Lurch987 Posted September 18, 2008 Report Share Posted September 18, 2008 I've been posting logs to fix my friends computer, but in the mean time my own computer got infected.I did some scans but it didn't get every thing. Getting pop ups.Here's the hjt:Logfile of HijackThis v1.99.1Scan saved at 11:58:49 PM, on 9/17/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\wscntfy.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\V0350Mon.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exeO4 - HKLM\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exeO4 - HKLM\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exeO4 - HKLM\..\Run: [\YUR76.exe] C:\Windows\system32\YUR76.exeO4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exeO4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exeO4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exeO4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exeO4 - HKLM\..\Run: [306342cb] rundll32.exe "C:\WINDOWS\system32\wqegmtbd.dll",bO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exeO4 - HKCU\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exeO4 - HKCU\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exeO4 - HKCU\..\Run: [\YUR76.exe] C:\Windows\system32\YUR76.exeO4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exeO4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exeO4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exeO4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exeO4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cabO16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookworma...ader_v10_en.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cabO16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: avgrsstx.dll xppqrf.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe Link to post Share on other sites
Andro1d Posted September 18, 2008 Report Share Posted September 18, 2008 Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please download this file - combofix.exe by sUBs Save it to your DesktopPlease, never rename Combofix unless instructed. Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box."%userprofile%\desktop\ComboFix.exe" /KillAll Click OK and this will start ComboFix in a special way. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.* Reconnect to the internet* Post the following logs/Reports: ComboFix.txt Fresh HijackThis log run after all the other tools have performed their cleanup. Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 Ran Combofix and it rebooted my computer.Now it's stuck on the blue shutdown screen. Link to post Share on other sites
Andro1d Posted September 19, 2008 Report Share Posted September 19, 2008 Hi,Please manually turn off your PC by holding the power button. Wait 5 minutes and turn it back on.Then please post the CF log from C:\ComboFix.txt Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 Here's the ComboFix logComboFix 08-09-16.05 - Owner 2008-09-18 19:27:01.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.179 [GMT -4:00]Running from: C:\Documents and Settings\Owner\desktop\ComboFix.exeCommand switches used :: /KillAllWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\PCHealthCenter\0.exeC:\Program Files\PCHealthCenter\2.gifC:\Program Files\PCHealthCenter\3.gifC:\Program Files\PCHealthCenter\sc.htmlC:\WINDOWS\system32\actskn43.ocxC:\WINDOWS\system32\buhdkcfe.iniC:\WINDOWS\system32\dbtmgeqw.iniC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\uryslccw.iniC:\WINDOWS\system32\vcyajtyo.dllC:\WINDOWS\system32\vyslas.dllC:\WINDOWS\system32\wDeeKkkj.iniC:\WINDOWS\system32\wDeeKkkj.ini2C:\xD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))).2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI2008-09-18 06:25 . 2008-09-18 06:24 137,344 --a------ C:\WINDOWS\system32\tcvdhd.dll2008-09-18 06:24 . 2008-09-18 06:24 137,344 --a------ C:\WINDOWS\system32\rvfduvbf.dll2008-09-17 01:40 . 2008-09-17 01:40 136,832 --a------ C:\WINDOWS\system32\bcamtryd.dll2008-09-16 15:26 . 2008-09-16 15:26 328,448 --a------ C:\WINDOWS\system32\jkkKeeDw.dll2008-09-16 15:16 . 2008-09-18 20:33 <DIR> d-------- C:\Program Files\PCHealthCenter2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe2008-09-01 20:30 . 2006-08-30 07:10 158,456 --------- C:\WINDOWS\system32\pxwma.dll2008-09-01 20:30 . 2006-08-30 07:10 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys2008-09-01 20:30 . 2006-08-30 07:10 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys2008-09-01 20:30 . 2006-08-30 07:10 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll2008-08-27 13:10 . 2008-08-27 13:10 244 --ah----- C:\sqmnoopt04.sqm2008-08-27 13:10 . 2008-08-27 13:10 232 --ah----- C:\sqmdata04.sqm.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-18 23:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update2008-09-05 12:01 --------- d-----w C:\Program Files\Creative2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-08-06 13:11 --------- d-----w C:\Program Files\Java2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ab3a1ea-08b8-4537-9be4-75014d32fe81}]2008-09-18 06:24 137344 --a------ C:\WINDOWS\system32\tcvdhd.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DAD6B9-06A8-4F66-A93F-ACBACC67B651}]2008-09-16 15:26 328448 --a------ C:\WINDOWS\system32\jkkKeeDw.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll xppqrf.dll tcvdhd.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe"=R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]R3 VF0350Vid;Live! Cam Video Chat (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]S3 gkmixern;gkmixern;C:\DOCUME~1\Owner\LOCALS~1\Temp\gkmixern.sys [ ]S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [ ]S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ].Contents of the 'Scheduled Tasks' folder.- - - - ORPHANS REMOVED - - - -BHO-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - C:\WINDOWS\system32\ljJDtqrp.dllWebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)HKCU-Run-\YUR27.exe - C:\Windows\system32\YUR27.exeHKCU-Run-\YUR28.exe - C:\Windows\system32\YUR28.exeHKCU-Run-\YUR29.exe - C:\Windows\system32\YUR29.exeHKCU-Run-\YUR76.exe - C:\Windows\system32\YUR76.exeHKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exeHKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exeHKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exeHKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exeHKLM-Run-\YUR27.exe - C:\Windows\system32\YUR27.exeHKLM-Run-\YUR28.exe - C:\Windows\system32\YUR28.exeHKLM-Run-\YUR29.exe - C:\Windows\system32\YUR29.exeHKLM-Run-\YUR76.exe - C:\Windows\system32\YUR76.exeHKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exeHKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exeHKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exeHKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exeHKLM-Run-306342cb - C:\WINDOWS\system32\wcclsyru.dllShellExecuteHooks-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - C:\WINDOWS\system32\ljJDtqrp.dllNotify-ljJDtqrp - ljJDtqrp.dll.------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l94vc8cl.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.facebook.com/home.php?FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-18 20:35:32Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgrsx.exe.**************************************************************************.Completion time: 2008-09-18 20:58:02 - machine was rebootedComboFix-quarantined-files.txt 2008-09-19 00:57:42Pre-Run: 7,706,095,616 bytes freePost-Run: 7,741,399,040 bytes free238 --- E O F --- 2008-09-10 07:07:00 Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 Here's a new HJT logLogfile of HijackThis v1.99.1Scan saved at 21:09, on 2008-09-18Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\fxssvc.exeC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\V0350Mon.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\explorer.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cabO16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cabO16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: avgrsstx.dll xppqrf.dll mgwlun.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe Link to post Share on other sites
Andro1d Posted September 19, 2008 Report Share Posted September 19, 2008 Hello again,1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\WINDOWS\system32\tcvdhd.dllC:\WINDOWS\system32\rvfduvbf.dllC:\WINDOWS\system32\bcamtryd.dllC:\WINDOWS\system32\jkkKeeDw.dllC:\sqmnoopt04.sqmC:\sqmdata04.sqmFolder::C:\Program Files\PCHealthCenterRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ab3a1ea-08b8-4537-9be4-75014d32fe81}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DAD6B9-06A8-4F66-A93F-ACBACC67B651}]3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log. Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 The program didn't run Link to post Share on other sites
Andro1d Posted September 19, 2008 Report Share Posted September 19, 2008 Ok, lets try a different approach.Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):[kill explorer]C:\WINDOWS\system32\tcvdhd.dllC:\WINDOWS\system32\rvfduvbf.dllC:\WINDOWS\system32\bcamtryd.dllC:\WINDOWS\system32\jkkKeeDw.dllC:\sqmnoopt04.sqmC:\sqmdata04.sqmC:\Program Files\PCHealthCenterHKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ab3a1ea-08b8-4537-9be4-75014d32fe81}HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DAD6B9-06A8-4F66-A93F-ACBACC67B651}[emptytemp][start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 (edited) That program hung on [emptytemp] and after a few minutes didn't respond. Up to that point everything was successful.I had to do a hard shutdown. I couldn't copy the results. Edited September 19, 2008 by Lurch987 Link to post Share on other sites
Andro1d Posted September 19, 2008 Report Share Posted September 19, 2008 Please go here and get the log.c:\_OTMoveIt\MovedFiles Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 There's no log there because it didn't finish.Anyway, I tried ComboFix again and it worked. Here's the log along with a new HJT.ComboFix 08-09-16.05 - Owner 2008-09-18 22:55:12.2 - NTFSx86Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\wDeeKkkj.iniC:\WINDOWS\system32\wDeeKkkj.ini2.((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))).2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI2008-09-18 22:10 . 2008-09-18 22:10 <DIR> d-------- C:\_OTMoveIt2008-09-18 21:03 . 2008-09-18 21:03 137,344 --a------ C:\WINDOWS\system32\qdoahcie.dll2008-09-18 21:03 . 2008-09-18 21:03 137,344 --a------ C:\WINDOWS\system32\mgwlun.dll2008-09-18 21:01 . 2008-09-18 21:01 137,344 --a------ C:\WINDOWS\system32\qsxjef.dll2008-09-18 21:01 . 2008-09-18 21:01 137,344 --a------ C:\WINDOWS\system32\iuujefha.dll2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe2008-09-01 20:30 . 2006-08-30 07:10 158,456 --a------ C:\WINDOWS\system32\pxwma.dll2008-09-01 20:30 . 2006-08-30 07:10 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys2008-09-01 20:30 . 2006-08-30 07:10 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys2008-09-01 20:30 . 2006-08-30 07:10 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-19 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update2008-09-05 12:01 --------- d-----w C:\Program Files\Creative2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-08-06 13:11 --------- d-----w C:\Program Files\Java2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll xppqrf.dll mgwlun.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe"=R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]R3 VF0350Vid;Live! Cam Video Chat (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]S3 gkmixern;gkmixern;C:\DOCUME~1\Owner\LOCALS~1\Temp\gkmixern.sys [ ]S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [ ]S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [ ].Contents of the 'Scheduled Tasks' folder.- - - - ORPHANS REMOVED - - - -BHO-{A245C37E-79E3-46C6-AB8A-60FBCB516B9C} - C:\WINDOWS\system32\jkkKeeDw.dll**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-18 23:09:19Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\searchindexer.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\WINDOWS\system32\searchprotocolhost.exeC:\WINDOWS\system32\searchfilterhost.exe.**************************************************************************.Completion time: 2008-09-18 23:27:00 - machine was rebootedComboFix-quarantined-files.txt 2008-09-19 03:26:43ComboFix2.txt 2008-09-19 00:58:06Pre-Run: 7,667,306,496 bytes freePost-Run: 7,651,119,104 bytes free193 --- E O F --- 2008-09-10 07:07:00Logfile of HijackThis v1.99.1Scan saved at 23:30, on 2008-09-18Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\fxssvc.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\V0350Mon.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cabO16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cabO16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: avgrsstx.dll xppqrf.dll mgwlun.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe Link to post Share on other sites
Andro1d Posted September 19, 2008 Report Share Posted September 19, 2008 Hey,Please delete the old CFScript off of your dektop.1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\WINDOWS\system32\tcvdhd.dllC:\WINDOWS\system32\rvfduvbf.dllC:\WINDOWS\system32\bcamtryd.dllC:\WINDOWS\system32\jkkKeeDw.dllC:\sqmnoopt04.sqmC:\sqmdata04.sqmC:\WINDOWS\system32\qdoahcie.dllC:\WINDOWS\system32\mgwlun.dllC:\WINDOWS\system32\qsxjef.dllC:\WINDOWS\system32\iuujefha.dllFolder::C:\Program Files\PCHealthCenterRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ab3a1ea-08b8-4537-9be4-75014d32fe81}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DAD6B9-06A8-4F66-A93F-ACBACC67B651}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log. Link to post Share on other sites
Lurch987 Posted September 19, 2008 Author Report Share Posted September 19, 2008 Here it is again.ComboFix 08-09-16.05 - Owner 2008-09-19 0:05:08.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.159 [GMT -4:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\iuujefha.dllC:\WINDOWS\system32\mgwlun.dllC:\WINDOWS\system32\qdoahcie.dllC:\WINDOWS\system32\qsxjef.dll.((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))).2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI2008-09-18 22:10 . 2008-09-18 22:10 <DIR> d-------- C:\_OTMoveIt2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\HGTV Landscapes Screensaver2008-09-05 07:57 . 2008-09-05 07:57 <DIR> d-------- C:\Live! Cam2008-09-01 20:47 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\muvee Technologies2008-09-01 20:41 . 2008-09-01 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative2008-09-01 20:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd2008-09-01 20:32 . 2007-06-14 09:52 90,112 --a------ C:\WINDOWS\CtDrvIns.exe2008-09-01 20:32 . 2007-03-02 14:30 670 -ra------ C:\WINDOWS\CtDrvIns.exe.manifest2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll2008-09-01 20:31 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll2008-09-01 20:31 . 2005-07-07 01:07 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll2008-09-01 20:31 . 2007-03-28 01:01 20,480 --a------ C:\WINDOWS\system32\V0350Srv.exe2008-09-01 20:30 . 2006-08-30 07:10 158,456 --a------ C:\WINDOWS\system32\pxwma.dll2008-09-01 20:30 . 2006-08-30 07:10 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys2008-09-01 20:30 . 2006-08-30 07:10 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys2008-09-01 20:30 . 2006-08-30 07:10 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\muvee Technologies2008-09-01 20:29 . 2008-09-01 20:29 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies2008-09-01 20:28 . 2008-09-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys2008-09-01 20:28 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-09-01 20:27 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys2008-09-01 20:26 . 2008-09-01 20:26 <DIR> d-------- C:\Program Files\SightSpeed2008-09-01 20:21 . 2006-08-29 04:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-19 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-09-16 22:02 --------- d-----w C:\Program Files\SpywareBlaster2008-09-16 12:30 --------- d-----w C:\Program Files\a-squared Free2008-09-13 02:49 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll2008-09-10 12:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire2008-09-08 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-07 16:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer2008-09-07 11:08 --------- d-----w C:\Program Files\Apple Software Update2008-09-05 12:01 --------- d-----w C:\Program Files\Creative2008-09-02 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative2008-08-29 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-08-29 19:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys2008-08-21 08:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys2008-08-21 06:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll2008-08-21 06:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll2008-08-21 06:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll2008-08-21 06:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll2008-08-21 06:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll2008-08-21 06:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe2008-08-21 06:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll2008-08-21 06:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe2008-08-21 06:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL2008-08-21 06:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll2008-08-21 05:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll2008-08-21 05:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll2008-08-21 05:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll2008-08-21 05:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll2008-08-21 05:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll2008-08-21 05:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll2008-08-21 05:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll2008-08-21 05:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll2008-08-21 05:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll2008-08-21 05:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight2008-08-15 04:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search2008-08-15 02:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search2008-08-15 02:35 --------- d-----w C:\Program Files\Windows Desktop Search2008-08-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-08-06 13:11 --------- d-----w C:\Program Files\Java2008-08-06 01:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-07-04 13:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll2008-07-04 07:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll2008-06-24 22:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll2007-06-11 22:15 50 --sh--r C:\Program Files\Common Files\desSktop.ini2007-01-16 03:07 299 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb1942.dat2006-06-03 00:17 167,064 ----a-w C:\Program Files\custom.dat2006-06-03 00:17 0 -c--a-w C:\Program Files\landgen.log2006-06-02 23:50 0 -c--a-w C:\Program Files\rew2.log2006-02-07 22:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll2005-02-05 22:51 1,638 ----a-w C:\Program Files\INSTALL.LOG2005-01-25 14:05 512,103 ----a-w C:\Program Files\StarterSetup.exe2004-10-27 21:43 249,608 ----a-w C:\Program Files\Uninst.isu2002-06-04 10:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe1999-05-26 16:23 70,541 -c--a-w C:\Program Files\readme.rtf1999-05-26 16:23 3,265,024 ----a-w C:\Program Files\wa.exe1999-04-26 18:29 83,456 ------r C:\Program Files\DirectX2D.dll1999-04-26 18:28 240,128 ------r C:\Program Files\DXMfc.dll1999-04-26 18:28 10,240 ------r C:\Program Files\DirectSound.dll1999-03-31 17:00 2,257,920 ------w C:\Program Files\HSBRCiv.exe1999-03-29 17:48 34,304 ------r C:\Program Files\lfbmp10N.dll1999-03-29 17:48 31,744 ------r C:\Program Files\lflmb10N.dll1999-03-29 17:48 297,984 ------r C:\Program Files\ltkrn10N.dll1999-03-29 17:48 27,648 ------r C:\Program Files\lftga10N.dll1999-03-29 17:48 269,312 ------r C:\Program Files\LFCMP10N.DLL1999-03-29 17:48 105,472 ------r C:\Program Files\ltfil10N.DLL1999-01-09 16:42 132,608 ------r C:\Program Files\Landgen.exe1998-12-23 14:06 9,304 ------r C:\Program Files\thm01309.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01308.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01307.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01306.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01305.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01304.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01303.dat1998-12-23 14:06 9,304 ------r C:\Program Files\thm01302.dat1998-05-12 00:01 954,128 ------r C:\Program Files\MFC42.DLL1998-05-12 00:01 280,576 ------r C:\Program Files\MSVCRT.DLL2008-06-14 07:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat2008-06-14 07:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat2008-06-14 07:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 61440]"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe"=.Contents of the 'Scheduled Tasks' folder.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-19 00:13:46Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-19 0:29:52ComboFix-quarantined-files.txt 2008-09-19 04:29:38ComboFix2.txt 2008-09-19 03:27:06ComboFix3.txt 2008-09-19 00:58:06Pre-Run: 7,632,138,240 bytes freePost-Run: 7,614,627,840 bytes free200 --- E O F --- 2008-09-10 07:07:00Logfile of HijackThis v1.99.1Scan saved at 00:36, on 2008-09-19Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\V0350Mon.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbc.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exeO4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeO4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cabO16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171635541706O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171647865140O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cabO16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe Link to post Share on other sites
Andro1d Posted September 21, 2008 Report Share Posted September 21, 2008 Hey,Please do an online scan with Kaspersky WebScannerI highly recommend using Internet Explorer for best results!Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.Once they are downloaded, the database will be updated.Please accept any ActiveX or Java notificationsAfter the files have been updated, go to the left side of the page under the Scan section and select My Computer.This will start the program and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post. Link to post Share on other sites
Lurch987 Posted September 22, 2008 Author Report Share Posted September 22, 2008 Monday, September 22, 2008Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Sunday, September 21, 2008 17:55:35Records in database: 1248303Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\C:\D:\E:\ Scan statistics Files scanned 167495 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 04:56:35 No malware has been detected. The scan area is clean. The selected area was scanned. Link to post Share on other sites
Andro1d Posted September 23, 2008 Report Share Posted September 23, 2008 Nice job your log looks clean!Please use the following suggestions to help prevent reinfection.Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK [*] When shown the disclaimer, Select "2"The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present[*] Reset the clock settings.[*] Hide file extensions, if required.[*] Hide System/Hidden files, if required.[*] Reset System Restore.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system. **Tutorial on installing & using this product can be found HERE**SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**ZonedOut - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.**Tutorial on Firewalls can be found HERE**It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.Finally, I strongly recommend How did I get infected in the first place? (by Tony Klein)Good luck and safe surfing Link to post Share on other sites
Lurch987 Posted September 23, 2008 Author Report Share Posted September 23, 2008 Thank you! Link to post Share on other sites
Andro1d Posted September 23, 2008 Report Share Posted September 23, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts