"Malicious Software was detected"

sassy14udd · 2007/10/10

Thats what this little talk bubble is pooping up n saying on my task bar...to the right hand corner of the screen.
Ran Adaware.
Had a VirtuMundo that it said it deleted
Ran again n safe mode...& "deleted" it again...I thought...
Do my scans online usually for viruses...
Have SuperAntiSpyware & the new HijackThis
Ran Adaware again this am & it didnt pick it up...
Whoas me...what ta do what ta do....lol
help plz
used to come here under Juey, have been here awhile but it wouldnt let me log on & I didnt have time to wait for your prompt reply to get me back in as Juey, I am starting classes 2day...at Kaplan U....for IT/Web Development!!!!
This bubble boinks & blinks...is drivin me nutz

sultan_emerr · 2007/10/10

Did you mean: Virtumonde?

Are you going to post your HJT log?

sassy14udd · 2007/10/10

kk
i am remembering theres a special place for that...will go run it now..ty sir

sassy14udd · 2007/10/11

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:51 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\TEMP\winitlvn.exe
C:\WINDOWS\TEMP\winbgahxw.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe
C:\Documents and Settings\sASSy\My Documents\DL\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6059 bytes

sassy14udd · 2007/10/11

DSS main.txt

Deckard's System Scanner v20070905.67
Run by sASSy on 2007-10-10 16:23:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
11: 2007-10-10 21:23:20 UTC - RP398 - Deckard's System Scanner Restore Point
10: 2007-10-10 17:01:58 UTC - RP397 - Software Distribution Service 3.0
9: 2007-10-10 08:00:24 UTC - RP396 - Software Distribution Service 3.0
8: 2007-10-10 07:04:47 UTC - RP395 - System Checkpoint
7: 2007-10-09 06:57:21 UTC - RP394 - System Checkpoint

-- First Restore Point --
1: 2007-10-03 20:55:29 UTC - RP388 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as sASSy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:59 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\TEMP\winitlvn.exe
C:\WINDOWS\TEMP\winbgahxw.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe
C:\Documents and Settings\sASSy\My Documents\DL\dss.exe
C:\DOCUME~1\sASSy\MYDOCU~1\DL\sASSy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6093 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - D:\New Folder\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "D:\New Folder\Dreamweaver MX\Dreamweaver.exe" "%1 "

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 epatap2k (SCM Parallel Port ATAPI Driver) - c:\windows\system32\drivers\epatap2k.sys <Not Verified; SCM Microsystems Inc.; Parallel port ATAPI driver>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 Tablet2k (Serial Tablet Port Driver) - "c:\windows\system32\drivers\tablet2k.sys" (file missing)
S3 TClass2k (Tablet Class Driver) - c:\windows\system32\drivers\tclass2k.sys <Not Verified; Tablet Driver; Tablet Class Driver for Win2000/XP>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UCTblHid (HID Tablet Port Driver) - c:\windows\system32\drivers\uctblhid.sys <Not Verified; Tablet Driver; HID Tablet Filter Driver For Win2000/XP>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 WinTabService (WinTab Service) - c:\windows\system32\drivers\wtsrv.exe <Not Verified; Tablet Driver; Tablet Driver for Win2000/XP>
S4 DomainService - c:\windows\system32\eiyrcxft.exe /service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: Logitech Cordless Dual USB Mouse & iTouch Keys
Device ID: USB\VID_046D&PID_C505&MI_01\6&13D2D5BA&0&0001
Manufacturer: Logitech
Name: Logitech Cordless Dual USB Mouse & iTouch Keys
PNP Device ID: USB\VID_046D&PID_C505&MI_01\6&13D2D5BA&0&0001
Service: LHidUsb

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0002
Manufacturer: Microsoft
Name: Motorola SURFboard SB5100 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0002
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0003
Manufacturer: Microsoft
Name: Linksys Wireless-G USB Network Adapter - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0003
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0004
Manufacturer: Microsoft
Name: Motorola SURFboard 4200 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0004
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0005
Manufacturer: Microsoft
Name: Motorola SURFboard SB5120 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0005
Service: PSched

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: SCM PPort ATAPI Adapter
Device ID: ROOT\UNKNOWN\0001
Manufacturer: SCM Corporation
Name: SCM PPort ATAPI Adapter
PNP Device ID: ROOT\UNKNOWN\0001
Service: epatap2k

-- Files created between 2007-09-10 and 2007-10-10 -----------------------------

2007-10-10 12:15:00 24064 --a------ C:\WINDOWS\system32\wdmfmc32.dll
2007-10-10 11:02:35 0 d-------- C:\Program Files\Microsoft Works2
2007-10-10 11:00:59 0 d-------- C:\Program Files\Microsoft Office2
2007-10-10 11:00:04 0 d-------- C:\Program Files\New Folder (3)
2007-10-10 10:59:56 0 d-------- C:\Program Files\New Folder (2)
2007-10-10 10:59:53 0 d-------- C:\Program Files\New Folder
2007-10-09 13:00:22 0 dr-h---c- C:\Documents and Settings\sASSy\Recent
2007-10-09 12:57:19 0 d-------- C:\Program Files\CCleaner
2007-10-08 08:37:14 0 d-------- C:\Program Files\NetZero
2007-10-08 08:37:09 0 d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2007-10-08 08:37:08 0 d-------- C:\NetZeroInstaller
2007-10-01 04:04:12 0 d------c- C:\Documents and Settings\sASSy\.limewire
2007-09-25 04:26:53 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-25 04:26:43 0 d-------- C:\Program Files\Amara - Menu Builder
2007-09-24 07:53:01 0 d-------- C:\Program Files\E-Mage for Web
2007-09-24 06:16:06 92672 --a------ C:\WINDOWS\unlite3.exe
2007-09-24 06:16:05 0 d-------- C:\Program Files\Bradbury
2007-09-23 23:53:29 1156 --a------ C:\WINDOWS\mozver.dat
2007-09-23 23:38:24 0 d------c- C:\Documents and Settings\sASSy\Application Data\Talkback
2007-09-23 23:37:52 0 d------c- C:\Documents and Settings\sASSy\Application Data\Mozilla
2007-09-23 15:43:43 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-09-23 15:24:42 0 d-------- C:\VundoFix Backups
2007-09-23 11:13:31 85568 --a------ C:\WINDOWS\system32\kwyaylkg.dll
2007-09-23 11:12:53 75328 --a------ C:\WINDOWS\system32\nuemvxxt.exe <Not Verified; ; DDC>
2007-09-23 03:53:17 0 d-------- C:\Program Files\Roxio
2007-09-23 03:47:35 0 d-------- C:\WINDOWS\Windowsnew
2007-09-22 18:12:16 0 d------c- C:\Documents and Settings\sASSy\Application Data\LimeWire
2007-09-22 10:09:18 0 d-------- C:\Program Files\YouSendIt
2007-09-22 08:02:47 86080 --a------ C:\WINDOWS\system32\whfbqivm.dll
2007-09-22 08:02:19 75328 --a------ C:\WINDOWS\system32\gurcynid.exe <Not Verified; ; DDC>
2007-09-18 10:40:56 0 d-------- C:\Program Files\Common Files\zqmq
2007-09-18 07:53:53 0 d-------- C:\Program Files\InetGet2
2007-09-17 21:50:29 176128 --a------ C:\WINDOWS\b.exe
2007-09-17 14:09:38 175104 --a------ C:\onoes.exe
2007-09-17 14:09:34 0 d--hs---- C:\Program Files\outlook
2007-09-17 14:09:34 0 d--hs--c- C:\Documents and Settings\sASSy\Complete
2007-09-17 00:19:37 0 d-------- C:\1

-- Find3M Report ---------------------------------------------------------------

2007-10-10 15:35:34 0 d-------- C:\Program Files\Hijack This
2007-10-09 20:44:42 0 d-------- C:\Program Files\Windows NT
2007-10-05 23:36:03 0 d-------- C:\Program Files\Java
2007-10-03 11:17:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-27 18:48:11 0 d-------- C:\Program Files\Adsen Thumbnailer
2007-09-24 07:56:10 9 --ah---c- C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2007-09-23 03:53:16 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-09-23 03:40:52 0 d-------- C:\Program Files\Common Files
2007-09-23 03:40:37 0 d-------- C:\Program Files\Sonic
2007-09-23 03:14:18 0 d------c- C:\Documents and Settings\sASSy\Application Data\U3
2007-09-22 10:09:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 07:59:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 20:29:58 0 d-------- C:\Program Files\Common Files\aolshare
2007-09-08 12:34:17 0 d-------- C:\Program Files\AnfyTeam
2007-08-30 17:41:49 1715200 --a------ C:\WINDOWS\Do not touch 2.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2007-08-30 10:14:36 106496 --a------ C:\WINDOWS\b147.exe
2007-08-30 01:18:56 0 d-------- C:\Program Files\FriendFinder
2007-08-21 13:11:41 1978368 --a------ C:\WINDOWS\meB.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2007-08-19 00:23:25 0 d------c- C:\Documents and Settings\sASSy\Application Data\Roxio
2007-08-18 12:27:15 0 d------c- C:\Documents and Settings\sASSy\Application Data\MSN6
2007-08-11 01:51:58 0 d------c- C:\Documents and Settings\sASSy\Application Data\CursorArts
2007-08-11 01:45:58 0 d-------- C:\Program Files\InAlbum Lite Edition
2007-07-31 09:38:45 1244027 --a------ C:\WINDOWS\Cats.scr <Not Verified; Xara Group Ltd.; XaraCube Screen Saver>
2007-07-19 06:10:58 90112 --a------ C:\WINDOWS\b143.exe
2007-07-11 02:29:38 48640 --a------ C:\WINDOWS\b103.exe

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2007-10-10 16:25:37 ------------

sassy14udd · 2007/10/11

ok...couple things...
lol I clicked on the bubble trying to X it out, I guess I missed and the Windows Malicious Software deal came up saying it couldnt delete what it needed to...
Tried to run the cleaner but it wouldnt run, the box just hung...so i ran it in safe mode...
ran deckard again...heres the log...(ran it in safe mode too if you want that 1 also) this one was NOT run in safe mode
I am also not able to download n e thing, pics yes, but not from a file box when I hit save or run nothing happens now....havent tried it since the cleaner tho...will let you know when you answer me...
ty sm for all your help

Deckard's System Scanner v20070905.67
Run by sASSy on 2007-10-11 02:48:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as sASSy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:12 AM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\NetZero\exec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Documents and Settings\sASSy\My Documents\DL\dss.exe
C:\DOCUME~1\sASSy\MYDOCU~1\DL\sASSy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 5929 bytes

-- Files created between 2007-09-11 and 2007-10-11 -----------------------------

2007-10-11 02:47:07 24064 --a------ C:\WINDOWS\system32\wdmfmc32.dll
2007-10-11 02:44:43 0 d-------- C:\Deckard2
2007-10-10 23:40:13 0 d-------- C:\Program Files\Adsen Thumbnailer
2007-10-10 16:22:55 0 d-------- C:\Deckard1
2007-10-10 11:02:35 0 d-------- C:\Program Files\Microsoft Works2
2007-10-10 11:00:59 0 d-------- C:\Program Files\Microsoft Office2
2007-10-10 11:00:04 0 d-------- C:\Program Files\New Folder (3)
2007-10-10 10:59:56 0 d-------- C:\Program Files\New Folder (2)
2007-10-10 10:59:53 0 d-------- C:\Program Files\New Folder
2007-10-09 13:00:22 0 dr-h---c- C:\Documents and Settings\sASSy\Recent
2007-10-09 12:57:19 0 d-------- C:\Program Files\CCleaner
2007-10-08 08:37:14 0 d-------- C:\Program Files\NetZero
2007-10-08 08:37:09 0 d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2007-10-08 08:37:08 0 d-------- C:\NetZeroInstaller
2007-10-01 04:04:12 0 d------c- C:\Documents and Settings\sASSy\.limewire
2007-09-25 04:26:53 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-25 04:26:43 0 d-------- C:\Program Files\Amara - Menu Builder
2007-09-24 07:53:01 0 d-------- C:\Program Files\E-Mage for Web
2007-09-24 06:16:06 92672 --a------ C:\WINDOWS\unlite3.exe
2007-09-24 06:16:05 0 d-------- C:\Program Files\Bradbury
2007-09-23 23:53:29 1156 --a------ C:\WINDOWS\mozver.dat
2007-09-23 23:38:24 0 d------c- C:\Documents and Settings\sASSy\Application Data\Talkback
2007-09-23 23:37:52 0 d------c- C:\Documents and Settings\sASSy\Application Data\Mozilla
2007-09-23 15:43:43 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-09-23 15:24:42 0 d-------- C:\VundoFix Backups
2007-09-23 11:13:31 85568 --a------ C:\WINDOWS\system32\kwyaylkg.dll
2007-09-23 11:12:53 75328 --a------ C:\WINDOWS\system32\nuemvxxt.exe <Not Verified; ; DDC>
2007-09-23 03:53:17 0 d-------- C:\Program Files\Roxio
2007-09-23 03:47:35 0 d-------- C:\WINDOWS\Windowsnew
2007-09-22 18:12:16 0 d------c- C:\Documents and Settings\sASSy\Application Data\LimeWire
2007-09-22 10:09:18 0 d-------- C:\Program Files\YouSendIt
2007-09-22 08:02:47 86080 --a------ C:\WINDOWS\system32\whfbqivm.dll
2007-09-22 08:02:19 75328 --a------ C:\WINDOWS\system32\gurcynid.exe <Not Verified; ; DDC>
2007-09-18 10:40:56 0 d-------- C:\Program Files\Common Files\zqmq
2007-09-18 07:53:53 0 d-------- C:\Program Files\InetGet2
2007-09-17 21:50:29 176128 --a------ C:\WINDOWS\b.exe
2007-09-17 14:09:38 175104 --a------ C:\onoes.exe
2007-09-17 14:09:34 0 d--hs---- C:\Program Files\outlook
2007-09-17 14:09:34 0 d--hs--c- C:\Documents and Settings\sASSy\Complete
2007-09-17 00:19:37 0 d-------- C:\1

-- Find3M Report ---------------------------------------------------------------

2007-10-10 19:05:08 0 d-------- C:\Program Files\Windows NT
2007-10-10 15:35:34 0 d-------- C:\Program Files\Hijack This
2007-10-05 23:36:03 0 d-------- C:\Program Files\Java
2007-10-03 11:17:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-24 07:56:10 9 --ah---c- C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2007-09-23 03:53:16 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-09-23 03:40:52 0 d-------- C:\Program Files\Common Files
2007-09-23 03:40:37 0 d-------- C:\Program Files\Sonic
2007-09-23 03:14:18 0 d------c- C:\Documents and Settings\sASSy\Application Data\U3
2007-09-22 10:09:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 07:59:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 20:29:58 0 d-------- C:\Program Files\Common Files\aolshare
2007-09-08 12:34:17 0 d-------- C:\Program Files\AnfyTeam
2007-08-30 17:41:49 1715200 --a------ C:\WINDOWS\Do not touch 2.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2007-08-30 10:14:36 106496 --a------ C:\WINDOWS\b147.exe
2007-08-30 01:18:56 0 d-------- C:\Program Files\FriendFinder
2007-08-21 13:11:41 1978368 --a------ C:\WINDOWS\meB.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2007-08-19 00:23:25 0 d------c- C:\Documents and Settings\sASSy\Application Data\Roxio
2007-08-18 12:27:15 0 d------c- C:\Documents and Settings\sASSy\Application Data\MSN6
2007-08-11 01:51:58 0 d------c- C:\Documents and Settings\sASSy\Application Data\CursorArts
2007-08-11 01:45:58 0 d-------- C:\Program Files\InAlbum Lite Edition
2007-07-31 09:38:45 1244027 --a------ C:\WINDOWS\Cats.scr <Not Verified; Xara Group Ltd.; XaraCube Screen Saver>
2007-07-19 06:10:58 90112 --a------ C:\WINDOWS\b143.exe
2007-07-11 02:29:38 48640 --a------ C:\WINDOWS\b103.exe

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2007-10-11 02:48:26 ------------

noahdfear · 2007/10/11

Hi sassy

Download ComboFix by sUBs from here, saving the file to your Desktop.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

sassy14udd · 2007/10/14

ComboFix 07-10-14.4 - sASSy 2007-10-14 12:39:08.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.351 [GMT -5:00]
Running from: C:\Documents and Settings\sASSy\Desktop\666.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\onoes.exe
C:\Program Files\Common Files\zqmq
C:\Program Files\Common Files\zqmq\zqmqa.lck
C:\Program Files\Common Files\zqmq\zqmqd\class-barrel
C:\Program Files\Common Files\zqmq\zqmqd\vocabulary
C:\Program Files\Common Files\zqmq\zqmqh
C:\Program Files\Common Files\zqmq\zqmql.exe
C:\Program Files\Common Files\zqmq\zqmql.lck
C:\Program Files\Common Files\zqmq\zqmqm.lck
C:\Program Files\Common Files\zqmq\zqmqp.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\stub109_4_0_4_0.exe
C:\Program Files\outlook
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\WINDOWS\b.exe
C:\WINDOWS\b103.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gklyaywk.ini
C:\WINDOWS\system32\gurcynid.exe
C:\WINDOWS\system32\kwyaylkg.dll
C:\WINDOWS\system32\mviqbfhw.ini
C:\WINDOWS\system32\nuemvxxt.exe
C:\WINDOWS\system32\whfbqivm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 12:44 24,064 --a------ C:\WINDOWS\system32\wdmfmc32.dll
2007-10-14 12:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-12 11:28 <DIR> d-------- C:\WINDOWS\oldboots
2007-10-12 10:32 1,309,503 --a------ C:\WINDOWS\island_dawn.scr
2007-10-11 02:48 <DIR> d-------- C:\Deckard
2007-10-11 02:44 <DIR> d-------- C:\Deckard2
2007-10-10 23:40 <DIR> d-------- C:\Program Files\Adsen Thumbnailer
2007-10-10 16:22 <DIR> d-------- C:\Deckard1
2007-10-10 11:02 <DIR> d-------- C:\Program Files\Microsoft Works2
2007-10-10 11:00 <DIR> d-------- C:\Program Files\New Folder (3)
2007-10-10 11:00 <DIR> d-------- C:\Program Files\Microsoft Office2
2007-10-10 10:59 <DIR> d-------- C:\Program Files\New Folder (2)
2007-10-10 10:59 <DIR> d-------- C:\Program Files\New Folder
2007-10-10 05:52 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-09 12:57 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 08:37 <DIR> d-------- C:\Program Files\NetZero
2007-10-08 08:37 <DIR> d-------- C:\NetZeroInstaller
2007-10-08 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2007-10-01 04:04 <DIR> d----c--- C:\Documents and Settings\sASSy\.limewire
2007-09-25 04:26 <DIR> d-------- C:\Program Files\Amara - Menu Builder
2007-09-25 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-24 07:56 9 --ah-c--- C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2007-09-24 07:53 <DIR> d-------- C:\Program Files\E-Mage for Web
2007-09-24 06:16 <DIR> d-------- C:\Program Files\Bradbury
2007-09-24 06:16 92,672 --a------ C:\WINDOWS\unlite3.exe
2007-09-23 23:53 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-23 23:38 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Talkback
2007-09-23 15:43 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-23 15:24 <DIR> d-------- C:\VundoFix Backups
2007-09-23 03:53 <DIR> d-------- C:\Program Files\Roxio
2007-09-23 03:47 <DIR> d-------- C:\WINDOWS\Windowsnew
2007-09-22 18:12 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\LimeWire
2007-09-22 10:09 <DIR> d-------- C:\Program Files\YouSendIt
2007-09-18 10:37 75,384 --a------ C:\WINDOWS\TrueInstall.exe
2007-09-18 08:02 81,910 --a------ C:\WINDOWS\b128.exe.bin
2007-09-17 14:09 <DIR> d--hsc--- C:\Documents and Settings\sASSy\Complete
2007-09-17 05:56 24,573 --a------ C:\WINDOWS\b122.exe.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 17:44 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-14 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-12 15:53 1,118,905 ----a-w C:\WINDOWS\affies.scr
2007-10-10 20:35 --------- d-----w C:\Program Files\Hijack This
2007-10-06 04:36 --------- d-----w C:\Program Files\Java
2007-10-03 16:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-09-23 08:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-09-23 08:40 --------- d-----w C:\Program Files\Sonic
2007-09-23 08:14 --------- dc----w C:\Documents and Settings\sASSy\Application Data\U3
2007-09-22 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-20 18:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-20 12:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 01:29 --------- d-----w C:\Program Files\Common Files\aolshare
2007-09-13 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-08 17:34 --------- d-----w C:\Program Files\AnfyTeam
2007-08-30 22:41 1,715,200 ----a-w C:\WINDOWS\Do not touch 2.scr
2007-08-30 06:18 --------- d-----w C:\Program Files\FriendFinder
2007-08-21 18:11 1,978,368 ----a-w C:\WINDOWS\meB.scr
2007-08-19 05:23 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Roxio
2007-08-18 17:27 --------- dc----w C:\Documents and Settings\sASSy\Application Data\MSN6
2007-07-31 14:38 1,244,027 ----a-w C:\WINDOWS\Cats.scr
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-10-04 03:54 612,352 ------w C:\Program Files\posteriza.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12:00 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13:58 87,040 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27:00 442,880 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 01:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility "= "Logi_MwX.Exe" [2003-11-07 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"lxcgmon.exe "= "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 18:24]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RoxioDragToDisc "= "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 00:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 10:09]
"NetZero_uoltray "= "C:\Program Files\NetZero\exec.exe" [2007-09-26 13:14]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 Tablet2k;Serial Tablet Port Driver; "C:\WINDOWS\System32\Drivers\Tablet2k.sys "
S3 TClass2k;Tablet Class Driver;C:\WINDOWS\system32\DRIVERS\TClass2k.sys
S3 UCTblHid;HID Tablet Port Driver;C:\WINDOWS\system32\DRIVERS\UCTblHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be3e561-deee-11db-b772-00038a000015}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9984a458-4be8-11dc-9197-00038a000015}]
AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2007-10-14 12:46:09 - machine was rebooted
.
--- E O F ---

also ran CC Cleaner

what does it mean it can't FIND C:\...disk is not there.....thats wild...n scary
Also came up on the blue screen sed: cant read raw systems data something like that i didnt write fast enuff
few other things i have noticed...
no task manager, tried an abundance of different ways
when i try run cmd it says it is in use by another person....
it tried to do it to your program, so i rebooted n safe mode and ran it, hope thats ok
i have beenn lately having to install new programs that way
having trouble downloading files alos, only with a file box tho, images are fine

noahdfear · 2007/10/14

Please delete the ComboFix.exe you currently have and download a fresh copy from here. Save it to your desktop. Highlight and copy the bolded command below.

"%userprofile%\desktop\combofix.exe" /killall

Close ALL open windows and programs. Click Start>Run and paste the command, then hit Enter.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix will run and may reboot your computer. When it completes, a log will open. Please post that log and a new HijackThis log.

Please let me know if ComboFix will not run in normal mode, and exactly what happens when attempted. Do not run it in safe mode again.

sassy14udd · 2007/10/15

ok i am sorry
did i ***** something up?
downloading now
I downloaded the 1st time from your link...that wasnt the newest?
lol
am worried now...I know how to reformat...should i just do that? Dont want to tho, but hell if its nasty then lol ***** it...it keeps comming back it seems when i get rid of it and I am on dialup how does it find me if i have a different address every time?

sassy14udd · 2007/10/15

ComboFix 07-10-14.5 - sASSy 2007-10-15 8:36:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.193 [GMT -5:00]
Running from: C:\Documents and Settings\sASSy\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 12:44 24,064 --a------ C:\WINDOWS\system32\wdmfmc32.dll
2007-10-14 12:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-12 11:28 <DIR> d-------- C:\WINDOWS\oldboots
2007-10-12 10:32 1,309,503 --a------ C:\WINDOWS\island_dawn.scr
2007-10-11 02:48 <DIR> d-------- C:\Deckard
2007-10-11 02:44 <DIR> d-------- C:\Deckard2
2007-10-10 23:40 <DIR> d-------- C:\Program Files\Adsen Thumbnailer
2007-10-10 16:22 <DIR> d-------- C:\Deckard1
2007-10-10 11:02 <DIR> d-------- C:\Program Files\Microsoft Works2
2007-10-10 11:00 <DIR> d-------- C:\Program Files\New Folder (3)
2007-10-10 11:00 <DIR> d-------- C:\Program Files\Microsoft Office2
2007-10-10 10:59 <DIR> d-------- C:\Program Files\New Folder (2)
2007-10-10 10:59 <DIR> d-------- C:\Program Files\New Folder
2007-10-10 05:52 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-09 12:57 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 08:37 <DIR> d-------- C:\Program Files\NetZero
2007-10-08 08:37 <DIR> d-------- C:\NetZeroInstaller
2007-10-08 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2007-10-01 04:04 <DIR> d----c--- C:\Documents and Settings\sASSy\.limewire
2007-09-25 04:26 <DIR> d-------- C:\Program Files\Amara - Menu Builder
2007-09-25 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-24 07:56 9 --ah-c--- C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2007-09-24 07:53 <DIR> d-------- C:\Program Files\E-Mage for Web
2007-09-24 06:16 <DIR> d-------- C:\Program Files\Bradbury
2007-09-24 06:16 92,672 --a------ C:\WINDOWS\unlite3.exe
2007-09-23 23:53 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-23 23:38 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Talkback
2007-09-23 15:43 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-23 15:24 <DIR> d-------- C:\VundoFix Backups
2007-09-23 03:53 <DIR> d-------- C:\Program Files\Roxio
2007-09-23 03:47 <DIR> d-------- C:\WINDOWS\Windowsnew
2007-09-22 18:12 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\LimeWire
2007-09-22 10:09 <DIR> d-------- C:\Program Files\YouSendIt
2007-09-18 10:37 75,384 --a------ C:\WINDOWS\TrueInstall.exe
2007-09-18 08:02 81,910 --a------ C:\WINDOWS\b128.exe.bin
2007-09-17 14:09 <DIR> d--hsc--- C:\Documents and Settings\sASSy\Complete
2007-09-17 05:56 24,573 --a------ C:\WINDOWS\b122.exe.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-14 21:44 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-12 15:53 1,118,905 ----a-w C:\WINDOWS\affies.scr
2007-10-10 20:35 --------- d-----w C:\Program Files\Hijack This
2007-10-06 04:36 --------- d-----w C:\Program Files\Java
2007-10-03 16:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-09-23 08:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-09-23 08:40 --------- d-----w C:\Program Files\Sonic
2007-09-23 08:14 --------- dc----w C:\Documents and Settings\sASSy\Application Data\U3
2007-09-22 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-20 18:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-20 12:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 01:29 --------- d-----w C:\Program Files\Common Files\aolshare
2007-09-13 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-08 17:34 --------- d-----w C:\Program Files\AnfyTeam
2007-08-30 22:41 1,715,200 ----a-w C:\WINDOWS\Do not touch 2.scr
2007-08-30 06:18 --------- d-----w C:\Program Files\FriendFinder
2007-08-21 18:11 1,978,368 ----a-w C:\WINDOWS\meB.scr
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 05:23 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Roxio
2007-08-18 17:27 --------- dc----w C:\Documents and Settings\sASSy\Application Data\MSN6
2007-07-31 14:38 1,244,027 ----a-w C:\WINDOWS\Cats.scr
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-10-04 03:54 612,352 ------w C:\Program Files\posteriza.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12:00 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13:58 87,040 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27:00 442,880 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 01:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_12.45.19.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-14 19:09:15 21,016 ----a-w C:\WINDOWS\TEMP\winlkeqbj.exe
+ 2007-10-14 23:46:52 184,345 ----a-w C:\WINDOWS\TEMP\winptrwr.exe
+ 2007-10-14 19:09:08 184,345 ----a-w C:\WINDOWS\TEMP\winsyqh.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility "= "Logi_MwX.Exe" [2003-11-07 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"lxcgmon.exe "= "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 18:24]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RoxioDragToDisc "= "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 00:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 10:09]
"NetZero_uoltray "= "C:\Program Files\NetZero\exec.exe" [2007-09-26 13:14]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 Tablet2k;Serial Tablet Port Driver; "C:\WINDOWS\System32\Drivers\Tablet2k.sys "
S3 TClass2k;Tablet Class Driver;C:\WINDOWS\system32\DRIVERS\TClass2k.sys
S3 UCTblHid;HID Tablet Port Driver;C:\WINDOWS\system32\DRIVERS\UCTblHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be3e561-deee-11db-b772-00038a000015}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9984a458-4be8-11dc-9197-00038a000015}]
AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2007-10-15 8:38:33
C:\ComboFix1.txt ... 2007-10-15 08:27
C:\ComboFix2.txt ... 2007-10-14 12:46
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:57 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\TEMP\winsyqh.exe
C:\WINDOWS\TEMP\winlkeqbj.exe
C:\WINDOWS\TEMP\winptrwr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sASSy\My Documents\DL\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{517AF652-4AD0-41BC-96F8-694EC8C3C18B}: NameServer = 151.164.1.8 206.13.28.12
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 5470 bytes

sassy14udd · 2007/10/15

didnt know if i had told u that I also now have 2 C:\WINDOWS files....one is n blue
neither appear to me to have "enough" files in them....

noahdfear · 2007/10/15

You actually have 2 folders named Windows located in the root of C: ? If so, please copy the bolded command below to a blank notepad.

dir /a h /s >>ckwin.txt

Now close it and save it to your desktop as;

Filename: dir.bat
Save As Type: All Files (*.*)

Now right click that bat file and select Copy. Open each of the C:\Windows folders and right click>Paste. Delete the copy on your desktop.

Double click the bat file in each Windows folder to run it. It will create a text file in each folder named ckwin.txt Rename one of them to ckwin1.txt, then upload both of those to my submission channel. Leave a link back to this topic.

Then, please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Select the appropriate Yes or No to receiving marketing information

Click the Free Online Scan button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HJT log.

noahdfear · 2007/10/17

My apologies ........ I missed a character in the dir.bat files. Please right click each one and select Edit to open them in notepad. Change this line;

dir /a h /s >>ckwin.txt

to this;

dir * /a h /s >>ckwin.txt

then close and save the changes. Now run them each again and upload the ckwin.txt files as before.

Thanks!

Did you do a re-install of Windows at any time?

sassy14udd · 2007/10/18

i tried to do a repair a couple of times but it said i had a newer version installed yada yada yada...it never would do it... wont let me do a scannow either, cuz it asks for the disk and I have tried ALL the xp pro disks I have!!! lol4 to b exact and none seem to b the one it wants...lol

btw...am running the Panda deal now....and a GR8 BIG TYVM!!!!
already found and disinfected like 44 viruses...O M G
I so bad...my poor baby....lol
says so far a dialer too and only 1 spyware...
wow...have I been lax or what....
& I tell everybody I tweak my s**t...lol
will post logs asap

sassy14udd · 2007/10/18

i guess the first time i posted this it didnt go...
I am ashamed to post it but here goes....
my poor baby....

well that was twice...
its to friggin long it wont post....omg
over 2400, i cant remember, i lost count....i will go attatch it where u had me do the other bat file...

sassy14udd · 2007/10/18

omg...
TY S VM 4 all of your help sir....
But I can see I have friggin what 6 rootkits? Thats what it was last time I chkd...omg I didnt chk the 2 it didnt get either, there were 2 "viruses" that it didnt take care of....W32 Sality.S and a TRJ/downloader MDW
Iam thinking I am
DING DONG
REFORMAT
i feel so stupid
will wait till u confirm....lol that i need to reformat not the latter....lol

noahdfear · 2007/10/18

You can either split the Panda report up into 2 or more posts or upload it to my submission channel. I won't be able to check it until this evening.

Hang in there for now. We have tools for most rootkit removal.

sassy14udd · 2007/10/18

k
hangin
already uploaded
........sigh

noahdfear · 2007/10/18

Couple of nasty viruses there that attempt to infect every exe file on the drive. Lets run another online scn to make sure it's gone. Click the eTrust online Virus Scan link in my signature. You may be prompted to install an ActiveX control which you need to allow. Wait for the signature files to be fully loaded, then check the box in the window next to My Computer and click Start. Once the scan has completed, if any files are found infected, it will list the results below. Make sure the box next to each infected file is checked, then click Cure Files. It will then show the current status of each infected file as cured or cannot be cured. Highlight and copy those results then save them to notepad and post it here.

Appears that you can also delete the C:\WINDOWS.0 folder. It appears to be from a failed parallel installation (re-install Windows to a new Windows folder) dated 06/10/2007

Log in or Sign up

"Malicious Software was detected"

sassy14udd Inactive Thread Starter

sultan_emerr Banned

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

"Malicious Software was detected"

sassy14udd Inactive Thread Starter

sultan_emerr Banned

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

sassy14udd Inactive Thread Starter

noahdfear Inactive

sassy14udd Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches