Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Maybe anti virus xp2008 infection

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 25th August 2008   #1
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
Maybe anti virus xp2008 infection
Hi all, the wife has managed to download something pretty nasty and i am now getting pop ups galore the desktop has gone white and items have been removed from start up menu.

I will be using another pc to get files i may need for this repair as it is almost impossible on the infected machine.

I read that a HJT log is the first step so here is the results i got.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18: VIRUS ALERT!, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: run="C:\Documents and Settings\Administrator\Application Data\Adobe\Manager.exe"
O2 - BHO: {3c6dfc80-7ca8-76f8-dff4-6e629543a423} - {324a3459-26e6-4ffd-8f67-8ac708cfd6c3} - C:\WINDOWS\system32\zgrtal.dll
O2 - BHO: D - {400D5264-3D1D-398C-9DB6-95167DBA60EE} - C:\WINDOWS\kx43632.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [a472696a] rundll32.exe "C:\WINDOWS\system32\hhjpmolj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216061211562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Regi...18/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll zgrtal.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: vtqnxfko - {A7C2C03D-8FA7-4F4C-8183-6CABBF0B6F1F} - C:\WINDOWS\vtqnxfko.dll
O21 - SSODL: tsxngabr - {9BD51A2B-23E0-4E4E-85FA-7B13A41F9F57} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9685 bytes

Any help would be much appreciated with this matter as i really dont want to lose data and have to reinstall.

Regards

Tech
Technic is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 25th August 2008   #2
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
I may be charging in here but after reading a similar post on here i took the liberty of running combofix then HJT and will post the results now

ComboFix 08-08-24.02 - Administrator 2008-08-25 13:39:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.560 [GMT 1:00]
Running from: F:\Jays fix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Adobe\crc.dat
C:\Documents and Settings\Administrator\Application Data\Adobe\Manager.exe
C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\blotrdqm.dll
C:\WINDOWS\system32\hhjpmolj.dll
C:\WINDOWS\system32\jlompjhh.ini
C:\WINDOWS\system32\oUEfgMoq.ini
C:\WINDOWS\system32\oUEfgMoq.ini2
C:\WINDOWS\system32\vtUNFvuu.dll
C:\WINDOWS\system32\zgrtal.dll
C:\WINDOWS\vtqnxfko.dll

----- BITS: Possible infected sites -----

http://hqsextube08.com
.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-25 13:17 . 2008-08-25 13:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 13:04 . 2008-08-25 13:04 131,584 --a------ C:\Program Files\KB55771.exe
2008-08-25 13:04 . 2008-08-25 13:04 126,976 --a------ C:\WINDOWS\kx43632.dll
2008-08-25 12:32 . 2008-08-25 12:32 <DIR> d-------- C:\Program Files\SmartPCTools
2008-08-22 00:27 . 2008-08-22 00:53 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-22 00:27 . 2008-08-22 00:27 126,976 --a------ C:\WINDOWS\wxml19418.dll
2008-08-22 00:27 . 2008-08-21 09:13 98,304 --a------ C:\WINDOWS\emtb.exe
2008-08-22 00:27 . 2008-08-21 09:13 86,016 --a------ C:\WINDOWS\tqwolser.exe
2008-08-21 22:29 . 2008-08-21 22:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gamelab
2008-08-18 22:45 . 2008-08-18 22:45 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-18 22:44 . 2008-08-18 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-18 19:50 . 2008-08-18 19:50 244 --ah----- C:\sqmnoopt10.sqm
2008-08-18 19:50 . 2008-08-18 19:50 232 --ah----- C:\sqmdata10.sqm
2008-08-18 19:39 . 2008-08-18 19:39 244 --ah----- C:\sqmnoopt09.sqm
2008-08-18 19:39 . 2008-08-18 19:39 232 --ah----- C:\sqmdata09.sqm
2008-08-18 19:32 . 2008-08-25 13:37 558 --a------ C:\WINDOWS\DFC.INI
2008-08-18 19:31 . 2008-08-18 19:31 244 --ah----- C:\sqmnoopt08.sqm
2008-08-18 19:31 . 2008-08-18 19:31 232 --ah----- C:\sqmdata08.sqm
2008-08-18 19:29 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-18 19:28 . 2008-08-18 19:28 <DIR> d-------- C:\Program Files\XpertVision
2008-08-18 19:28 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-18 19:28 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-08-18 19:26 . 2008-08-18 19:26 244 --ah----- C:\sqmnoopt07.sqm
2008-08-18 19:26 . 2008-08-18 19:26 232 --ah----- C:\sqmdata07.sqm
2008-08-18 19:25 . 2008-08-18 19:25 10 --a------ C:\WINDOWS\WININIT.INI
2008-08-12 17:17 . 2008-08-12 17:25 607,559,680 --a------ C:\VRMPOEM_EN.ISO
2008-08-12 17:15 . 2008-08-12 17:15 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-12 17:14 . 2008-08-12 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2008-08-12 17:12 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\ImgBurn
2008-08-09 02:48 . 2008-08-09 11:15 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-08-08 21:42 . 2008-08-08 21:42 <DIR> d-------- C:\Program Files\TVAntsX
2008-08-07 22:37 . 2008-08-07 22:37 <DIR> d-------- C:\Program Files\Azada
2008-08-07 22:37 . 2008-08-07 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-05 20:34 . 2008-08-05 20:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 20:17 . 2008-08-05 20:17 <DIR> d-------- C:\WINDOWS\Fashion Star
2008-08-05 20:17 . 2008-08-05 20:17 <DIR> d-------- C:\Program Files\Fashion Star
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Program Files\Vuze
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-05 19:50 . 2008-08-22 00:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\iPod
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\Bonjour
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-03 16:25 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-03 16:25 . 2008-08-03 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-02 15:44 . 2008-04-14 01:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-02 14:11 . 2008-08-09 10:51 <DIR> d-------- C:\Program Files\SopCast
2008-08-02 03:35 . 2008-08-02 03:35 244 --ah----- C:\sqmnoopt06.sqm
2008-08-02 03:35 . 2008-08-02 03:35 232 --ah----- C:\sqmdata06.sqm
2008-08-02 02:31 . 2008-08-02 02:31 244 --ah----- C:\sqmnoopt05.sqm
2008-08-02 02:31 . 2008-08-02 02:31 232 --ah----- C:\sqmdata05.sqm
2008-07-31 23:34 . 2008-07-31 23:34 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 23:34 . 2008-07-31 23:34 232 --ah----- C:\sqmdata04.sqm
2008-07-31 00:10 . 2008-07-31 00:10 244 --ah----- C:\sqmnoopt03.sqm
2008-07-31 00:10 . 2008-07-31 00:10 232 --ah----- C:\sqmdata03.sqm
2008-07-30 23:32 . 2008-07-30 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Saved Games
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\MicroGaming
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-07-28 19:09 . 2008-07-29 22:02 <DIR> d-------- C:\Program Files\Kudos
2008-07-28 19:09 . 2008-07-28 19:09 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-28 19:08 . 2008-07-28 19:08 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-28 13:03 . 2008-07-28 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-07-28 13:03 . 2008-08-05 22:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-28 13:02 . 2008-07-28 13:02 <DIR> d-------- C:\Program Files\Java
2008-07-28 13:02 . 2008-07-28 13:02 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-28 13:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 13:01 . 2008-07-28 13:01 <DIR> d-------- C:\Program Files\LimeWire
2008-07-26 21:00 . 2008-07-26 21:38 <DIR> d-------- C:\Program Files\Crumb_at

