Deucehearts Posted December 11, 2007 Report Share Posted December 11, 2007 A little icon showed up in my notification bar and is said there has been a trojan detected. It looked wrong so I closed it and ran hijackthis. Thanks for your help.Logfile of HijackThis v1.99.1Scan saved at 12:52:25 AM, on 12/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\ehome\RMSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Transcode360\Transcode360Tray.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Comodo\Firewall\cfp.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\ehome\RMSysTry.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SecCenter\scprot4.exeC:\Program Files\Alwil Software\Avast4\ashSimpl.exeC:\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -sO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [wdevwhuz] rundll32.exe "C:\Program Files\ryvibatg\pufoxgpu.dll",InitO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: FreshDownload - {46E72E01-FAB2-42AD-92BE-08BE4E092B5A} - C:\Program Files\FreshDevices\FreshDownload\fd.exeO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...065/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{329A3B50-741F-48E7-8D89-85E949C8982C}: NameServer = 192.168.0.1O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: hggdbcc - C:\WINDOWS\SYSTEM32\hggdbcc.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
jwbirdsong Posted December 11, 2007 Report Share Posted December 11, 2007 Download SDFix and save it to your desktop.Double click SDFix.exe and it will extract the files to C:\SDFixPlease then reboot your computer in Safe Mode (without Networking) by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the C:\SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back here along with a Combofix log..(below) Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply . Link to post Share on other sites
Deucehearts Posted December 11, 2007 Author Report Share Posted December 11, 2007 SDFix: Version 1.118Run by Dustin Ogilvie on Tue 12/11/2007 at 02:48 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files: No Trojan Files FoundRemoving Temp Files...ADS Check:C:\WINDOWSNo streams found. C:\WINDOWS\system32No streams found. C:\WINDOWS\system32\svchost.exeNo streams found.C:\WINDOWS\system32\ntoskrnl.exeNo streams found. Final Check:catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-11 15:00:59Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:ZwClosescanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader""C:\\Program Files\\Common Files\\AOL\\1144267985\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1144267985\\ee\\aolsoftware.exe:*:Enabled:AOL Services""C:\\Program Files\\Common Files\\AOL\\1144267985\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1144267985\\ee\\aim6.exe:*:Enabled:AIM""C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager""C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager""C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application""C:\\Documents and Settings\\Dustin Ogilvie\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Dustin Ogilvie\\Desktop\\utorrent.exe:*:Enabled:æTorrent""C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox""C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center""C:\\Program Files\\Transcode360\\Transcode360Tray.exe"="C:\\Program Files\\Transcode360\\Transcode360Tray.exe:*:Enabled: ""C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD""C:\\DOCUME~1\\DUSTIN~1\\LOCALS~1\\Temp\\win93.exe"="C:\\DOCUME~1\\DUSTIN~1\\LOCALS~1\\Temp\\win93.exe:*:Enabled:win93"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL""C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager""C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager""C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"Remaining Files:---------------Files with Hidden Attributes:Tue 4 Apr 2006 56 A.SHR --- "C:\i386\9691018285.sys"Tue 4 Apr 2006 3,766 A.SH. --- "C:\i386\KGyGaAvL.sys"Fri 7 Dec 2007 88 ..SHR --- "C:\WINDOWS\system32\8582019196.sys"Sat 24 Nov 2007 104 ..SHR --- "C:\WINDOWS\system32\9691018285.sys"Fri 7 Dec 2007 6,580 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"Fri 7 Oct 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"Fri 7 Oct 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"Fri 7 Oct 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"Fri 7 Oct 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"Fri 7 Oct 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"Mon 22 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Dustin Ogilvie\Application Data\U3\temp\Launchpad Removal.exe"Mon 24 Apr 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"Tue 14 Aug 2007 8 A..H. --- "C:\Documents and Settings\Dustin Ogilvie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"Tue 14 Aug 2007 8 A..H. --- "C:\Documents and Settings\Dustin Ogilvie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"Tue 14 Aug 2007 8 A..H. --- "C:\Documents and Settings\Dustin Ogilvie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"Tue 14 Aug 2007 8 A..H. --- "C:\Documents and Settings\Dustin Ogilvie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"Finished! Link to post Share on other sites
Deucehearts Posted December 11, 2007 Author Report Share Posted December 11, 2007 ComboFix 07-12-12.3 - Dustin Ogilvie 2007-12-11 15:15:56.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT -6:00]Running from: C:\Documents and Settings\Dustin Ogilvie\Desktop\ComboFix.exe * Created a new restore point.The following files were disabled during the run:C:\WINDOWS\system32\guard32.dll((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\ryvibatgC:\Program Files\ryvibatg\pufoxgpu.dllC:\Program Files\SecCenterC:\Program Files\SecCenter\scprot4.exeC:\Program Files\SecCenter\scprot4.exe.bakC:\WINDOWS\system32\hggdbcc.dllC:\WINDOWS\system32\vtutqnn.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\nm((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))).2007-12-11 14:46 . 2007-12-11 14:47 <DIR> d-------- C:\WINDOWS\ERUNT2007-12-11 12:22 . 2007-12-11 12:24 <DIR> d-------- C:\Program Files\Zaxtcqft2007-12-11 00:22 . 2007-12-11 00:22 <DIR> d-------- C:\WINDOWS\system32\hlvbfwoq2007-12-11 00:22 . 2007-12-11 00:22 <DIR> d-------- C:\Program Files\Vsdcxnpb2007-12-11 00:15 . 2007-12-11 00:16 <DIR> d-------- C:\Program Files\CyberLink2007-12-10 19:54 . 2007-12-10 20:48 <DIR> d-------- C:\Documents and Settings\Dustin Ogilvie\Application Data\GetRightToGo2007-11-23 04:15 . 2007-11-23 04:15 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir2007-11-23 04:15 . 2007-11-23 04:15 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys2007-11-23 04:15 . 2007-11-23 04:15 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys2007-11-15 20:55 . 2007-11-15 21:04 <DIR> d-------- C:\Documents and Settings\Dustin Ogilvie\Application Data\Mp3tag2007-11-15 20:54 . 2007-11-15 20:54 <DIR> d-------- C:\Program Files\Mp3tag2007-11-13 12:18 . 2007-11-13 12:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2007-11-13 12:18 . 2007-11-13 12:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf2007-11-13 12:16 . 2007-11-13 12:19 <DIR> d-------- C:\Program Files\Zune.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-12-12 21:41 --------- d-----w C:\Program Files\Transcode3602007-12-11 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink2007-12-11 02:48 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-12-11 02:48 --------- d-----w C:\Documents and Settings\Dustin Ogilvie\Application Data\uTorrent2007-12-09 19:40 --------- d-----w C:\Program Files\a-squared HiJackFree2007-12-06 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Movies2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys2007-12-03 18:19 --------- d-----w C:\Program Files\SpywareBlaster2007-12-03 02:05 4,788 ----a-w C:\Documents and Settings\Dustin Ogilvie\Application Data\wklnhst.dat2007-12-03 00:17 --------- d-----w C:\Program Files\Bodog Poker2007-11-25 21:07 --------- d-----w C:\Program Files\MUSICMATCH2007-11-25 20:10 --------- d-----w C:\Program Files\Google2007-11-23 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo2007-11-23 10:15 --------- d-----w C:\Documents and Settings\Dustin Ogilvie\Application Data\Comodo2007-11-08 07:40 --------- d-----w C:\Program Files\Common Files\xing shared2007-11-08 07:40 --------- d-----w C:\Program Files\Common Files\Real2007-11-07 00:58 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys2007-11-04 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap2007-10-22 21:19 --------- d-----w C:\Program Files\Plato DVD Ripper Pro2007-10-22 18:44 --------- d-----w C:\Program Files\DIFX2007-10-22 18:44 --------- d-----w C:\Program Files\Common Files\ComponentOne2007-10-16 16:41 --------- d-----w C:\Documents and Settings\MCX4\Application Data\DivX2007-10-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink2007-10-15 04:25 --------- d-----w C:\Program Files\AviSynth 2.52007-10-15 04:25 --------- d-----w C:\Program Files\AutoGK2007-10-15 04:24 --------- d-----w C:\Program Files\Gabest2007-10-15 02:53 --------- d-----w C:\Program Files\DivX2007-10-13 19:18 --------- d-----w C:\Program Files\AC3Filter2007-10-12 22:08 --------- d-----w C:\Program Files\MCE2006-11-01 15:23 60,736 ----a-w C:\Documents and Settings\Dustin Ogilvie\Application Data\GDIPFONTCACHEV1.DAT2006-04-05 15:49 251 -c--a-w C:\Program Files\wt3d.ini.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 21:41]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-12 00:47]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 10:19]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 10:17]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 19:17]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 19:13]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 19:17]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00]"Transcode360"="C:\Program Files\Transcode360\Transcode360Tray.exe" [2006-05-02 11:01]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-11-06 19:09]"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2007-11-23 04:15]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]C:\Documents and Settings\Dustin Ogilvie\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe [2007-07-20 11:57:16]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-28 20:45:50]Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dllR1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sysR1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sysR1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\system32\drivers\VCdRom.sysR2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exeR2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sysR2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exeS3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVES3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sysS3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]QWAVE REG_MULTI_SZ QWAVE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c6153f-2977-11dc-b6fc-0013021b3f00}]\Shell\AutoRun\command - F:\.\Start.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a182c8b6-1a36-11dc-b6f4-0015c5093a62}]\Shell\AutoRun\command - F:\LaunchU3.exe -a.**************************************************************************catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-12 15:40:45Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-12 15:43:23 - machine was rebooted.2007-11-14 02:49:02 --- E O F --- Link to post Share on other sites
Deucehearts Posted December 11, 2007 Author Report Share Posted December 11, 2007 Here is my new Hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 3:46:46 PM, on 12/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\ehome\RMSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Transcode360\Transcode360Tray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Comodo\Firewall\cfp.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\ehome\RMSysTry.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -sO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: FreshDownload - {46E72E01-FAB2-42AD-92BE-08BE4E092B5A} - C:\Program Files\FreshDevices\FreshDownload\fd.exeO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...065/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{329A3B50-741F-48E7-8D89-85E949C8982C}: NameServer = 192.168.0.1O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
jwbirdsong Posted December 12, 2007 Report Share Posted December 12, 2007 I KNOW I posted this yesterday....not sure why didn't show up..Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept"You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard)[*]Scan Options: Scan Archives Scan Mail Bases[*]Click OK [*]Now under select a target to scan select My Computer [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. [*]Now click on the Save report button.[*]Call it Kaspersky.txt[*]Expand the arrow beside "file types" and save as .txt file.[*]Save the file to your desktop. [*]Copy and paste that information in your next post.*NoteIf you have Internet Explorer 7 installed:If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.Page will reload and you should be able to carry on scan.If the KAV log has your email all over it -- please attach it rather than copy/paste. Link to post Share on other sites
Deucehearts Posted December 12, 2007 Author Report Share Posted December 12, 2007 ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, December 13, 2007 5:26:18 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/12/2007 Kaspersky Anti-Virus database records: 481147-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\ E:\Scan Statistics: Total number of scanned objects: 98558 Number of viruses found: 5 Number of infected objects: 10 Number of suspicious objects: 0 Duration of the scan process: 01:17:07Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro\cfplogdb.sdb Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41136c33078ae7c8a252278a39d2e7e5_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bfc75b932a68a56cdbd906b4f4013a9_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a51ad57536c82cf0d05bc788b8b7de39_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skippedC:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skippedC:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Application Data\$_hpcst$.hpc Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\Application Data\ApplicationHistory\Transcode360Tray.exe.c666da10.ini.inuse Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\Temp\WCESLog.log Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\ntuser.dat Object is locked skippedC:\Documents and Settings\Dustin Ogilvie\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\MCX3\ntuser.dat Object is locked skippedC:\Documents and Settings\MCX3\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skippedC:\Program Files\Transcode360\Transcode360_071212_1541_30328.log Object is locked skippedC:\qoobox\Quarantine\C\Program Files\ryvibatg\pufoxgpu.dll.vir Infected: Trojan-Downloader.Win32.Zlob.fec skippedC:\qoobox\Quarantine\C\WINDOWS\system32\vtutqnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.blv skippedC:\qoobox\Quarantine\catchme2007-12-12_154026.09.zip/hggdbcc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.blv skippedC:\qoobox\Quarantine\catchme2007-12-12_154026.09.zip ZIP: infected - 1 skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP440\A0061553.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.blw skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP440\A0061554.exe Infected: Trojan.Win32.Dialer.yz skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP441\A0061895.dll Infected: Trojan-Downloader.Win32.Zlob.fec skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP441\A0061896.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.blv skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP441\A0061901.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.blv skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\change.log Object is locked skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skippedC:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skippedC:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DBAF74EE-6F97-4F54-8FD8-3BBC8FFB60F8}.crmlog Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{62761B12-F535-4CA1-BD94-366F6F07398E}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{6E00FD28-478B-4E8F-9CB5-430017BF3745}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\Antivirus.Evt Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\DEFAULT Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\Media Ce.evt Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\SOFTWARE Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SYSTEM Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skippedC:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedC:\WINDOWS\Temp\Perflib_Perfdata_1e4.dat Object is locked skippedC:\WINDOWS\Temp\Perflib_Perfdata_848.dat Object is locked skippedC:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skippedC:\WINDOWS\Temp\_av_proI.tm~a04944\dld1.tmp Object is locked skippedC:\WINDOWS\Temp\_av_proI.tm~a04944\setup.lok Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedD:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedScan process completed. Link to post Share on other sites
jwbirdsong Posted December 13, 2007 Report Share Posted December 13, 2007 Look like we have everything. How is the machine running now?You NEED to update your Jave/JRE. Go to your Control Panel>Add/Remove and uninstall ALL Java/JRE programs. Reboot then go HERE and D/L and install the latest version (JRE6 update 3)Guide found HEREPost a final(?) HijackThis log and any commnets concerns about how the computer is running. Link to post Share on other sites
Deucehearts Posted December 13, 2007 Author Report Share Posted December 13, 2007 The computer is running a lot better now, thanks for all your help. Here is another hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 11:34:46 AM, on 12/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\ehome\RMSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Transcode360\Transcode360Tray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Comodo\Firewall\cfp.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\ehome\RMSysTry.exeC:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeC:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeC:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeC:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -sO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: FreshDownload - {46E72E01-FAB2-42AD-92BE-08BE4E092B5A} - C:\Program Files\FreshDevices\FreshDownload\fd.exeO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...065/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{329A3B50-741F-48E7-8D89-85E949C8982C}: NameServer = 192.168.0.1O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
jwbirdsong Posted December 13, 2007 Report Share Posted December 13, 2007 You've still got a/some old Java version on there C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe... but other than that looks real good.Make sure to look for and uninstall all the OLD java as they ARE a secuirty riskTime for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK[*] When shown the disclaimer, Select "2"The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present[*] Reset the clock settings.[*] Hide file extensions, if required.[*] Hide System/Hidden files, if required.[*] Reset System Restore.By deleteing the backups and reseting the System Restore we've taken acare of all the items found in the Kaspersly scan.Make SURE to read How Did I Get Infected in the First Place?? Link to post Share on other sites
Deucehearts Posted December 13, 2007 Author Report Share Posted December 13, 2007 Thanks for all your help everyone. Link to post Share on other sites
jwbirdsong Posted December 14, 2007 Report Share Posted December 14, 2007 No problem..it's why we're here. Link to post Share on other sites
jwbirdsong Posted December 14, 2007 Report Share Posted December 14, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts