TheTechGuide Forum
General Category => Tech Clinic => Topic started by: JB6 on April 21, 2008, 08:19:38 PM
-
I did a virus scan with Ad-Aware on my computer and then restarted it. When i got into windows all my icons showed up and everything seemed normal. Then all of a sudden my icons dissapeared, my taskbar dissapeared, and all i could see was my wallpaper. This keeps happening like a 5 second cycle. I barley have enough time to click on mozilla to get on. Please help me out!!!! This is no fun at all.
-
Here is my Hi-jack this log btw...
Logfile of HijackThis v1.99.1
Scan saved at 9:46:00 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
-
You posted with an outdated Hijackthis log
Delete your copy
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum
Also, did your problems start After you ran Ad-Aware?
If so, can you enter the Quarantine area and restore all objects, then reboot the computer
Can you use System Restore and restore to a point before this all started happening?
-
Ok here is my new Hijack This log with v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:45 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 5645 bytes
I went into my ad-aware and there is nothing in quarentine. I deleted all the objects ad-aware found. It didnt find anything critical I was just doing a routine scan. Right now it is cycling every 5 seconds. My icons dissapear as well as the task bar. Very annoying. I really appriciate you helping.
-
Let's see if you can run this tool
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt
-
Ok I was able to do it. Here ya go...
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 23:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
53: 2008-04-22 03:21:53 UTC - RP773 - Deckard's System Scanner Restore Point
52: 2008-04-22 01:34:04 UTC - RP772 - Restore Operation
51: 2008-04-22 00:14:28 UTC - RP771 - Last known good configuration
50: 2008-04-22 00:14:18 UTC - RP770 - System Checkpoint
49: 2008-04-22 00:14:16 UTC - RP769 - System Checkpoint
-- First Restore Point --
1: 2008-04-22 00:14:04 UTC - RP721 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:10 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\tuvUkKbB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9FC835BF-C7A6-4A98-8F2E-AEB36109E4B9} - C:\WINDOWS\system32\byXRjjgh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O20 - Winlogon Notify: tuvUkKbB - C:\WINDOWS\SYSTEM32\tuvUkKbB.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6300 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/color]
[color=\"red\"].cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153[/color]
[color=\"red\"].hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23[/color]
[color=\"red\"].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/color]
[color=\"red\"].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/color]
[color=\"red\"].js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3[/color]
[color=\"red\"].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/color]
[color=\"red\"].txt - txtfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,70[/color]
[color=\"red\"].vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
S1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\owner\desktop\vcdrom.sys (file missing)
S2 RVIEG01 (VSC Engine) - c:\program files\cakewalk\shared dxi\roland\rvieg01.sys (file missing)
S3 CA561 (ICatch VI PC CAMERA) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 RpcxSs (Remote Procedure Call (RPC) Extensions) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service: bcm4sbxp
-- Scheduled Tasks -------------------------------------------------------------
2008-04-21 23:07:31 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-04-21 23:07:31 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-17 09:06:38 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-04-15 18:57:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-10-08 18:57:16 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-09-23 19:47:53 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
-- Files created between 2008-03-21 and 2008-04-21 -----------------------------
2008-04-21 22:58:08 0 d-------- C:\Program Files\Trend Micro
2008-04-21 20:49:22 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13:53 101473 --ahs---- C:\WINDOWS\system32\hgjjRXyb.ini2
2008-04-21 20:13:48 272896 --a------ C:\WINDOWS\system32\byXRjjgh.dll
2008-04-21 20:10:51 38400 --a------ C:\WINDOWS\system32\awturrpq.dll
2008-04-21 20:08:58 0 d-------- C:\Program Files\Stardock
2008-04-21 20:08:43 38400 --a------ C:\WINDOWS\system32\tuvUkKbB.dll
2008-04-21 18:30:21 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-21 18:30:07 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-21 18:30:07 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-21 18:30:07 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-21 18:30:07 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-21 18:30:06 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-21 18:30:05 1645320 --a------ C:\WINDOWS\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 00:09:48 0 d-------- C:\Documents and Settings\Owner\Application Data\ShoppingReport
2008-03-29 00:09:47 0 d-------- C:\Program Files\ShoppingReport
-- Find3M Report ---------------------------------------------------------------
2008-04-21 20:36:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 18:33:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 18:33:25 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-04-21 18:32:36 33 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-04-21 18:32:35 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-04-21 18:32:35 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-04-21 18:30:02 0 d-------- C:\Program Files\vso
2008-04-20 13:18:05 0 d--h----- C:\Program Files\PF
2008-04-19 20:06:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-19 19:32:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-19 16:17:11 0 d-------- C:\Program Files\Azureus
2008-04-11 21:20:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 19:55:25 0 d-------- C:\Program Files\TVAnts
2008-03-23 10:44:55 41 --a------ C:\WINDOWS\popcinfo.dat
2008-02-22 20:07:42 0 d-------- C:\Program Files\TVUPlayer
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 08:13 AM 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
04/21/2008 08:08 PM 38400 --a------ C:\WINDOWS\system32\tuvUkKbB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FC835BF-C7A6-4A98-8F2E-AEB36109E4B9}]
04/21/2008 08:13 PM 272896 --a------ C:\WINDOWS\system32\byXRjjgh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 11:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 11:44 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2006 05:34 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/22/2005 11:37:41 PM]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [1/12/2008 11:13:49 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/26/2006 2:43:45 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\tuvUkKbB.dll [04/21/2008 08:08 PM 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUkKbB]
tuvUkKbB.dll 04/21/2008 08:08 PM 38400 C:\WINDOWS\system32\tuvUkKbB.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXRjjgh
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RpcxSs
-- End of Deckard's System Scanner: finished at 2008-04-21 23:24:29 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.20GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 766.48 MiB / 490.45 MiB
Pagefile Memory (total/avail): 1108.57 MiB / 825.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.1 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 55.87 GiB total, 32.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.87 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: avast! antivirus 4.8.1169 [VPS 080421-1] v4.8.1169 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\bot.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\bot.exe:*:Enabled:Windows Update"
"C:\\WINDOWS\\bxproxy.exe"="C:\\WINDOWS\\bxproxy.exe:*:Enabled:Windows Update"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe"="C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\MaxTV Online\\maxtv.exe"="C:\\Program Files\\MaxTV Online\\maxtv.exe:*:Enabled:maxtv"
"C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe"="C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe:*:Enabled:Streamer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Z-Net mIRC\\mirc.exe"="C:\\Program Files\\Z-Net mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Setup.exe"="D:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OBESE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OBESE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=OBESE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BitPim 1.0.3.20071126 --> "C:\Program Files\BitPim\unins000.exe"
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConvertXtoDVD 3.0.0.7 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EZ AVI TO WMV Converter 3.00 --> "C:\Program Files\ezvideotools.com\EZ AVI TO WMV Converter\unins000.exe"
FairStars Audio Converter 1.52 --> "C:\Program Files\FairStars Audio Converter\unins000.exe"
FriendBlasterPro --> "C:\Program Files\FriendBlasterPro\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Download Accelerator version 5.0.5 --> "C:\Program Files\IDA\unins000.exe"
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel Quest 2 (remove only) --> "C:\Program Files\iWin.com Games\Jewel Quest 2\Uninstall.exe"
K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire PRO 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.35 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
UUSee ÃøÂçµçÊÓ [4.4.0.49] --> C:\Program Files\uusee\uninst.exe
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}\setup.exe" UNINSTALL_XXX
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
-- Application Event Log -------------------------------------------------------
Event Record #/Type327 / Error
Event Submitted/Written: 04/21/2008 08:15:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]
Event Record #/Type321 / Error
Event Submitted/Written: 04/19/2008 09:18:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application tvants.exe, version 1.0.0.59, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [tvants.exe!ws!]
Event Record #/Type318 / Warning
Event Submitted/Written: 04/18/2008 04:50:54 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned
Event Record #/Type317 / Warning
Event Submitted/Written: 04/18/2008 04:50:54 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0
Event Record #/Type316 / Warning
Event Submitted/Written: 04/18/2008 04:50:53 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2139507 / Error
Event Submitted/Written: 04/21/2008 11:01:15 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126
Event Record #/Type2139486 / Error
Event Submitted/Written: 04/21/2008 09:37:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126
Event Record #/Type2139467 / Error
Event Submitted/Written: 04/21/2008 09:34:08 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126
Event Record #/Type2139447 / Error
Event Submitted/Written: 04/21/2008 09:30:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126
Event Record #/Type2139442 / Error
Event Submitted/Written: 04/21/2008 09:28:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-04-21 23:24:29 ------------
-
See if you can do the following
I need you to temporarily disable Avast so it won't interfere with the next step
Right click the Avast icon by the clock and "Stop on access protections"
Ok the prompt
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note: Combofix will disconnect you from the Internet, don't try and reenable connection
When ComboFix is done, you should be reconnected
If not, Reboot the computer please
-
Combofix starts and says it is going to scan my computer. I made sure everything was closed and did not touch it at all with the mouse. It changes my clock and right after it does that it goes to blue screen error. Wow this is frustrating!
-
Can you delete your copy of Combofix
Then redownload it, don't run it yet
Instead
Download this next tool to your desktop:
http://download.bleepingcomputer.com/sUBs/SvcQuery.exe (http://\"http://download.bleepingcomputer.com/sUBs/SvcQuery.exe\")
Doubleclick to run the tool ....
When prompted to enter a service name, enter ....> RpcxSs
When done, it shall present a log depicting the entries of netsvcs before/after.
* Download Reset Associations (http://\"http://djlizard.net/software/reset%20associations.exe\"). (Only XP!)
Save it to your desktop.
Doubleclick Resetassociations.exe and it will create a new folder on your desktop called "reset associations"
Open the folder and doubleclick "reset.cmd"
This should restore all default associations since they are modified.
Reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
In safe mode
Try running combofix again, ensure to follow the prompts
It's important to not use the computer when the scan is running
When done, if it won't reboot
reboot back to Normal Windows
Back in Windows
Run reset.cmd again from the reset associations folder
Come back here and post the log from Combofix>>C:\Combofix.txt
-
Ok I'm about to do the above following but now all of a sudden it stopped trying to log off and things are working just a little slower than they were before. This is really weird. Anyway let me try what you said.
-
Ok now its back to doing the same old logging off crap.
-
Did everything you said. Here is the log.
ComboFix 08-04-20.5 - Owner 2008-04-22 0:43:41.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HFDHPNWQ\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Owner\Application Data\ShoppingReport
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\uusee
C:\Program Files\uusee\AD\1\000\index_new.html
C:\Program Files\uusee\AD\1\000\uue_new.jpg
C:\Program Files\uusee\AD\1\001\index_new.html
C:\Program Files\uusee\AD\1\001\uue_new.jpg
C:\Program Files\uusee\AD\1\cy\cy.html
C:\Program Files\uusee\AD\1\dm\dm.html
C:\Program Files\uusee\AD\1\dsj\dsj.html
C:\Program Files\uusee\AD\1\dst\dst.html
C:\Program Files\uusee\AD\1\dy\dy.html
C:\Program Files\uusee\AD\1\gp\gp.html
C:\Program Files\uusee\AD\1\jk\jk.html
C:\Program Files\uusee\AD\1\ty\ty.html
C:\Program Files\uusee\AD\1\uu\uu.html
C:\Program Files\uusee\AD\1\yl\yl.html
C:\Program Files\uusee\AD\1\yx\yx.html
C:\Program Files\uusee\AD\1\yx\yx1.html
C:\Program Files\uusee\AD\1\zx\zx.html
C:\Program Files\uusee\AD\2\100\index.html
C:\Program Files\uusee\AD\2\200\index.html
C:\Program Files\uusee\AD\2\300\index.html
C:\Program Files\uusee\AD\UUAD_Banner_1.html
C:\Program Files\uusee\AD\UUAD_Banner_3.html
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.jpg
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\ARMP.ocx
C:\Program Files\uusee\ARMPD.dll
C:\Program Files\uusee\check_cmd.exe
C:\Program Files\uusee\flvplayer.swf
C:\Program Files\uusee\in_psp.dll
C:\Program Files\uusee\MultiVMR9.dll
C:\Program Files\uusee\out_mmshttp.dll
C:\Program Files\uusee\rmsp011.ax
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\u264Dec.ax
C:\Program Files\uusee\UFDeMux.ax
C:\Program Files\uusee\uninst.exe
C:\Program Files\uusee\updateC2.ocx
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer.ocx
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\uusee_video.dll
C:\Program Files\uusee\UUSEEAudioDec.ax
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUSEETemp\UUPlayer.dll
C:\Program Files\uusee\UUSEETemp\UUSeePlayer.exe
C:\Program Files\uusee\UUSEETemp\UUUpgrade.ini
C:\Program Files\uusee\UUTV.xml
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\Program Files\uusee\UUUpgrade.exe
C:\Program Files\uusee\UUUpgrade.ini
C:\Program Files\uusee\UUUpgrade.ocx
C:\Program Files\uusee\vermini.ini
C:\Program Files\uusee\vermini_x.ini
C:\Program Files\uusee\vermini_x1.ini
C:\Program Files\uusee\What's new.mht
C:\Program Files\uusee\What's new.txt
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\awturrpq.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\khfGabbX.dll
C:\WINDOWS\system32\tuvUkKbB.dll
C:\WINDOWS\system32\XbbaGfhk.ini
C:\WINDOWS\system32\XbbaGfhk.ini2
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-21 23:21 . 2008-04-21 23:21 <DIR> d-------- C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21 345 --ahs---- C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 20:08 . 2008-04-21 20:08 <DIR> d-------- C:\Program Files\Stardock
2008-04-21 18:30 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32 47,360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 00:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 22:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 22:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30 --------- d-----w C:\Program Files\vso
2008-04-20 17:18 --------- d--h--w C:\Program Files\PF
2008-04-19 20:17 --------- d-----w C:\Program Files\Azureus
2008-04-12 01:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-30 23:55 --------- d-----w C:\Program Files\TVAnts
2008-02-23 00:07 --------- d-----w C:\Program Files\TVUPlayer
2005-06-07 06:45 784 ----a-w C:\Documents and Settings\Owner\Application Data\mpauth.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03 80 --sh--r C:\WINDOWS\system32\114AFAE353.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 17:34 185784]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41 113664]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-12 23:13:49 107520]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-30 12:42 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
--a------ 2006-06-02 10:34 2934784 C:\Program Files\IDA\ida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-25 17:34 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-21 18:51 3481600 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 04:54:22 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-17 13:06:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-15 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-22 04:54:27 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-04-22 00:52:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-04-22 0:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 04:59:07
Pre-Run: 34,677,641,216 bytes free
Post-Run: 34,707,087,360 bytes free
400 --- E O F --- 2008-04-18 20:50:11
-
Just on my way to work, in the meantime can you do the following if possible
Please download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
In addition, can you run a fresh scan with dss.exe from desktop
and post the new log that opens>>Main.txt
-
Ok. After I ran Combofix last night and rebooted and did another reset.cmd everything has been working good. I did what you just told me and here are my logs...
Malwarebytes' Anti-Malware 1.11
Database version: 670
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 90954
Time elapsed: 45 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\khfGabbX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0135720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-22 13:05:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05, on 2008-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
--
End of file - 5680 bytes
-- Files created between 2008-03-22 and 2008-04-22 -----------------------------
2008-04-22 12:16:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 12:15:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 00:59:37 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-04-22 00:42:52 388608 --a------ C:\WINDOWS\system32\CF32578.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 23:41:43 68096 --a------ C:\WINDOWS\zip.exe
2008-04-21 23:41:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-21 23:41:43 80412 --a------ C:\WINDOWS\grep.exe
2008-04-21 23:41:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-21 23:41:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-21 23:41:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-21 23:41:42 98816 --a------ C:\WINDOWS\sed.exe
2008-04-21 23:41:42 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-21 22:58:08 0 d-------- C:\Program Files\Trend Micro
2008-04-21 20:49:22 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:08:58 0 d-------- C:\Program Files\Stardock
2008-04-21 18:30:21 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-21 18:30:07 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-21 18:30:07 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-21 18:30:07 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-21 18:30:07 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-21 18:30:06 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-21 18:30:05 1645320 --a------ C:\WINDOWS\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Find3M Report ---------------------------------------------------------------
2008-04-22 01:09:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 18:33:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 18:33:25 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-04-21 18:32:36 33 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-04-21 18:32:35 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-04-21 18:32:35 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-04-21 18:30:02 0 d-------- C:\Program Files\vso
2008-04-20 13:18:05 0 d--h----- C:\Program Files\PF
2008-04-19 20:06:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-19 19:32:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-19 16:17:11 0 d-------- C:\Program Files\Azureus
2008-04-11 21:20:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 19:55:25 0 d-------- C:\Program Files\TVAnts
2008-03-23 10:44:55 41 --a------ C:\WINDOWS\popcinfo.dat
2008-02-22 20:07:42 0 d-------- C:\Program Files\TVUPlayer
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 17:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-12 23:13:49]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2008-04-22 13:06:23 ------------
-
IDK why but for some reason my computer is going slow now. It's not logging me off anymore but it isnt running nearly as fast as it was this morning. Do you want a new Hijackthis log??
-
Can you try the following
Temporarily disable Avast's protections again
NEXT:
Can you do the following
use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files. - Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:[color=\"#6666CC\"]Extended[/color]
- Scan Options:[color=\"#6666CC\"]Scan Archives[/color]
[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]
- Click OK and, under select a target to scan, select My Computer
When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
Along with the above report Post a fresh hijackthis log
-
OK here is the report and hijackthis log...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 22, 2008 10:41:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/04/2008
Kaspersky Anti-Virus database records: 722306
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 54585
Number of viruses found: 9
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 00:48:42
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-39737d2b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-39737d2b.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-595d018e.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-595d018e.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-52fcc1a5.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-52fcc1a5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-52759e7b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-52759e7b.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-75422158.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-75422158.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6ef4b6f1.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6ef4b6f1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008042220080423\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2997C193-A464-4307-88C9-F9C00083CD16.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awturrpq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr skipped
C:\QooBox\Quarantine\catchme2008-04-22_ 04857.12.zip/tuvUkKbB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr skipped
C:\QooBox\Quarantine\catchme2008-04-22_ 04857.12.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP748\A0133472.exe Infected: not-a-virus:AdTool.Win32.Zango.s skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP767\A0134151.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138852.dll Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138882.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP775\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EF00E8C5-F23E-40D3-8397-19B5393CA6FB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9373.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4fc.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:58 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 5404 bytes
-
Can you do another couple steps, they shouldn't take too long
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
We'll need this later
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
Don't install it yet, instead
Access your Add and Remove programs and remove (Uninstall)
All older versions of Java
This includes:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Don't reboot after all are removed
Instead:
================================
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
====================================
reboot the computer
Take note:
Bootup will be slower after running ATF-Cleaner, as we have cleared the Prefetch folder
Boot time will increase after a couple startups when the Prefetch folder is repopulated
Back in Windows
EDIT>>Added the following
Install the latest version of Java from the installer on the desktop
Delete again your copy of combofix
Redownload it again from my previous link
Temporarily disable AVAST's Realtime protections
Run ComboFix again
Post back the log from Combofix when done and a fresh hiajckths log
-
Here ya go...
ComboFix 08-04-22.1 - Owner 2008-04-22 23:46:59.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.434 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 23:43 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 23:42 . 2008-04-22 23:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 21:24 . 2008-04-22 21:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 21:24 . 2008-04-22 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 17:34 . 2008-04-22 17:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-22 12:16 . 2008-04-22 12:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15 . 2008-04-22 12:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:15 . 2008-04-22 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 23:21 . 2008-04-21 23:21 <DIR> d-------- C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21 345 --ahs---- C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 20:08 . 2008-04-21 20:08 <DIR> d-------- C:\Program Files\Stardock
2008-04-21 18:30 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32 47,360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 03:43 --------- d-----w C:\Program Files\Java
2008-04-23 00:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-04-22 23:22 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9373.sys
2008-04-22 23:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-22 22:49 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Mp3tag
2008-04-22 21:49 --------- d-----w C:\Program Files\Mp3tag
2008-04-22 21:34 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 21:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 22:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30 --------- d-----w C:\Program Files\vso
2008-04-20 17:18 --------- d--h--w C:\Program Files\PF
2008-04-19 20:17 --------- d-----w C:\Program Files\Azureus
2008-04-12 01:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-09 21:07 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-30 23:55 --------- d-----w C:\Program Files\TVAnts
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-23 00:07 --------- d-----w C:\Program Files\TVUPlayer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-06-07 06:45 784 ----a-w C:\Documents and Settings\Owner\Application Data\mpauth.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03 80 --sh--r C:\WINDOWS\system32\114AFAE353.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_23.38.55.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 17:33 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-30 12:42 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
--a------ 2006-06-02 10:34 2934784 C:\Program Files\IDA\ida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-22 17:33 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-21 18:51 3481600 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 03:32:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-17 13:06:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-15 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-23 03:32:36 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-04-22 23:48:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-22 23:50:09
ComboFix-quarantined-files.txt 2008-04-23 03:49:55
ComboFix2.txt 2008-04-23 03:39:30
ComboFix3.txt 2008-04-22 23:34:09
ComboFix4.txt 2008-04-22 04:59:33
Pre-Run: 34,757,521,408 bytes free
Post-Run: 34,747,531,264 bytes free
171 --- E O F --- 2008-04-18 20:50:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:49 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
--
End of file - 5794 bytes
-
Did you just recently install Process Explorer?
Also, can you do the following for me
Please download Rootkit Revealer (http://\"http://www.sysinternals.com/utilities/rootkitrevealer.html\") (link is at the very bottom of the page)
* Unzip it to your desktop.
* Open the rootkitrevealer folder and double-click rootkitrevealer.exe
* Click the Scan button (bottom right)
* When it's done, go up to File > Save. Choose to save it to your desktop.
* Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here.
** NOTE Before performing a scan it is recommended to do the following.
1. Physically unplug the cable from the PC to the internet connection.
2. Close down All Scheduling/Updating + Running Background tasks etc., including AntiVirus
3. Launch and run the program.
4. While it is scanning DO NOT use your computer at ALL until the scan has been completed.
5. Save your Log File, and then Enable those things you closed down, or Reboot, and then Reconnect to the Internet.
Keep me informed how things are running please
-
No I dont know what Process Explorer is. What is that?
-
I dont know why but it wont let me save my log file for rootkit. Its telling me it encountered a problem and needs to close when i click save. Any ideas?
-
Try the following
Download then install AVG Anti-Rootkit Free
http://free.grisoft.com/doc/downloads-prod...s/frt/0?prd=arw (http://\"http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=arw\")
Follow the prompts to restart your pc
Run the program and do an indepth search, when its finished If any items are found press save results and post it in a reply too
-
OK I ran that and it found nothing. I ran in the indepth search like you said. The other program found 32 things. I really wish it would let me save it.
-
Ok, can you do one more step for me
Go to START>RUN>Type in
msconfig
Hit OK
Under the General tab select NORMAL STARTUP
Apply and Close then reboot the computer
Back in Windows
Post a fresh hijackthis log
-
Comp is running very slow. Here is my log after normal startup
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:50 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FMEQYNDLA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\FMEQYNDLA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\KV.exe
O23 - Service: PR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\PR.exe
O23 - Service: WFQUQDWZGTBW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\WFQUQDWZGTBW.exe
O23 - Service: YJAPFK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\YJAPFK.exe
--
End of file - 7331 bytes
-
Can you do the following
Go to START>>RUN>>type in the following in bold
services.msc
Hit OK
On the right hand side look for the Exact service name
FMEQYNDLA
Double click on that service name
STOP the service if running
In the Dropdown box>STARTUP TYPE
Set to DISABLED
Apply and OK it
Do the exact same steps for these service names
KV
PR
WFQUQDWZGTBW
YJAPFK
Reboot the computer afterwards, back in Windows
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to 'Upload a File'
C:\WINDOWS\system32\hgjjRXyb.ini
Then use the SEND FILE button
Let it finish scanning
Could you post back the results of this scan back here please
Or better yet, just link to the results page
also post a fresh hijackthis log, let me know if things are running better
-
Seems to be running the same. Maybe I just have too much crap running? Here's the result...
http://www.virustotal.com/analisis/4367ec9...5feb946dca2c862 (http://\"http://www.virustotal.com/analisis/4367ec9612ad2cc9e5feb946dca2c862\")
Hijackthis Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:08 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6737 bytes
-
Can you try the following
Take a look at the following link to run a Clean boot on your machine
http://support.microsoft.com/kb/310353 (http://\"http://support.microsoft.com/kb/310353\")
Scroll down to the instructions:
Manual steps to perform a clean boot in Windows XP
Follow these steps
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box appears.
Step 2: Configure selective startup options
1. In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.
4. Click to clear the Load Startup Items check box.
5. Click the Services tab.
6. Click to select the Hide All Microsoft Services check box.
7. Click Disable All, and then click OK..
8. When you are prompted, click Restart to restart the computer.
Disconnect the computer from the Internet after you have done the above, as we have disabled your AntiVirus software
See how it runs afterwards
If it runs better, we may be able to track down a problem program slowing the computer
Afterwards:
Go back to msconfig and choose NORMAL STARTUP
Apply and close, reboot again, reconnect to the Internet
-
Hey, just wanted to let you know I have been away for a few weeks. Everything seemed to be running great before I left. When I came home I ran an Ad-aware scan and I got a Trojan called psexesvc and Malware called VirtuMonde. I def. notice its running a little slower. Anything you could do, as always, would be awesome. Here is a fresh log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:28 PM, on 5/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com (http://\"http://espn.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7056 bytes
-
Delete your copy of Combofix, it's outdated
Disable Avast temporarily, right click it's icon by the clock and select
"Stop on access protections"
Redownload
this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note: Combofix will disconnect you from the Internet, don't try and reenable connection
When ComboFix is done, you should be reconnected
If not, Reboot the computer please
Post the log from Combofix
-
Here ya go...
ComboFix 08-05-09.1 - Owner 2008-05-10 18:06:16.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.461 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-09 04:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-09 04:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 14:49 . 2008-05-08 14:49 <DIR> d-------- C:\Program Files\VistaDriveIcon
2008-05-08 14:49 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-08 14:48 . 2008-05-08 14:49 8,294,454 --a------ C:\WINDOWS\startup.bmp
2008-05-08 14:42 . 2008-05-08 14:49 <DIR> d-------- C:\WINDOWS\VistaMizer
2008-05-08 14:13 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-05-08 12:19 . 2008-05-08 12:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-08 12:19 . 2008-05-08 12:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 20:17 . 2008-05-07 20:17 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-04-30 01:22 . 2008-04-30 01:22 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-29 22:56 . 2008-04-30 01:24 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-29 19:19 . 2008-04-29 19:19 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-29 10:33 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-29 10:33 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-23 21:34 . 2008-04-23 21:34 <DIR> d-------- C:\WatchNow
2008-04-23 11:43 . 2008-04-23 11:43 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-23 11:43 . 2008-04-23 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-23 11:40 . 2008-05-09 07:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-23 11:40 . 2008-04-23 11:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 09:17 . 2008-04-23 09:18 <DIR> d-------- C:\Program Files\QuickTime
2008-04-23 09:14 . 2008-04-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-23 07:04 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-22 23:43 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 23:42 . 2008-04-22 23:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 21:24 . 2008-04-22 21:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 21:24 . 2008-04-22 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 17:34 . 2008-04-22 17:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-22 12:16 . 2008-04-22 12:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15 . 2008-04-22 12:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:15 . 2008-04-22 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 23:21 . 2008-04-21 23:21 <DIR> d-------- C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21 345 --ahs---- C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 18:30 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32 47,360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 18:49 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-08 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-08 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-08 16:20 12,960 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-05-08 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 13:58 --------- d-----w C:\Program Files\XoftSpySE
2008-05-04 03:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-30 05:06 --------- d-----w C:\Program Files\AIM
2008-04-30 05:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-04-30 04:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-30 04:02 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-30 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-30 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 14:45 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9373.sys
2008-04-24 08:08 --------- d-----w C:\Program Files\Winamp
2008-04-24 08:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-04-23 15:45 --------- d-----w C:\Program Files\Web Publish
2008-04-23 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-23 03:43 --------- d-----w C:\Program Files\Java
2008-04-23 00:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-04-22 22:49 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Mp3tag
2008-04-22 21:49 --------- d-----w C:\Program Files\Mp3tag
2008-04-22 21:34 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 21:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-21 22:30 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30 --------- d-----w C:\Program Files\vso
2008-04-20 17:18 --------- d--h--w C:\Program Files\PF
2008-04-19 20:17 --------- d-----w C:\Program Files\Azureus
2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 09:46 3,556,352 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 09:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 09:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 09:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 09:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 09:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 09:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 06:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 04:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 04:57 2,446,208 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 04:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 04:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 04:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 04:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 04:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 04:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 04:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 04:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 04:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 04:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 04:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 04:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 04:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 04:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 04:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 04:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 04:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 04:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 04:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 04:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 04:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 04:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 04:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 04:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 04:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 04:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 04:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 04:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 04:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 04:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 04:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 04:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 04:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 04:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 04:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 04:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 04:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 04:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 04:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 04:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 04:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 04:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 04:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 04:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 04:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 04:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-14 04:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03 80 --sh--r C:\WINDOWS\system32\114AFAE353.dll
.
------- Sigcheck -------
2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2006-06-23 07:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB918899_0$\wininet.dll
2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\ie7\wininet.dll
2006-08-23 00:31 910848 bb5f137acb539029bb32853a52ec073b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2006-08-23 00:31 910848 bb5f137acb539029bb32853a52ec073b C:\WINDOWS\system32\wininet.dll
2006-08-23 00:31 809472 02b4473e3c5fede0d3573ce297e8504a C:\WINDOWS\VistaMizer\old\wininet.dll
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\system32\winlogon.exe
2008-04-14 05:42 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\VistaMizer\old\winlogon.exe
2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 12:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 08:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 00:01 2323072 063ff1fa9777d2fd8d6b608f1f700e1f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01 2323072 063ff1fa9777d2fd8d6b608f1f700e1f C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 00:01 2323072 063ff1fa9777d2fd8d6b608f1f700e1f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-04-14 00:01 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 10:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 00:57 2446208 1c48d9f3ea6db95915564655c006be8a C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:57 2446208 1c48d9f3ea6db95915564655c006be8a C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 00:57 2446208 1c48d9f3ea6db95915564655c006be8a C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-04-14 00:57 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
2008-04-14 05:42 1551872 c26978d5f821a7330439dd7f0aaaf678 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1551872 c26978d5f821a7330439dd7f0aaaf678 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\VistaMizer\old\explorer.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 25088]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [2006-06-02 10:34 2934784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"DrvIcon"="C:\Program Files\VistaDriveIcon\DrvIcon.exe" [2008-04-13 08:39 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 17:33 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 12:42 6731312]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 15:49:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 22:04:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-08 11:23:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-05 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-10 22:04:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-05-10 18:08:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 18:12:17
ComboFix-quarantined-files.txt 2008-05-10 22:11:50
ComboFix2.txt 2008-04-23 03:39:30
ComboFix3.txt 2008-04-22 23:34:09
ComboFix4.txt 2008-04-22 04:59:33
Pre-Run: 28,541,739,008 bytes free
Post-Run: 28,712,427,520 bytes free
306 --- E O F --- 2008-04-18 20:50:11
-
I'm kind of lost on what's going on with this computer since your long absence posting
Can you do the following
Go to START>>run>> Copy and paste the next command in bold
sc delete PSEXESVC
Then hit OK
Reboot the computer
Back in Windows
Update then run a scan with Malwarebytes AntiMalware
Post it's log when it's done along with a fresh hijackthis log
-
Yea I had to go handle some personal family stuff for a little over a week. Everything was running good like I said, when I left. I think someone in my house must of been using my computer or somthing. It found 4 Malware including that Vondu. Here is the log...
Malwarebytes' Anti-Malware 1.12
Database version: 739
Scan type: Full Scan (C:\|)
Objects scanned: 99633
Time elapsed: 27 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mp3tag (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Mp3tag\Mp3tagUninstall.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shoper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMgFYqQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
-
Post it's log when it's done along with a fresh hijackthis log
Can I see a fresh hijackthis log please
Also, keep me informed how things are running
-
I'm sorry I didnt see that you wanted a Hijack this log as well. Here it is....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:27 PM, on 5/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com (http://\"http://espn.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab (http://\"http://dl.tvunetworks.com/TVUAx.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210269065859 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210269065859\")
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 7043 bytes
Things seem to be a running a little better. I'll have to open some programs up and see. I've been on and off all day because of the holiday. I really appriciate your help!
-
Programs seem to take a little longer than usual to open. I dont know if its something to do with a virus or malware. Something just doesnt seem right still. Maybe its me, but if you see anything please let me know. I really am greatful for your help. I dont know what I would do without it.
-
Are you still having problems with Windows being slow?
What programs are you having problems with?
-
I'll lock this topic as your problems appear resolved
Take care