Author Topic: always receiving PCCPFW.exe error (Read 1242 times)

boyasprec · « **on:** August 11, 2008, 07:20:09 AM »

i'm always receiving this PCCPFW.exe error. i suspect that i have a virus or something.
this is my logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:43 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mila\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: InterScan FTP VirusWall (ISFTPD) - Unknown owner - C:\INTERS~1\isftpd\isftpd.exe (file missing)
O23 - Service: InterScan Web VirusWall (ISHTTPD) - Unknown owner - C:\INTERS~1\ishttpd\ishttpd.exe (file missing)
O23 - Service: InterScan E-Mail VirusWall (ISSMTPD) - Unknown owner - C:\INTERS~1\issmtpd\issmtpd.exe (file missing)
O23 - Service: PC-cillin Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe

--
End of file - 6260 bytes

thanks!

guestolo · « **Reply #1 on:** August 11, 2008, 06:15:59 PM »

Can you do the following please

Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
Don't run it yet

Download a copy of ComboFix from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop
Don't run it yet

I suggest that you Print the remainder of these instructions, or save them to a text file for reference
Physically disconnect the Internet cable to your computer

We need to disable your Anti-Virus and Firewall protections temporarily so as they won't interfere with the next steps

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso1.dll

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted>>This includes any USB flash drives you have accessible as they may be infected also
follow the prompts, when done, leave the flash drives inserted to the computer

+Double Click on ComboFix.exe to run it
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Normally this fix takes 10 to 30 minutes

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
If the system is rebooted, the log will be produced after a few minutes after rebooting

After the log opens, ensure your AV and Firewall are active then reconnect your Internet cable

Post the log from ComboFix
Also run a fresh Scan and Save logfile with Hijackthis and post it too

boyasprec · « **Reply #2 on:** August 12, 2008, 08:16:12 AM »

thanks!
i did everything accurately.

here is the log of combo fix.

ComboFix 08-08-11.01 - Mila 2008-08-12 21:27:15.1 - NTFSx86
Running from: C:\Documents and Settings\Mila\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\dc.exe
C:\WINDOWS\help\Other.exe
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\sviq.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\config\Win.exe
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool1.dll
C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\ieso1.dll
C:\WINDOWS\system32\kxvo.exe
C:\WINDOWS\system32\WinSit.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 18:19 . 2008-08-12 19:19 90,258 -r-hs---- C:\bpu.exe
2008-08-12 18:03 . 2008-08-12 19:05 149,188 -r-hs---- C:\ut.com
2008-08-12 18:02 . 2008-08-07 18:14 148,424 -r-hs---- C:\by.bat
2008-08-12 17:43 . 2008-08-12 21:21 41 --a------ C:\WINDOWS\wininit.ini
2008-08-12 05:50 . 2008-08-12 05:50 <DIR> d-------- C:\Documents and Settings\HaZeL\Application Data\Ahead
2008-08-12 05:43 . 2008-08-12 05:43 <DIR> d-------- C:\Documents and Settings\HaZeL\Application Data\CyberLink
2008-08-12 00:56 . 2008-08-12 00:56 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\CyberLink
2008-08-11 21:25 . 2008-08-12 06:00 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-11 21:03 . 2008-08-11 21:04 <DIR> d-------- C:\Find-It
2008-08-11 21:03 . 2004-03-10 06:01 45,056 --a------ C:\WINDOWS\system\strings.exe
2008-08-11 21:03 . 2004-03-10 06:01 45,056 --a------ C:\WINDOWS\strings.exe
2008-08-11 21:03 . 2003-12-09 00:31 11,254 --a------ C:\WINDOWS\system\locate.com
2008-08-11 02:05 . 2008-08-11 02:05 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-10 23:50 . 2008-08-11 01:05 1,638,912 --a------ C:\Creative ssss.MSWMM
2008-08-10 16:34 . 2008-08-10 16:34 7,680 --a------ C:\hazel.MSWMM
2008-08-10 15:03 . 2008-08-10 15:03 <DIR> d-------- C:\Documents and Settings\Mila_2\Application Data\Yahoo!
2008-08-10 14:57 . 2008-08-10 14:57 <DIR> d-------- C:\Documents and Settings\Mila_2\Contacts
2008-08-09 17:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-09 17:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-09 17:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-08 23:57 . 2008-08-10 14:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-08 23:55 . 2008-08-10 14:52 <DIR> d-------- C:\Program Files\Windows Live
2008-08-08 23:55 . 2008-08-10 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 19:54 . 2008-08-08 19:54 62 --a------ C:\WINDOWS\Find Friends.URL
2008-08-08 11:09 . 2008-08-08 11:09 <DIR> d-------- C:\Program Files\Autoruns
2008-08-08 11:07 . 2008-08-08 20:32 <DIR> d-------- C:\Program Files\ProcessExplorer
2008-08-08 11:06 . 2008-08-08 11:06 574,549 --a------ C:\Program Files\Autoruns.zip
2008-08-08 11:05 . 2008-08-08 11:06 1,602,439 --a------ C:\Program Files\ProcessExplorer.zip
2008-08-07 23:27 . 2008-08-07 23:27 484,864 --a------ C:\project in c.l.MSWMM
2008-08-05 23:17 . 2008-08-05 23:17 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Leadertech
2008-08-04 18:09 . 2008-08-04 18:09 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-03 15:31 . 2008-08-03 15:31 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\AdobeUM
2008-08-03 15:31 . 2008-08-03 15:31 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\AdobeAUM
2008-08-02 12:53 . 2008-08-02 12:54 <DIR> d-------- C:\Documents and Settings\HaZeL\Application Data\Teleca
2008-08-02 11:48 . 2008-08-02 11:49 <DIR> d-------- C:\Documents and Settings\Mila_2\Application Data\Teleca
2008-08-01 23:57 . 2008-08-01 23:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-01 23:17 . 2008-08-01 23:50 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Teleca
2008-08-01 23:12 . 2008-08-05 23:28 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-08-01 23:03 . 2006-03-13 07:50 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys
2008-08-01 23:03 . 2006-03-13 07:50 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys
2008-08-01 23:03 . 2006-03-13 07:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys
2008-08-01 23:03 . 2006-03-13 07:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys
2008-08-01 21:03 . 2008-08-01 23:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 21:00 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-01 21:00 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-01 20:55 . 2006-03-13 07:49 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys
2008-08-01 20:55 . 2006-03-13 07:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys
2008-08-01 20:55 . 2006-03-13 07:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys
2008-08-01 18:17 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-01 18:17 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-31 23:41 . 2008-08-10 12:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-31 20:50 . 2008-07-31 20:50 <DIR> d-------- C:\Documents and Settings\Mila_2\Application Data\Apple Computer
2008-07-30 22:55 . 2008-07-30 23:12 10,346,724 --a------ C:\Program Files\megamanager.exe
2008-07-30 22:46 . 2008-08-01 21:06 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-07-29 20:46 . 2008-07-29 20:46 <DIR> d-------- C:\Documents and Settings\HaZeL
2008-07-28 19:07 . 2008-02-23 19:07 151,234 -r-hs---- C:\bicsxk03.com
2008-07-28 19:02 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-28 18:53 . 2008-08-12 00:36 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Apple Computer
2008-07-28 18:51 . 2008-07-28 18:51 <DIR> d-------- C:\Program Files\iPod
2008-07-28 18:49 . 2008-07-28 18:52 <DIR> d-------- C:\Program Files\iTunes
2008-07-28 18:48 . 2008-07-28 18:48 <DIR> d-------- C:\Program Files\Bonjour
2008-07-28 18:45 . 2008-07-28 18:47 <DIR> d-------- C:\Program Files\QuickTime
2008-07-28 18:45 . 2008-07-28 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-28 18:44 . 2008-08-10 14:53 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-28 18:44 . 2008-07-28 18:44 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-28 18:43 . 2008-07-28 18:43 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-28 18:43 . 2008-07-28 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-28 17:07 . 2008-07-28 18:02 63,489,320 --a------ C:\Program Files\iTunesSetup.exe
2008-07-28 16:02 . 2008-07-28 16:26 <DIR> d-------- C:\Program Files\Nintendo DS No$gba
2008-07-28 12:28 . 2008-07-28 16:02 <DIR> d-------- C:\Program Files\Nintendo DS ideas
2008-07-28 12:19 . 2008-07-30 22:48 <DIR> d-------- C:\Program Files\Nintendo 64 Project64 1.6
2008-07-28 12:06 . 1996-06-20 11:06 67,584 --a------ C:\WINDOWS\system32\s3dtkw.dll
2008-07-28 12:00 . 2008-07-28 12:06 <DIR> d-------- C:\TV3D
2008-07-28 11:56 . 1996-01-09 03:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-07-28 11:24 . 2008-07-28 11:24 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-28 11:23 . 2008-07-29 16:43 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-28 11:19 . 2008-07-28 11:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-28 11:18 . 2008-07-28 11:18 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\DAEMON Tools
2008-07-28 10:27 . 2008-07-28 10:27 0 --a------ C:\WINDOWS\PCCBrows.INI
2008-07-28 10:23 . 2008-07-28 10:23 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Yahoo!
2008-07-28 10:23 . 2008-07-28 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-27 23:27 . 2008-07-27 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-27 23:20 . 2008-08-05 23:22 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-27 22:56 . 2008-08-10 16:37 <DIR> d-------- C:\Documents and Settings\Mila_2
2008-07-27 18:13 . 2008-07-27 22:52 <DIR> d-------- C:\Program Files\PLDTPLAY
2008-07-27 18:04 . 2008-07-27 18:04 <DIR> d-------- C:\Program Files\Zune
2008-07-27 18:00 . 2008-07-31 18:44 <DIR> d-------- C:\Documents and Settings\Harriet
2008-07-27 17:41 . 2008-07-27 18:04 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 17:41 . 2008-08-12 21:12 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\uTorrent
2008-07-27 16:58 . 2008-08-12 19:35 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-27 16:36 . 2008-07-27 16:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 16:10 . 2008-08-12 19:04 0 --a------ C:\AUTOEXEC.CAM
2008-07-27 16:09 . 2008-08-12 01:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 16:07 . 2008-08-04 18:58 <DIR> d-------- C:\InterScan
2008-07-27 16:07 . 2008-07-27 16:07 <DIR> d-------- C:\Documents and Settings\Mila\WINDOWS
2008-07-27 16:04 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-27 16:04 . 2008-07-30 18:28 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-27 16:02 . 2008-07-27 16:02 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-27 16:02 . 2008-07-27 16:02 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-27 16:02 . 2008-07-27 16:02 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-27 16:01 . 2008-08-10 11:45 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-27 16:00 . 2008-07-27 16:02 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-27 15:53 . 2008-07-27 15:53 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Snapfish
2008-07-27 15:52 . 2008-07-27 22:53 <DIR> d-------- C:\Program Files\Nero
2008-07-27 15:52 . 2008-07-27 15:52 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Simple Star
2008-07-27 15:52 . 2008-08-03 17:03 <DIR> d-------- C:\Documents and Settings\Mila\Application Data\Ahead
2008-07-27 15:52 . 2008-07-27 15:52 <DIR> d-------- C:\Demo Album
2008-07-27 15:52 . 2004-11-17 14:24 421,888 --a------ C:\WINDOWS\Nero PhotoShow.scr
2008-07-27 15:51 . 2005-02-08 05:12 2,670,592 --------- C:\WINDOWS\UNNMP.exe
2008-07-27 15:51 . 2005-07-27 02:08 49,655 --------- C:\WINDOWS\UNNMP.cfg
2008-07-27 15:50 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-27 15:49 . 2008-07-27 15:49 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 15:48 . 2008-07-27 15:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-27 15:48 . 2008-07-27 15:51 <DIR> d-------- C:\Program Files\Ahead
2008-07-27 15:48 . 2008-07-27 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-27 15:48 . 2005-04-20 04:32 2,916,352 --------- C:\WINDOWS\UNNeroVision.exe
2008-07-27 15:48 . 2004-11-17 14:29 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-07-27 15:48 . 2004-11-17 14:29 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-07-27 15:48 . 2004-11-17 14:29 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-07-27 15:48 . 2004-11-17 14:29 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-07-27 15:48 . 2004-11-17 14:29 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-07-27 15:48 . 2005-07-27 02:08 176,631 --------- C:\WINDOWS\UNNeroVision.cfg
2008-07-27 15:48 . 2004-11-17 14:29 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-27 15:48 . 2004-11-17 14:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-07-27 15:48 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 22:52 178 ----a-w C:\Program Files\Upgrade to Elite!.url
2008-07-27 22:46 1,447 ----a-w C:\Program Files\VP-EYE.lnk
2008-07-27 21:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-25 17:28 212992]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 08:02 490952]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 14:23 49152]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 14:15 483328]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46 172032]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-24 21:56 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe" [2004-06-11 18:24 647238]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe" [2004-06-11 18:15 725064]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe" [2004-06-11 18:20 565318]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"HealAntiVirus"="C:\Documents and Settings\Mila\Desktop\HealAntiVirus1.31.exe" [2008-08-08 11:05 320895]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"VTTimer"="VTTimer.exe" [2006-09-21 01:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-10-09 14:14 176128 C:\WINDOWS\system32\S3Trayp.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 PccPfw;PC-cillin Personal Firewall;C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe [2004-06-11 18:16]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-14 18:38]
S2 ISFTPD;InterScan FTP VirusWall;C:\INTERS~1\isftpd\isftpd.exe []
S2 ISHTTPD;InterScan Web VirusWall;C:\INTERS~1\ishttpd\ishttpd.exe []
S2 ISSMTPD;InterScan E-Mail VirusWall;C:\INTERS~1\issmtpd\issmtpd.exe []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 07:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 07:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 07:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960df22a-60ff-11dd-a62e-001bb99af577}]
\Shell\AutoRun\command - G:\bicsxk03.com
\Shell\explore\Command - G:\bicsxk03.com
\Shell\open\Command - G:\bicsxk03.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b56cfee6-6289-11dd-a631-001bb99af577}]
\Shell\AutoRun\command - G:\ut.com
\Shell\explore\Command - G:\ut.com
\Shell\open\Command - G:\ut.com
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mila\Application Data\Mozilla\Firefox\Profiles\q1ya222g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 21:34:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\TSC.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-12 21:48:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 04:48:28

Pre-Run: 17,014,603,776 bytes free
Post-Run: 17,355,534,336 bytes free

256 --- E O F --- 2008-08-11 09:06:21

boyasprec · « **Reply #3 on:** August 12, 2008, 08:19:11 AM »

and here is a fresh logfile of hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:33 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Trend Micro\PC-cillin 2003\TSC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mila\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HealAntiVirus] C:\Documents and Settings\Mila\Desktop\HealAntiVirus1.31.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: InterScan FTP VirusWall (ISFTPD) - Unknown owner - C:\INTERS~1\isftpd\isftpd.exe (file missing)
O23 - Service: InterScan Web VirusWall (ISHTTPD) - Unknown owner - C:\INTERS~1\ishttpd\ishttpd.exe (file missing)
O23 - Service: InterScan E-Mail VirusWall (ISSMTPD) - Unknown owner - C:\INTERS~1\issmtpd\issmtpd.exe (file missing)
O23 - Service: PC-cillin Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe

--
End of file - 6303 bytes

thank you very much sir!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #4 on:** August 12, 2008, 04:04:15 PM »

We have a bit more cleaning to do
But can you let me know the following, I see the next entry in your new Hijackthis log
and it wasn't present earlier

O4 - HKLM\..\Run: [HealAntiVirus] C:\Documents and Settings\Mila\Desktop\HealAntiVirus1.31.exe

Did you purposely download this file and run from your desktop?

Can you also do the following to ensure
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

boyasprec · « **Reply #5 on:** August 13, 2008, 04:31:32 AM »

yup i purposely downloaded it cause i thought it might help

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> . should i uninstall it?

this is the uninstall list of hijackthis.

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Apple Mobile Device Support
Apple Software Update
Bonjour
DAEMON Tools Toolbar
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
HP Deskjet 3740
HP Memories Disc
HP Software Update
iTunes
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
Nero PhotoShow Express
Nero Suite
PC-cillin 2003
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VP-EYE
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
Yahoo! Toolbar
Zune Desktop Theme

thanks again!

guestolo · « **Reply #6 on:** August 13, 2008, 12:32:56 PM »

Quote

should i uninstall it?

I would, as I haven't heard any reviews or reliability of it

Afterwards
==Open notepad
Click START>>RUN>>type in notepad
Hit OK
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
G:\bicsxk03.com
G:\bicsxk03.com
C:\bpu.exe
C:\ut.com
C:\by.bat
C:\WINDOWS\wininit.ini
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960df22a-60ff-11dd-a62e-001bb99af577}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b56cfee6-6289-11dd-a631-001bb99af577}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HealAntiVirus"=-
[/color]
Save this as txtfile on your desktop
CFScript
We'll need it in a bit

Temporarily Disable your AntiVirus software so as it won't interfere with the next step
Also ensure that SpySweepers and Spybot's protections are not running

I'm not sure which drive is your G: drive
External harddrive or Thumbdrive,etc.. but can you plug it into the computer and ensure it's on and recognized by Windows

Then

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..

I'll need to see that log again later
Can you run the following
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from MBAM, can you supply the new log from ComboFix please
Keep me informed how things are then running

boyasprec · « **Reply #7 on:** August 20, 2008, 08:20:24 AM »

thanks for all the help. i bought a new hard drive because my old one broke. well thanks for your time. i'll ask help if i suspect another virus.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

boyasprec · « **Reply #8 on:** August 20, 2008, 08:24:32 AM »

well this is my log for my new hard drive.
i hope that i have no major problems or something.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:56 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 4124 bytes

guestolo · « **Reply #9 on:** August 24, 2008, 09:49:26 AM »

Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
Post that log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In addition post a fresh hijackthis log please

boyasprec · « **Reply #10 on:** August 25, 2008, 03:58:08 AM »

here is the log of comofix

ComboFix 08-08-24.02 - mila 2008-08-25 17:14:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.59 [GMT -7:00]
Running from: C:\Documents and Settings\mila\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\2.bat

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-24 12:06 . 2008-08-24 12:06 <DIR> d-------- C:\Documents and Settings\mila\Application Data\vlc
2008-08-24 10:10 . 2008-08-24 10:10 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-23 23:36 . 2008-08-23 23:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-08-23 21:56 . 2008-08-23 22:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 21:38 . 2008-08-23 21:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-23 21:38 . 2008-08-23 21:38 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-23 21:37 . 2008-08-23 21:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\Documents and Settings\mila\Application Data\True Sword
2008-08-23 20:43 . 2008-08-23 20:55 7,312,769 --a------ C:\TrueSword4.exe
2008-08-23 20:38 . 2008-08-23 20:38 393 --a------ C:\Documents and Settings\Shortcut to Documents and Settings.lnk
2008-08-23 16:16 . 2008-08-23 16:16 30 -rahs---- C:\WINDOWS\pc-off.bat
2008-08-21 22:45 . 2008-08-21 22:45 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-21 22:00 . 2008-08-21 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-21 21:59 . 2008-08-21 21:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-21 21:59 . 2008-08-21 21:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 21:59 . 2008-08-21 21:59 <DIR> d-------- C:\Documents and Settings\mila\Application Data\SUPERAntiSpyware.com
2008-08-21 21:06 . 2008-08-22 16:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-21 20:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-21 20:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-21 20:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 19:50 . 2008-08-21 19:50 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-21 16:07 . 2008-08-21 16:07 <DIR> d---s---- C:\Documents and Settings\mila\UserData
2008-08-21 16:02 . 2008-08-21 16:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-21 16:01 . 2008-08-21 16:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-21 15:07 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-21 15:07 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 14:44 . 2008-08-21 16:06 <DIR> d-------- C:\Documents and Settings\mila\Contacts
2008-08-21 00:27 . 2008-08-21 16:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-21 00:06 . 2008-08-21 00:06 268 --ah----- C:\sqmdata00.sqm
2008-08-21 00:06 . 2008-08-21 00:06 244 --ah----- C:\sqmnoopt00.sqm
2008-08-20 23:56 . 2008-08-20 23:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-20 23:38 . 2008-08-20 23:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-20 23:37 . 2008-08-20 23:55 <DIR> d-------- C:\Program Files\Windows Live
2008-08-20 23:36 . 2008-08-20 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-20 22:40 . 2008-08-20 22:40 <DIR> d-------- C:\Documents and Settings\mila\Application Data\Yahoo!
2008-08-20 22:40 . 2008-08-20 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-20 21:56 . 2008-08-23 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-20 21:52 . 2008-08-23 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-08-20 21:25 . 2008-08-20 21:25 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-20 21:15 . 2008-08-20 21:14 72,192 --a------ C:\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 19:40 --------- d-----w C:\Documents and Settings\mila\Application Data\uTorrent
2008-08-23 22:19 --------- d-----w C:\Program Files\Microsoft Works
2008-08-21 04:47 --------- d-----w C:\Program Files\Trend Micro
2008-07-20 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-20 00:54 --------- d-----w C:\Program Files\Yahoo!
2008-07-20 00:52 --------- d-----w C:\Program Files\Yahoo! Games
2008-07-20 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-19 04:40 --------- d-----w C:\Program Files\AVG
2008-07-19 02:55 --------- d-----w C:\Documents and Settings\mila\Application Data\Snapfish
2008-07-18 20:17 --------- d-----w C:\Documents and Settings\mila\Application Data\Ahead
2008-07-18 01:31 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-18 01:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 01:24 --------- d-----w C:\Documents and Settings\mila\Application Data\InstallShield
2008-07-17 03:42 --------- d-----w C:\Program Files\uTorrent
2008-07-17 02:25 --------- d-----w C:\Program Files\Realtek
2008-07-17 02:21 --------- d-----w C:\Program Files\Nero
2008-07-17 02:21 --------- d-----w C:\Documents and Settings\mila\Application Data\Simple Star
2008-07-17 02:19 --------- d-----w C:\Program Files\Ahead
2008-07-17 02:18 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-17 02:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-17 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-17 02:09 --------- d-----w C:\Program Files\Realtek AC97
2008-07-17 02:09 --------- d-----w C:\Program Files\AvRack
2008-07-17 01:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-17 01:37 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-07-17 01:37 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-07-17 01:36 --------- d-----w C:\Program Files\PCI Audio Applications
2008-07-17 01:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-17 01:21 --------- d-----w C:\Program Files\HP
2008-07-17 01:02 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-17 00:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-17 00:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-17 00:57 --------- d-----w C:\Program Files\Common Files\L&H
2008-07-16 23:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-25 17:28 212992]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 10:55 49152]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-24 21:56 61440]
"C-Media Mixer"="C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe" [2001-06-14 10:08 208896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 21:37 1232152]
"VTTimer"="VTTimer.exe" [2006-09-21 01:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-10-09 14:14 176128 C:\WINDOWS\system32\S3Trayp.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\Special Force\\specialforce.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-23 21:38]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 21:37]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-23 21:38]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-14 18:38]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 07:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37252f20-553e-11dd-82a2-0008a1a63599}]
\Shell\AutoRun\command - password_viewer.exe %1
\Shell\Explore\command - password_viewer.exe %1
\Shell\Open\command - password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37252f22-553e-11dd-82a2-0008a1a63599}]
\Shell\AutoRun\command - F:\bicsxk03.com
\Shell\explore\Command - F:\bicsxk03.com
\Shell\open\Command - F:\bicsxk03.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d551942-7169-11dd-82b4-0008a1a63599}]
\Shell\AutoRun\command - F:\password_viewer.exe %1
\Shell\Explore\command - F:\password_viewer.exe %1
\Shell\Open\command - F:\password_viewer.exe %1

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mila\Application Data\Mozilla\Firefox\Profiles\z45039qq.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 17:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

?0?

??@?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-25 17:19:40
ComboFix-quarantined-files.txt 2008-08-26 00:19:35

Pre-Run: 21,826,564,096 bytes free
Post-Run: 22,145,507,328 bytes free

171 --- E O F --- 2008-08-24 19:54:31

guestolo · « **Reply #11 on:** August 25, 2008, 08:20:24 AM »

Can you please let me know what drive letter
F: represents on your computer

Is it an external USB Flash drive, external harddrive, etc...

boyasprec · « **Reply #12 on:** August 26, 2008, 04:02:47 AM »

F: represents an external usb flash drive.

guestolo · « **Reply #13 on:** August 30, 2008, 11:17:27 AM »

Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
Don't run it yet

Delete your copy of Combofix.exe,
Download a fresh copy of ComboFix from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop
Don't run it yet

Follow the instructions closely
Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted>>This includes any USB flash drives you have accessible as they may be infected also
follow the prompts, when done, leave the flash drives and/or any removeable media inserted to the computer

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
F:\bicsxk03.com
F:\password_viewer.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37252f20-553e-11dd-82a2-0008a1a63599}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37252f22-553e-11dd-82a2-0008a1a63599}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d551942-7169-11dd-82b4-0008a1a63599}]
[/color]
Save this as txtfile on your desktop
CFScript

Then

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..

1. Post a fresh hijackthis log
2. Post again the fresh log from ComboFix>>C:\ComboFix.txt

TheTechGuide Forum

News:

Author Topic: always receiving PCCPFW.exe error (Read 1242 times)

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error

boyasprec

always receiving PCCPFW.exe error

guestolo

always receiving PCCPFW.exe error