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 23:09 --------- d-----w C:\Program Files\MSN Games
2008-08-21 22:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 18:26 --------- d-----w C:\Program Files\ATI Technologies
2008-07-24 20:01 --------- d-----w C:\Program Files\Google
2008-07-22 22:47 --------- d-----w C:\Program Files\PuzzleHero_at
2008-07-19 12:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-07-19 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 11:56 --------- d-----w C:\Program Files\QuickPar
2008-07-18 22:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ArcadeTown
2008-07-17 21:35 --------- d-----w C:\Program Files\VIA
2008-07-17 21:25 --------- d-----w C:\Program Files\iPrep 101
2008-07-17 21:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xbins
2008-07-17 21:04 --------- d-----w C:\Program Files\X-Projects
2008-07-16 15:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-15 17:57 --------- d-----w C:\Program Files\XP Codec Pack
2008-07-15 17:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-15 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-15 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-15 16:50 --------- d-----w C:\Program Files\Nero
2008-07-15 16:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NewsLeecher
2008-07-15 16:46 --------- d-----w C:\Program Files\NewsLeecher
2008-07-15 16:41 --------- d-----w C:\Program Files\Windows Live
2008-07-15 16:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-15 16:11 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-15 16:11 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-15 16:11 --------- d-----w C:\Program Files\AVG
2008-07-15 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 15:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 19:19 --------- d-----w C:\Program Files\Intel
2008-07-14 19:16 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-14 19:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-14 18:50 --------- d-----w C:\Program Files\NOS
2008-07-14 18:23 --------- d-----w C:\Program Files\Realtek
2008-07-14 16:49 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400D5264-3D1D-398C-9DB6-95167DBA60EE}]
2008-08-25 13:04 126976 --a------ C:\WINDOWS\kx43632.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 11:13 152872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"Registry Repair Wizard Scheduler"="C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2008-07-05 04:12 1495040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 11:47 151552]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 17:11 1232152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 08:27 570664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"TBPanel"="C:\Program Files\XpertVision\TBPanel.exe" [2008-01-29 11:20 2157064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-08 18:53 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 18:53 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-08 18:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll zgrtal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\drive data\\My xbox 360 stuff\\Xbins\\xbins.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 17:11]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 17:11]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 17:11]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 17:11]
S3 DualCoreCenter;DualCoreCenter;C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
S3 RushTopDevice2;RushTopDevice2;C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{887efc11-51ca-11dd-935d-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-a472696a - C:\WINDOWS\system32\hhjpmolj.dll
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O16 -: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
C:\WINDOWS\Downloaded Program Files\SETUP.INF

O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
C:\WINDOWS\Downloaded Program Files\accounttracking.dll

O16 -: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/stream.ocx
C:\WINDOWS\Downloaded Program Files\stream.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 13:42:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-25 13:43:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 12:43:53

Pre-Run: 377,710,460,928 bytes free
Post-Run: 379,068,358,656 bytes free

268 --- E O F --- 2008-08-18 18:38:57
Technic is offline   Reply With Quote
Old 25th August 2008   #3
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
Nd here is the HJT log file, doing this has restored my desktop and has far less pop ups so i then ran atf cleaner the tried to run anm online kaspersky scan but i get the error, java applet cannot be loaded try again online.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: D - {400D5264-3D1D-398C-9DB6-95167DBA60EE} - C:\WINDOWS\kx43632.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216061211562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Regi...18/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll zgrtal.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 8946 bytes
Technic is offline   Reply With Quote
Old 25th August 2008   #4
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
Ok got a web scan to run here is the results

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 15:15:15
Records in database: 1144482


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
F:\

Scan statistics
Files scanned 49633
Threat name 6
Infected objects 14
Suspicious objects 0
Duration of the scan 00:58:42

File name Threat name Threats count
C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\Preview-T-3545425-basehunter all i ever wanted.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\Preview-T-3545425-closer stonebridge remix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\Preview-T-5745425-basehunters all i ever wanted.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\Preview-T-5745425-closer remix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-3545425-basehunter all i ever wanted.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-3545425-closer stonebridge remix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-basehunters all i ever wanted.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5745425-closer remix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\drive data\Owner\Shared\RAP\bruce lee game over.wm Infected: Trojan-Downloader.WMA.Wimad.m 1

C:\drive data\PC Repair\Ahead.Nero.v7.7.5.1.Incl.Keymaker-EMBRACE works with vista\Nero-7.7.5.1_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

C:\drive data\PC Repair\RegCure 1.3 + Crack\RegCure 1.3 + Crack.zip Infected: Email-Worm.Win32.Doombot.x 1

C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Application Data\Adobe\Manager.exe.vir Infected: Trojan.Win32.Small.xqy 1

C:\QooBox\Quarantine\C\WINDOWS\system32\blotrdqm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zgrtal.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

The selected area was scanned.
Technic is offline   Reply With Quote
Old 26th August 2008   #5
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi Technic

Ok these are infected, and all from LimeWire I'm sure. they need to be deleted.

Preview-T-3545425-closer stonebridge remix.mp3
Preview-T-5745425-basehunters all i ever wanted.mp3
Preview-T-5745425-closer remix.mp3
T-3545425-basehunter all i ever wanted.mp3
T-3545425-closer stonebridge remix.mp3
T-5745425-basehunters all i ever wanted.mp3
T-5745425-closer remix.mp3
bruce lee game over.wm
RegCure 1.3 + Crack
Ahead.Nero.v7.7.5.1 <<AdWare


P2P software ( Limewire, BitTorrent uTorrent Azureus, etc… ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.

Now do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:
File::
C:\Program Files\KB55771.exe
C:\WINDOWS\kx43632.dll
C:\WINDOWS\wxml19418.dll
C:\WINDOWS\emtb.exe
C:\WINDOWS\tqwolser.exe
C:\WINDOWS\system32\nvModes.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400D5264-3D1D-398C-9DB6-95167DBA60EE}]
Now this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the Combofix log and the MBAM log.

Thanks
Geri
Geri is offline   Reply With Quote
Old 27th August 2008   #6
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
Hi there and thanks for the reply.

All your advice is noted and the wife is gonna be upset when i remove limewire but i told her it was the cause of a lot of this kind of problem, anyways here are the reports you asked for.

ComboFix 08-08-24.02 - Administrator 2008-08-27 19:30:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.604 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\KB55771.exe
C:\WINDOWS\emtb.exe
C:\WINDOWS\kx43632.dll
C:\WINDOWS\system32\nvModes.dat
C:\WINDOWS\tqwolser.exe
C:\WINDOWS\wxml19418.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\kx43632.dll
C:\WINDOWS\system32\nvModes.dat
C:\WINDOWS\wxml19418.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-25 18:43 . 2008-08-25 18:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-25 18:43 . 2008-08-25 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-25 18:30 . 2008-08-25 18:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 18:30 . 2008-08-25 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 18:30 . 2008-08-25 18:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-25 18:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-25 18:30 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 14:30 . 2008-08-25 14:30 <DIR> d-------- C:\Program Files\Panda Security
2008-08-25 14:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-25 13:17 . 2008-08-25 13:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 12:32 . 2008-08-25 12:32 <DIR> d-------- C:\Program Files\SmartPCTools
2008-08-22 00:27 . 2008-08-25 15:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-21 22:29 . 2008-08-21 22:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gamelab
2008-08-18 22:44 . 2008-08-18 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-18 19:50 . 2008-08-18 19:50 244 --ah----- C:\sqmnoopt10.sqm
2008-08-18 19:50 . 2008-08-18 19:50 232 --ah----- C:\sqmdata10.sqm
2008-08-18 19:39 . 2008-08-18 19:39 244 --ah----- C:\sqmnoopt09.sqm
2008-08-18 19:39 . 2008-08-18 19:39 232 --ah----- C:\sqmdata09.sqm
2008-08-18 19:32 . 2008-08-27 19:27 558 --a------ C:\WINDOWS\DFC.INI
2008-08-18 19:31 . 2008-08-18 19:31 244 --ah----- C:\sqmnoopt08.sqm
2008-08-18 19:31 . 2008-08-18 19:31 232 --ah----- C:\sqmdata08.sqm
2008-08-18 19:29 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-18 19:28 . 2008-08-18 19:28 <DIR> d-------- C:\Program Files\XpertVision
2008-08-18 19:28 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-18 19:28 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-08-18 19:26 . 2008-08-18 19:26 244 --ah----- C:\sqmnoopt07.sqm
2008-08-18 19:26 . 2008-08-18 19:26 232 --ah----- C:\sqmdata07.sqm
2008-08-18 19:25 . 2008-08-18 19:25 10 --a------ C:\WINDOWS\WININIT.INI
2008-08-12 17:15 . 2008-08-12 17:15 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-12 17:14 . 2008-08-12 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2008-08-12 17:12 . 2008-08-12 17:12 <DIR> d-------- C:\Program Files\ImgBurn
2008-08-09 02:48 . 2008-08-09 11:15 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-08-08 21:42 . 2008-08-08 21:42 <DIR> d-------- C:\Program Files\TVAntsX
2008-08-07 22:37 . 2008-08-07 22:37 <DIR> d-------- C:\Program Files\Azada
2008-08-07 22:37 . 2008-08-07 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
2008-08-05 20:35 . 2008-08-27 13:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-05 20:34 . 2008-08-05 20:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 20:17 . 2008-08-05 20:17 <DIR> d-------- C:\WINDOWS\Fashion Star
2008-08-05 20:17 . 2008-08-05 20:17 <DIR> d-------- C:\Program Files\Fashion Star
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Program Files\Vuze
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-05 19:50 . 2008-08-22 00:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\iPod
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\Bonjour
2008-08-03 16:26 . 2008-08-03 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-03 16:25 . 2008-08-03 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-03 16:25 . 2008-08-03 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-03 16:25 . 2008-08-03 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-02 15:44 . 2008-04-14 01:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-02 14:11 . 2008-08-09 10:51 <DIR> d-------- C:\Program Files\SopCast
2008-08-02 03:35 . 2008-08-02 03:35 244 --ah----- C:\sqmnoopt06.sqm
2008-08-02 03:35 . 2008-08-02 03:35 232 --ah----- C:\sqmdata06.sqm
2008-08-02 02:31 . 2008-08-02 02:31 244 --ah----- C:\sqmnoopt05.sqm
2008-08-02 02:31 . 2008-08-02 02:31 232 --ah----- C:\sqmdata05.sqm
2008-07-31 23:34 . 2008-07-31 23:34 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 23:34 . 2008-07-31 23:34 232 --ah----- C:\sqmdata04.sqm
2008-07-31 00:10 . 2008-07-31 00:10 244 --ah----- C:\sqmnoopt03.sqm
2008-07-31 00:10 . 2008-07-31 00:10 232 --ah----- C:\sqmdata03.sqm
2008-07-30 23:32 . 2008-07-30 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Saved Games
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\MicroGaming
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
2008-07-30 17:08 . 2008-07-30 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-07-28 19:09 . 2008-07-29 22:02 <DIR> d-------- C:\Program Files\Kudos
2008-07-28 19:09 . 2008-07-28 19:09 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-28 19:08 . 2008-07-28 19:08 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-28 13:03 . 2008-07-28 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-07-28 13:03 . 2008-08-05 22:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-28 13:02 . 2008-07-28 13:02 <DIR> d-------- C:\Program Files\Java
2008-07-28 13:02 . 2008-07-28 13:02 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-28 13:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 13:01 . 2008-07-28 13:01 <DIR> d-------- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 23:09 --------- d-----w C:\Program Files\MSN Games
2008-08-21 22:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 18:26 --------- d-----w C:\Program Files\ATI Technologies
2008-07-26 20:38 --------- d-----w C:\Program Files\Crumb_at
2008-07-24 20:01 --------- d-----w C:\Program Files\Google
2008-07-22 22:47 --------- d-----w C:\Program Files\PuzzleHero_at
2008-07-19 12:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-07-19 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 11:56 --------- d-----w C:\Program Files\QuickPar
2008-07-18 22:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ArcadeTown
2008-07-17 21:35 --------- d-----w C:\Program Files\VIA
2008-07-17 21:25 --------- d-----w C:\Program Files\iPrep 101
2008-07-17 21:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xbins
2008-07-17 21:04 --------- d-----w C:\Program Files\X-Projects
2008-07-16 15:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-15 17:57 --------- d-----w C:\Program Files\XP Codec Pack
2008-07-15 17:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-15 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-15 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-15 16:50 --------- d-----w C:\Program Files\Nero
2008-07-15 16:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NewsLeecher
2008-07-15 16:46 --------- d-----w C:\Program Files\NewsLeecher
2008-07-15 16:41 --------- d-----w C:\Program Files\Windows Live
2008-07-15 16:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-15 16:11 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-15 16:11 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-15 16:11 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-15 16:11 --------- d-----w C:\Program Files\AVG
2008-07-15 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 15:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 19:19 --------- d-----w C:\Program Files\Intel
2008-07-14 19:16 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-14 19:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-14 18:50 --------- d-----w C:\Program Files\NOS
2008-07-14 18:23 --------- d-----w C:\Program Files\Realtek
2008-07-14 16:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 11:13 152872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-27 13:50 1576176]
"Registry Repair Wizard Scheduler"="C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2008-07-05 04:12 1495040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 11:47 151552]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 17:11 1232152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 08:27 570664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"TBPanel"="C:\Program Files\XpertVision\TBPanel.exe" [2008-01-29 11:20 2157064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-08 18:53 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 18:53 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-08 18:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-27 13:50 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll zgrtal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\drive data\\My xbox 360 stuff\\Xbins\\xbins.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 17:11]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 17:11]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 17:11]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 17:11]
S3 DualCoreCenter;DualCoreCenter;C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
S3 RushTopDevice2;RushTopDevice2;C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{887efc11-51ca-11dd-935d-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 19:32:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\144a3c57-258e-45f8-8947-e9de62debdda.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-27 19:32:31
ComboFix-quarantined-files.txt 2008-08-27 18:32:29
ComboFix2.txt 2008-08-25 18:52:59

Pre-Run: 569,343,799,296 bytes free
Post-Run: 569,409,310,720 bytes free

243 --- E O F --- 2008-08-27 13:00:07
Technic is offline   Reply With Quote
Old 27th August 2008   #7
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
And now the malwarebytes log

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3

19:36:45 27/08/2008
mbam-log-08-27-2008 (19-36-45).txt

Scan type: Quick Scan
Objects scanned: 38166
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Technic is offline   Reply With Quote
Old 27th August 2008   #8
Member
 
Profile:
Join Date: Aug 2008
Posts: 7
Computer Experience:
intermediate
Technic Reputation Level
And the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1216061211562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Regi...18/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll zgrtal.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 8957 bytes
Technic is offline   Reply With Quote
Old 27th August 2008   #9
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
OK looks good.

Please do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing the infected files there as well.

Now one more Kaspersky scan and post the log.

Thanks
Geri
Geri is offline   Reply With Quote
Reply

« Not sure if I did right... | [Resolved]infostealer.gamepass cant find what files to remove please help! »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need to reinstall IE [HijackThis log] msbooch Malware and Virus Removal 30 27th May 2005 01:25
Collected.5.L AND Dropper.Agent.4.AH quest4u Malware and Virus Removal 10 21st May 2005 00:51
Microsoft visual c++ error Adam Wal Malware and Virus Removal 6 2nd February 2005 05:10
Slow PC and lots of pop-ups noesis Malware and Virus Removal 36 1st January 2005 04:08
Question on Trogan viruses. jbh General Security 6 31st August 2004 03:50


All times are GMT +1. The time now is 02:22.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33