e:\TTMS81.dll.vbs
e:\TTMS810.dll.vbs
e:\TTMS811.dll.vbs
e:\TTMS812.dll.vbs
e:\TTMS82.dll.vbs
e:\TTMS83.dll.vbs
e:\TTMS84.dll.vbs
e:\TTMS85.dll.vbs
e:\TTMS86.dll.vbs
e:\TTMS87.dll.vbs
e:\TTMS88.dll.vbs
e:\TTMS89.dll.vbs
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-13 10:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 09:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 08:33 <DIR> d-------- C:\DOCUME~1\lyra\.housecall6.6
2007-08-12 23:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-12 23:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-12 23:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-12 23:32 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-12 23:32 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-12 23:32 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-12 23:32 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-12 23:32 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-12 22:54 <DIR> d-------- C:\Program Files\Crawler
2007-08-10 21:49 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\funkitron
2007-08-10 10:47 40 --a------ C:\WINDOWS\RSoftInfo.dat
2007-08-10 10:42 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
2007-08-06 21:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameBlend
2007-08-06 21:22 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\GameBlend
2007-08-06 20:49 <DIR> d-------- C:\Program Files\BFG
2007-08-06 20:45 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-08-01 22:05 <DIR> d-a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-31 07:57 <DIR> d----c--- C:\Weather
2007-07-31 07:57 <DIR> d----c--- C:\TravelSearch
2007-07-31 07:57 <DIR> d----c--- C:\ToolbarSearch
2007-07-31 07:57 <DIR> d----c--- C:\ToolbarLogo
2007-07-31 07:57 <DIR> d----c--- C:\Toolbar
2007-07-31 07:57 <DIR> d----c--- C:\ScreensaversMarketingSitePager
2007-07-31 07:57 <DIR> d----c--- C:\Screensavers
2007-07-31 07:57 <DIR> d----c--- C:\RelatedSearch
2007-07-31 07:57 <DIR> d----c--- C:\Reference
2007-07-31 07:57 <DIR> d----c--- C:\Movies
2007-07-31 07:57 <DIR> d----c--- C:\Manager
2007-07-31 07:57 <DIR> d----c--- C:\Layouts
2007-07-31 07:57 <DIR> d----c--- C:\Games
2007-07-31 07:57 <DIR> d----c--- C:\Configurator
2007-07-31 07:57 <DIR> d----c--- C:\BrowserSearch
2007-07-29 10:30 <DIR> d-------- C:\Program Files\Ofb1
2007-07-29 10:30 <DIR> d-------- C:\Program Files\MyProduct
2007-07-29 09:44 <DIR> d-------- C:\Program Files\Winamp
2007-07-29 09:43 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 07:55 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2007-07-29 07:54 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-28 23:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-28 23:21 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-28 23:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-28 14:40 <DIR> d----c--- C:\Hugh Grant - Way Back Into Love lyrics LyricsMode_com_files
2007-07-28 14:09 <DIR> d-------- C:\Program Files\Ahead
2007-07-28 10:37 <DIR> d-------- C:\Program Files\Visual IP Trace 2007
2007-07-26 10:29 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 10:29 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 10:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 13:50 <DIR> d-------- C:\DOCUME~1\lyra\eMailTrackerPro
2007-07-21 13:49 <DIR> d-------- C:\DOCUME~1\lyra\vw
2007-07-21 10:10 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\SoundSpectrum
2007-07-20 14:02 <DIR> d-------- C:\Program Files\Corel
2007-07-20 14:01 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX
2007-07-20 14:01 <DIR> d-------- C:\Program Files\DFX
2007-07-20 14:00 <DIR> d-------- C:\Program Files\SoundSpectrum
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-13 09:14 --------- d-------- C:\Program Files\Google
2007-08-13 08:54 30615 --a------ C:\WINDOWS\java\x.exe
2007-08-13 08:54 --------- d-------- C:\Program Files\Shockwave.com
2007-08-11 20:09 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\LimeWire
2007-08-09 08:46 --------- d-------- C:\Program Files\GameHouse
2007-08-09 08:44 --------- d-------- C:\Program Files\QuickTime
2007-07-19 21:18 --------- d-------- C:\Program Files\Lexmark 4200 Series
2007-07-01 11:07 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\PlayFirst
2007-06-30 00:39 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\MathWorks
2007-06-24 10:11 --------- dr-h----- C:\DOCUME~1\lyra\APPLIC~1\yahoo!
2007-06-24 10:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-24 09:48 7552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-06-24 09:48 7552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 09:48 4304 --a------ C:\WINDOWS\system32\drivers\sonypvu1.zip
2007-06-23 17:13 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-23 16:20 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\Sony Corporation
2007-06-23 16:14 --------- d-------- C:\Program Files\Sony
2007-05-16 23:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 23:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 23:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 23:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 23:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-06 00:33:21 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:19]
"nwiz"="nwiz.exe" [2003-05-02 15:19 C:\WINDOWS\system32\nwiz.exe]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 10:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 18:04]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2002-10-08 18:03]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 06:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
C:\Documents and Settings\lyra\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-06-23 16:14:31]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
Contents of the 'Scheduled Tasks' folder
2007-08-08 06:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-13 02:46:10 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-05-01 02:48:24 C:\WINDOWS\Tasks\RegCure.job - D:\RegCure\RegCure.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 10:46:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 10:48:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 10:48
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:01 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186971694468
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\lyra\Local Settings\Temp\EI40_\msxml4.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
--
End of file - 6680 bytes
here is the log file of combo fix and the new logfile of hijackthis.ComboFix 07-08-13.2 - "lyra" 2007-08-13 10:42:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.194 [GMT 8:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Autorun.inf
c:\autorun.inf
c:\TTMS81.dll.vbs
c:\TTMS810.dll.vbs
c:\TTMS811.dll.vbs
c:\TTMS82.dll.vbs
c:\TTMS83.dll.vbs
c:\TTMS84.dll.vbs
c:\TTMS85.dll.vbs
c:\TTMS86.dll.vbs
c:\TTMS87.dll.vbs
c:\TTMS88.dll.vbs
c:\TTMS89.dll.vbs
C:\WINDOWS\TTMS81.dll.vbs
C:\WINDOWS\TTMS810.dll.vbs
C:\WINDOWS\TTMS811.dll.vbs
C:\WINDOWS\TTMS812.dll.vbs
C:\WINDOWS\TTMS82.dll.vbs
C:\WINDOWS\TTMS83.dll.vbs
C:\WINDOWS\TTMS84.dll.vbs
C:\WINDOWS\TTMS85.dll.vbs
C:\WINDOWS\TTMS86.dll.vbs
C:\WINDOWS\TTMS87.dll.vbs
C:\WINDOWS\TTMS88.dll.vbs
C:\WINDOWS\TTMS89.dll.vbs
e:\autorun.inf
E:\Autorun.inf
e:\TTMS81.dll.vbs
e:\TTMS810.dll.vbs
e:\TTMS811.dll.vbs
e:\TTMS812.dll.vbs
e:\TTMS82.dll.vbs
e:\TTMS83.dll.vbs
e:\TTMS84.dll.vbs
e:\TTMS85.dll.vbs
e:\TTMS86.dll.vbs
e:\TTMS87.dll.vbs
e:\TTMS88.dll.vbs
e:\TTMS89.dll.vbs
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-13 10:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 09:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 08:33 <DIR> d-------- C:\DOCUME~1\lyra\.housecall6.6
2007-08-12 23:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-12 23:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-12 23:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-12 23:32 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-12 23:32 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-12 23:32 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-12 23:32 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-12 23:32 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-12 22:54 <DIR> d-------- C:\Program Files\Crawler
2007-08-10 21:49 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\funkitron
2007-08-10 10:47 40 --a------ C:\WINDOWS\RSoftInfo.dat
2007-08-10 10:42 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
2007-08-06 21:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameBlend
2007-08-06 21:22 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\GameBlend
2007-08-06 20:49 <DIR> d-------- C:\Program Files\BFG
2007-08-06 20:45 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-08-01 22:05 <DIR> d-a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-31 07:57 <DIR> d----c--- C:\Weather
2007-07-31 07:57 <DIR> d----c--- C:\TravelSearch
2007-07-31 07:57 <DIR> d----c--- C:\ToolbarSearch
2007-07-31 07:57 <DIR> d----c--- C:\ToolbarLogo
2007-07-31 07:57 <DIR> d----c--- C:\Toolbar
2007-07-31 07:57 <DIR> d----c--- C:\ScreensaversMarketingSitePager
2007-07-31 07:57 <DIR> d----c--- C:\Screensavers
2007-07-31 07:57 <DIR> d----c--- C:\RelatedSearch
2007-07-31 07:57 <DIR> d----c--- C:\Reference
2007-07-31 07:57 <DIR> d----c--- C:\Movies
2007-07-31 07:57 <DIR> d----c--- C:\Manager
2007-07-31 07:57 <DIR> d----c--- C:\Layouts
2007-07-31 07:57 <DIR> d----c--- C:\Games
2007-07-31 07:57 <DIR> d----c--- C:\Configurator
2007-07-31 07:57 <DIR> d----c--- C:\BrowserSearch
2007-07-29 10:30 <DIR> d-------- C:\Program Files\Ofb1
2007-07-29 10:30 <DIR> d-------- C:\Program Files\MyProduct
2007-07-29 09:44 <DIR> d-------- C:\Program Files\Winamp
2007-07-29 09:43 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 07:55 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2007-07-29 07:54 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-28 23:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-28 23:21 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-28 23:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-28 14:40 <DIR> d----c--- C:\Hugh Grant - Way Back Into Love lyrics LyricsMode_com_files
2007-07-28 14:09 <DIR> d-------- C:\Program Files\Ahead
2007-07-28 10:37 <DIR> d-------- C:\Program Files\Visual IP Trace 2007
2007-07-26 10:29 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 10:29 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 10:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 13:50 <DIR> d-------- C:\DOCUME~1\lyra\eMailTrackerPro
2007-07-21 13:49 <DIR> d-------- C:\DOCUME~1\lyra\vw
2007-07-21 10:10 <DIR> d-------- C:\DOCUME~1\lyra\APPLIC~1\SoundSpectrum
2007-07-20 14:02 <DIR> d-------- C:\Program Files\Corel
2007-07-20 14:01 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX
2007-07-20 14:01 <DIR> d-------- C:\Program Files\DFX
2007-07-20 14:00 <DIR> d-------- C:\Program Files\SoundSpectrum
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-13 09:14 --------- d-------- C:\Program Files\Google
2007-08-13 08:54 30615 --a------ C:\WINDOWS\java\x.exe
2007-08-13 08:54 --------- d-------- C:\Program Files\Shockwave.com
2007-08-11 20:09 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\LimeWire
2007-08-09 08:46 --------- d-------- C:\Program Files\GameHouse
2007-08-09 08:44 --------- d-------- C:\Program Files\QuickTime
2007-07-19 21:18 --------- d-------- C:\Program Files\Lexmark 4200 Series
2007-07-01 11:07 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\PlayFirst
2007-06-30 00:39 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\MathWorks
2007-06-24 10:11 --------- dr-h----- C:\DOCUME~1\lyra\APPLIC~1\yahoo!
2007-06-24 10:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-24 09:48 7552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-06-24 09:48 7552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 09:48 4304 --a------ C:\WINDOWS\system32\drivers\sonypvu1.zip
2007-06-23 17:13 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-23 16:20 --------- d-------- C:\DOCUME~1\lyra\APPLIC~1\Sony Corporation
2007-06-23 16:14 --------- d-------- C:\Program Files\Sony
2007-05-16 23:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 23:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 23:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 23:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 23:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-06 00:33:21 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:19]
"nwiz"="nwiz.exe" [2003-05-02 15:19 C:\WINDOWS\system32\nwiz.exe]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 10:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 18:04]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2002-10-08 18:03]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 06:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
C:\Documents and Settings\lyra\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-06-23 16:14:31]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
Contents of the 'Scheduled Tasks' folder
2007-08-08 06:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-13 02:46:10 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-05-01 02:48:24 C:\WINDOWS\Tasks\RegCure.job - D:\RegCure\RegCure.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 10:46:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 10:48:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 10:48
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:01 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186971694468
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\lyra\Local Settings\Temp\EI40_\msxml4.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
--
End of file - 6680 bytes
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.