my sound drives corrupted with trojan

see this hijack this log
Running processes:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:47 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\ThreatFire\TFService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BitComet\BitComet.exe
D:\Documents and Settings\compaq\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E605CCD5-A409-4DC6-ADEA-3FC116791295}: NameServer = 61.1.96.69,61.1.96.71
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: rpcc - D:\WINDOWS\
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FFI - Unknown owner - D:\WINDOWS\system32\ffi.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/compaq/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 7837 bytes

 

Hi kush0

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Please post the SDFix log and the dss main.txt log.

Thanks
Geri

 

sdfix log

SDFix: Version 1.118

Run by Administrator on Sat 12/15/2007 at 08:09 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

D:\WINDOWS
No streams found.

D:\WINDOWS\system32
No streams found.

D:\WINDOWS\system32\svchost.exe
No streams found.

D:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 20:21:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe "= "D:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh "
"D:\\WINDOWS\\system32\\svchost.exe "= "D:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 18 Jan 2007 8 ...H. --- "D:\WINDOWS\map.sys "
Sat 21 Oct 2006 72,192 ..SHR --- "D:\Program Files\Personal Chess Trainer\Setup.exe "
Sun 19 Jun 2005 192,512 A..H. --- "D:\Program Files\MP3 Recorder\Recordmix.exe "
Thu 3 May 2007 4,348 A.SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak "

Finished!

 

main.txt

Deckard's System Scanner v20071014.68
Run by compaq on 2007-12-15 20:31:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as compaq.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:57 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\ThreatFire\TFService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\compaq\Desktop\dss.exe
D:\DOCUME~1\compaq\Desktop\compaq.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E605CCD5-A409-4DC6-ADEA-3FC116791295}: NameServer = 61.1.96.69,61.1.96.71
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FFI - Unknown owner - D:\WINDOWS\system32\ffi.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/compaq/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 7888 bytes

-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-15 20:08:43 0 d-------- D:\WINDOWS\ERUNT
2007-12-15 20:07:32 0 dr------- D:\Documents and Settings\Administrator\Favorites
2007-12-15 20:07:32 0 d-------- D:\Documents and Settings\Administrator\Desktop
2007-12-15 20:07:03 0 d-------- D:\WINDOWS\CSC
2007-12-14 07:29:28 233472 --a------ D:\WINDOWS\system32\cmirmdrv.exe <Not Verified; ; CmiRemoveDriver Application>
2007-12-14 07:29:13 258048 --a------ D:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-12-14 07:29:12 212992 --a------ D:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-12-14 07:29:12 28672 --a------ D:\WINDOWS\CMIRmDriver.dll
2007-12-14 07:29:12 0 d-------- D:\Program Files\C-Media 3D Audio
2007-12-14 07:02:06 2560 --a------ D:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-14 06:33:49 0 d-------- D:\WINDOWS\Drivers
2007-12-14 06:32:24 106496 --a------ D:\WINDOWS\SiSUSBrg.exe <Not Verified; Silicon Integrated Systems Corp.; SiS SiSUSBrg>
2007-12-14 06:32:01 0 d-------- D:\Documents and Settings\compaq\WINDOWS
2007-12-14 06:29:05 44 --a------ D:\WINDOWS\system32\msssc.dll
2007-12-13 17:33:46 23600 --a------ D:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-12-13 16:50:54 0 dr-h----- D:\Documents and Settings\compaq\Recent
2007-12-12 22:15:47 0 d-------- D:\Documents and Settings\LocalService\Start Menu
2007-12-12 22:11:17 0 d-------- D:\Documents and Settings\compaq\Application Data\Comodo
2007-12-12 22:11:13 0 d-------- D:\Documents and Settings\All Users\Application Data\comodo
2007-12-12 22:11:11 0 d-------- D:\Program Files\COMODO
2007-12-12 21:40:42 0 d-------- D:\Program Files\ThreatFire
2007-12-12 21:40:42 0 d-------- D:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-12 21:31:21 0 d-------- D:\Program Files\MegauploadToolbar
2007-12-12 21:31:20 0 d-------- D:\Documents and Settings\compaq\Application Data\MegauploadToolbar
2007-12-12 19:34:01 0 d-------- D:\Program Files\Sunbelt Software
2007-12-12 11:54:14 0 d-------- D:\WINDOWS\vbSkinner
2007-12-11 23:43:11 0 d-------- D:\Documents and Settings\compaq\Application Data\DivX
2007-12-10 22:28:55 0 d-------- D:\Program Files\Common Files\Ceres Software Corporation
2007-12-10 11:01:30 0 d-------- D:\Program Files\Torrent Harvester
2007-12-06 17:46:24 0 d--hs---- D:\FOUND.026
2007-12-05 23:58:06 0 d-------- D:\Documents and Settings\compaq\Application Data\Orbit
2007-12-04 17:46:51 425984 --a------ D:\WINDOWS\system32\xvid.dll
2007-12-04 17:46:51 413760 --a------ D:\WINDOWS\system32\MPG4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2007-12-03 09:39:51 51712 --a------ D:\WINDOWS\system32\e404d.dll <Not Verified; Melkosoft Corporation; avp>
2007-11-25 18:19:00 0 d--hs---- D:\FOUND.025
2007-11-16 17:11:57 0 d-------- D:\Program Files\Pointstone


-- Find3M Report ---------------------------------------------------------------

2007-12-07 22:33:26 17352 --a------ D:\Documents and Settings\compaq\Application Data\GDIPFONTCACHEV1.DAT
2007-11-11 22:29:34 20480 --a------ D:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-07 19:00:46 0 d-------- D:\Program Files\XP Repair Pro 2007
2007-11-06 17:19:20 0 d-------- D:\Program Files\Cool Record Edit Pro
2007-11-05 12:22:08 0 d-------- D:\Program Files\HEAT
2007-11-03 16:53:26 0 --a------ D:\WINDOWS\system32\Infob.dat
2007-11-03 16:53:26 0 --a------ D:\WINDOWS\system32\Infoa.dat
2007-11-02 18:29:42 305 --a------ D:\WINDOWS\system32\treeinfo.dat
2007-11-02 18:15:58 0 d-------- D:\Program Files\Total Video Converter
2007-10-28 15:14:22 3584 --a------ D:\WINDOWS\system32\SKELETON.DLL
2007-10-28 15:14:22 36864 --a------ D:\WINDOWS\system32\Skel32.dll
2007-10-28 15:14:16 0 d-------- D:\Documents and Settings\compaq\Application Data\FarStone
2007-10-28 15:13:12 0 d-------- D:\Program Files\FarStone
2007-10-28 15:13:00 5501 --a------ D:\WINDOWS\system32\rtclcmg32.dll
2007-10-28 15:02:12 17 --a------ D:\WINDOWS\popcinfo.dat
2007-10-23 20:23:10 0 d-------- D:\Program Files\MP3 Recorder
2007-10-23 20:23:04 0 d-------- D:\Program Files\Guitartab.co.uk MP3 Recorder
2007-10-23 16:17:02 0 d-------- D:\Program Files\RapidLeecher Ultimate 2007
2007-10-15 11:34:46 0 d-------- D:\Program Files\XP Codec Pack
2007-10-09 16:45:30 51200 --a------ D:\WINDOWS\system32\ffi.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter "= "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter /s" []
"avast! "= "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:30 PM]
"ThreatFire "= "D:\Program Files\ThreatFire\TFTray.exe" [11/12/2007 05:24 PM]
"COMODO Firewall Pro "= "D:\Program Files\COMODO\Firewall\cfp.exe" [12/13/2007 11:07 AM]
"SiSUSBRG "= "D:\WINDOWS\SiSUSBrg.exe" [07/12/2002 03:45 PM]
"SoundMan "= "SOUNDMAN.EXE" [08/15/2003 01:04 PM D:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "D:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo "=0 (0x0)
"NoResolveSearch "=1 (0x1)
"NoChangeAnimation "=0 (0x0)
"NoStrCmpLogical "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock "=0 (0x0)
"NoManageMyComputerVerb "=0 (0x0)
"NoLowDiskSpaceChecks "=0 (0x0)
"NoStartMenuPinnedList "=0 (0x0)
"NoStartMenuMFUprogramsList "=0 (0x0)
"NoUserNameInStartMenu "=0 (0x0)
"StartmenuLogoff "=0 (0x0)
"NoStartMenuSubFolders "=0 (0x0)
"NoCommonGroups "=0 (0x0)
"NoRecentDocsMenu "=0 (0x0)
"ClearRecentDocsOnExit "=0 (0x0)
"NoPrinterTabs "=0 (0x0)
"NoDeletePrinter "=0 (0x0)
"NoAddPrinter "=0 (0x0)
"NoPrinters "=0 (0x0)
"NoNetworkConnections "=0 (0x0)
"NoFavoritesMenu "=0 (0x0)
"NoSMHelp "=0 (0x0)
"NoChangeStartMenu "=0 (0x0)
"NoFileMenu "=0 (0x0)
"NoShellSearchButton "=0 (0x0)
"NoToolbarCustomize "=0 (0x0)
"NoRecentDocsNetHood "=0 (0x0)
"NoChangeAnimation "=0 (0x0)
"NoChangeKeyboardNavigationIndicators "=0 (0x0)
"LinkResolveIgnoreLinkInfo "=0 (0x0)
"MemCheckBoxInRunDlg "=0 (0x0)
"NoStrCmpLogical "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper "= {ca975cbe-6aba-4269-aa99-907eafaa7e00} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\System Safety Monitor]
SSMWinlogonEx.dll 01/22/2007 10:22 PM 51152 D:\WINDOWS\system32\SSMWinlogonEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32]
winxtx32.dll 03/04/2007 06:35 PM 20992 D:\WINDOWS\system32\winxtx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= D:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS "= "D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"vcdplayx "= "D:\WINDOWS\vcdplayx.exe "
"SunJavaUpdateSched "=D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"Adobe Reader Speed Launcher "= "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"SiS Windows KeyHook "=D:\WINDOWS\system32\keyhook.exe
"SoundMan "=SOUNDMAN.EXE
"ATICCC "= "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"ShaPlus Bandwidth Meter "= "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
"VirtualDrive "= "D:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2007-12-15 20:33:30 ------------

 

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:03 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\ThreatFire\TFService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\notepad.exe
D:\Documents and Settings\compaq\Desktop\compaq.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E605CCD5-A409-4DC6-ADEA-3FC116791295}: NameServer = 61.1.96.69,61.1.96.71
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FFI - Unknown owner - D:\WINDOWS\system32\ffi.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/compaq/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 7876 bytes

 

Hi kush0

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - e404d.dll (file missing)
O23 - Service: FFI - Unknown owner - D:\WINDOWS\system32\ffi.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.


Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

D:\WINDOWS\SYSTEM32\winxtx32.dll
D:\WINDOWS\system32\ffi.exe
C:\WINDOWS\system32\blank.htm

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


After that, Reboot.

Please scan these files and post the results.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into*the * "File to upload & scan "box on the top of the page one at a time:
  
  • D:\WINDOWS\system32\Infob.dat
    D:\WINDOWS\system32\treeinfo.dat
    D:\WINDOWS\system32\rtclcmg32.dll
    D:\WINDOWS\popcinfo.dat
• Click on the submit button
  
• Please post the results in your next reply.

Please post the jotti results and a new HJT log.

Thanks
Geri

 

treebat scan
Scan taken on 18 Dec 2007 12:41:13 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

unable to load infob .dat o bytes file
unable to delete winxtx32.dll

file of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:20 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\ThreatFire\TFService.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Pointstone\MemOptimizer 3\MemOptimizer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\compaq\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Media Codec Update Service] D:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E605CCD5-A409-4DC6-ADEA-3FC116791295}: NameServer = 61.1.96.69,61.1.96.71
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/compaq/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 7675 bytes

 

Hi kush0

Download
OTMoveIt by OldTimer to your Desktop.

• Double click OTMoveIt.exe to launch it.
• Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: E404Helper - {ca975cbe-6aba-4269-aa99-907eafaa7e00} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

After that, Reboot.

Please post a New HJT Log into this Thread.

Thanks
Geri

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:45 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAP\DAP.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\compaq\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] D:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Media Codec Update Service] D:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E605CCD5-A409-4DC6-ADEA-3FC116791295}: NameServer = 61.1.96.69,61.1.96.71
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: winxtx32 - D:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/compaq/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 7158 bytes

NOW HOW I CAN GET MY SOUND BACK 2 WEEKS WITHOUT SOUND SIR!

 

kush0

First off, Yelling will get you no where.
I, like every other person here volunteer my/our time. I have a real job that I work 9 to 10 hours a day, plus a real life that also needs attention. We try to help out when we can as best we can.
I did not infect your system, though I will try to help clean it.
Your first post here was on the 14th, today is the 20th that adds up to 6 days, not two weeks.

If you would like my help, then refrain yourself from yelling or any other type of rude actions. or go to another board somewhere.

Now if you would like to continue then do this.

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the log.
Geri