Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am At The End Of My Rope...pls Help, Please


  • Please log in to reply
13 replies to this topic

#1 jcdees24

jcdees24

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 13 August 2007 - 01:32 AM

Ok, it started about a week ago I was looking at a site that generates flash codes when my symantec alerted me of a virus that I picked up. Then I started getting a pop-up page with every new page I browsed. So I knew I probably had a spyware infection with the virus symantec caught. I ran ad-aware to hopefully clean my system and symantec to re-check for any infection. Both programs came up empty on the scans. So I got spybot and it found a couple of items and cleaned up the pop-up problems. But then I noticed that my system started to slow down especially my browsing speeds. I went to re-scan with symanted but I could not get it to load. I uninstalled it and deleted the files in the quarinteen. I went to Kaspersky's online scan and it found 2 viruses and some spyware that I could not find. (I did not know about the system folders being hidden at the time). So I re-installed symantec and scanned again and got frustated. I browsed this forum and a few others for some tips. After researching these are the steps I took:

-Cleaned all my temp folders and prefetch
-Disabled System Restore
-Bought the power suite from uni-blue (regboost,speedmyps,and spyeraser)
-Rebooted in safe mode ran spyeraser (cleaned some files)
-Rebooted in safe mode ran regbooster (cleaned up the registery)
-Rebooted in safe mode ran speedmypc (optimized my system)
-Rebooted in safe mode ran Ccleaner
-Rebooted in safe mode ran ATF Cleaner
-Rebooted in safe mode ran Ad-Aware (nothing found)
-Rebooted in safe mode ran Counterspy (cleaned some files)
-Rebooted in safe mode ran AVG (nothing found)
-Rebooted in safe mode ran Pandasoft's AntiRootKit (nothing found)
-Rebooted in safe mode ran Trendmicro's Housecall (nothing found)
-Rebooted in safe mode ran Trojan Hunter (nothing found)
-Rebooted in safe mode ran Trojan Remover (nothing found)
-Rebooted in safe mode ran McAfee's Stinger (nothing found)
-Rebooted in safe mode ran Symantec (nothing found)
-Rebooted in safe mode w/networking ran Kapersky's online scan (cleaned virtumond file)
-Rebooted in safe mode w/networking ran VundoFix (nothing found)
-Rebooted in safe mode w/networking ran BitDefender's online scan (nothing found)
-Rebooted in safe mode w/networking ran TrendMicro's online scan (nothing found)
-Rebooted in safe mode w/networking ran McAfee's online scan (noting found)
-Rebooted in normal ran spyware blaster (found 11 files and 1 registery error..virtumonde and cleaned them)
-I input my hijackthis scan into hijackthis.de and saw something that might be of significance. There are 2 files that are in the log that I had deleted due to them being scanned as malware.
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: qomjghe - C:\WINDOWS\
I deleted both pmkjj.dll and qomjghe.dll and they were showing up in my hijack this scan but were not showing up anywahere on my pc. So I checked them off and let hijack this fix them.
-I d/l windows process explorer and I did not see anything fishy. Then I d/l Windows TCP view to see if anything fishy was connecting to my network, but I'm a newb and had no idea what I was looking at.
-I thought mabey with both Countersyp and AVG running active protection that mabey that was what was making my browser crawl so I uninstalled Counterspy (it was about to expire anywhay) but it didnt help
-I de-fragged my hdd
-I did an error-check on my hdd thru windows
-I ran the scf /scannow to make sure all my files were still there.
-I was going to uninstall IE6 and re-install but since it works fine in safe mode I figure there is nothing wrong with it.
-I ran VundoFix again and it still showed up empty (run in normal mode)
-I ran ComboFix and it quaranteend* 6 .dll files and one registery entry. (run in normal mode)
-I got down on my knees and begged my pc with tears to start working right so I can ge back to work!!!! GAH!!!!!


My pc is slow and crawls when browsing (with both IE and FireFox) and when typing browser will hang.

Notes of intrest*

1. When trying to scan in normal spyeraser,avg,and counterspy kept hanging up on alot of .htm or .hmtl files I had. (like the help files for Adobe Photoshop)
2.My browsing speed is normal when I am booted in safemode w/networking. How is this?!?!?
3.The online scan from Panda shuts down instantly and closes the browser window part-way thru the scan (usually when it hits C://ntldr)
4.The other online scans would not finish in normal mode they kept hanging on a file in my C://WINDOWS/$NtServicePackUninstall$/msobshel.html has to scan in safe w/networking
5.What I mean by my browser crawling is that it takes a while for a page to load. It will load part then freeze then after a min load some more then freeze then after another min load the rest. If I do a search on google, it will fly to the result page like normal. But if I choose a site that has stuff to show is when it acts up. My CPU Usage will jump to 100% when a page is trying to open for about 20-30 seconds. Once the page is loaded it will drop back down to 0%-4% and act normal.


Here is my Hijackthis Log: (I ran under it being renamed as analysethis)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:36 AM, on 08/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\Analysethis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.cafepress.com
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160458304640
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.amwareaps.com/tsweb/msrdp.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...095/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6956 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 13 August 2007 - 07:21 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jcdees24 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 14 August 2007 - 02:39 AM

Hello Richie, thanks for your time and you help. It is greatly appreciated!!
I read at Geeks to Go forum that is is better to have all your avaliable services checked in the msconfig. If there are more services showing in the hijackthis log is is because I went and enabled all services that were avaliable in the msconfig.

*If I do a search on Google then my browser will run like normal, the same if I go to any other page that is only text. But if the page has any images, video, or song then it takes forever to load. Didn't know if it was worth mentioning?

Here is the ComboFix Report:
ComboFix 07-08-14 - "Jonathan" 2007-08-14 1:17:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-13 03:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-08-12 00:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 23:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-11 22:57 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-11 22:57 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-11 22:57 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-11 22:57 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-11 22:57 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-11 22:57 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-08-11 22:57 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-11 22:57 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-08-11 22:57 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-08-11 22:57 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-11 22:56 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-11 22:56 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-11 22:56 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-08-11 22:56 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-08-11 22:56 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-08-11 22:56 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-08-11 22:56 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-08-11 22:56 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-08-11 22:56 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-08-11 22:56 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-08-11 22:56 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-08-11 22:56 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-08-11 22:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-08-11 22:56 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2007-08-11 22:56 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-08-11 22:56 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-08-11 22:56 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-08-11 22:56 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-08-11 22:56 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-08-11 22:56 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-08-11 22:56 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-11 22:56 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-08-11 22:56 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-08-11 22:56 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-08-11 22:56 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-08-11 22:56 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-08-11 22:56 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-08-11 22:56 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-08-11 22:56 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-08-11 22:56 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-08-11 22:56 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-08-11 22:56 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-08-11 22:56 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-08-11 22:56 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-08-11 22:55 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-08-11 22:55 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-11 22:55 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2007-08-11 22:55 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2007-08-11 22:55 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-08-11 22:55 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-08-11 22:55 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-08-11 22:55 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2007-08-11 22:55 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-08-11 22:55 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-08-11 22:55 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-08-11 22:55 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2007-08-11 22:55 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-11 22:55 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-08-11 22:55 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-08-11 22:55 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-08-11 22:55 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-11 22:55 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-11 22:55 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-08-11 22:55 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-08-11 22:55 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-08-11 22:55 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-08-11 22:55 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-08-11 22:55 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2007-08-11 22:55 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-08-11 22:55 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2007-08-11 22:55 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2007-08-11 22:55 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-08-11 22:55 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-08-11 22:55 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2007-08-11 22:55 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-08-11 22:55 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-08-11 22:55 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-08-11 22:55 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2007-08-11 22:55 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-08-11 22:55 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-08-11 22:55 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-08-11 22:55 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2007-08-11 22:55 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-08-11 22:55 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-08-11 22:55 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-08-11 22:55 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-08-11 22:55 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2007-08-11 22:55 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-08-11 22:55 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-08-11 22:55 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-11 22:55 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-08-11 22:55 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-08-11 22:55 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2007-08-11 22:55 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2007-08-11 22:55 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-08-11 22:55 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-08-11 22:55 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 13:03 --------- d-------- C:\Program Files\FlashFXP
2007-08-11 12:47 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-08-08 18:39 --------- d-------- C:\Program Files\Serv-U
2007-08-04 02:34 --------- d-------- C:\Program Files\Symantec
2007-08-01 19:38 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\RipIt4Me
2007-07-22 20:41 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Azureus
2007-07-21 23:27 --------- d-------- C:\Program Files\XBC
2007-07-11 04:25 3386 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-11 04:06 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\GetRightToGo
2007-07-05 12:59 --------- d-------- C:\Program Files\Digital Locker Assistant
2007-07-04 20:00 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\acccore
2007-07-04 19:57 --------- d-------- C:\Program Files\Viewpoint
2007-07-04 19:57 --------- d-------- C:\Program Files\AIM6
2007-07-04 19:56 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-04 14:57 --------- d-------- C:\Program Files\City of Heroes
2007-07-02 00:50 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\Apple Computer
2007-07-02 00:40 --------- d-------- C:\Program Files\Apple Software Update
2007-06-18 18:15 --------- d-------- C:\Program Files\Windows Live
2007-06-18 18:15 --------- d-------- C:\Program Files\MSN Messenger
2007-06-18 18:15 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-14 18:46 --------- d-------- C:\DOCUME~1\Jonathan\APPLIC~1\7Wonders
2007-06-14 18:26 --------- d-------- C:\Program Files\MostFun
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2005-12-07 18:58]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-05-18 23:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-08 00:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]
"RemoteCenter"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-27 18:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"iPod Service"=3 (0x3)

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
R3 Pcatip;Pcatip;C:\WINDOWS\system32\DRIVERS\Pcatip.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
S3 MXOFX;USB Storage Adapter FX (MXO);C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f2da76-ac24-11da-bad0-0011d8c40847}]
AutoRun\command- L:\JDLightning\Windows\JDLightning.exe


Contents of the 'Scheduled Tasks' folder
2007-08-02 12:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-05 01:52:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-05 01:52:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-05 02:19:42 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
2007-08-05 02:59:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 01:42:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 1:59:39
C:\ComboFix-quarantined-files.txt ... 2007-08-14 01:58

--- E O F ---







And Here is the HijackThis Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:26 AM, on 08/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\Analysethis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.cafepress.com
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160458304640
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.amwareaps.com/tsweb/msrdp.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...095/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8553 bytes

Edited by jcdees24, 14 August 2007 - 02:45 AM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 14 August 2007 - 05:12 PM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

-------------------------------------------------

Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.

Restart your pc,then copy and paste the SpySweeper log into your next reply.

--------------------------------------------------

Run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Copy and paste the Activescan report in your next reply.
Posted Image
Posted Image

#5 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 15 August 2007 - 04:54 PM

Thanks for the help.


I ran CleanUp

I installed SpySweeper (with anti-virus) and ran it in normal mode but it kept hanging on C://WINDOWS/ServicePackFiles/i386/vrinda.ttf
So I had to scan in safe mode and here is the report:

9:38 PM: Traces Found: 1
9:38 PM: Full Sweep has completed. Elapsed time 00:17:29
9:38 PM: File Sweep Complete, Elapsed Time: 00:15:55
9:37 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:37 PM: Warning: Scan aborted for compressed file k:\applications\specialbootdisk\bfd107.zip as it contains more than 10 layers.
9:37 PM: Warning: Scan aborted for compressed file k:\applications\html\2-a040e.zip as it contains more than 10 layers.
9:37 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:31 PM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
9:31 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
9:31 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
9:31 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
9:31 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1297508b-07dd-404f-b92f-a0fb2ef742e4.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse2c846c7-5811-4b15-ba47-43fb558c4038.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms122bab95-0414-43a8-b93c-500f822bbf85.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsac23a823-88b9-4240-82f8-55cfb5efc915.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa650c746-6768-4a52-a475-c5f028012640.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2ae172ae-4a1e-4f05-9ad2-67cf478ca0f1.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2acb212d-02d7-4a31-bde8-204953bb616e.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc30fbba4-18e5-437d-b6dd-663f8df292a5.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsda92ae0f-b792-4b30-b1b1-c8239854478b.tmp". The operation completed successfully
9:30 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf954bb4f-d61c-45b6-9bea-f905e6fd0773.tmp". The operation completed successfully
9:22 PM: Starting File Sweep
9:22 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
9:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:22 PM: Starting Cookie Sweep
9:22 PM: Registry Sweep Complete, Elapsed Time:00:01:29
9:22 PM: HKU\S-1-5-21-299502267-1659004503-839522115-1003\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\outerinfo\ (ID = 2062989)
9:22 PM: Found Adware: purityscan
9:22 PM: Memory Sweep Complete, Elapsed Time: 00:00:00
9:22 PM: Starting Registry Sweep
9:21 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:
9:21 PM: Starting Memory Sweep
9:21 PM: Sweep initiated using definitions version 906
9:21 PM: Spy Sweeper 5.5.7.48 started
9:21 PM: | Start of Session, Tuesday, August 14, 2007 |
***************
9:19 PM: Program Version 5.5.7.48 Using Spyware Definitions 906
9:19 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 8/14/2007 4:32:28 AM (GMT)
9:19 PM: Spy Sweeper 5.5.7.48 started
9:19 PM: | Start of Session, Tuesday, August 14, 2007 |
***************




I had to uninstall SpySweeper after the scan. In normal mode it would not let me open a web page.




I went to the site to do the online sacn from Panda. I tried in both safe mode as well as normal mode and both ways the scan shuts down in the middle of the scan.

Edited by jcdees24, 15 August 2007 - 05:04 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 August 2007 - 07:24 AM

Download/install IE7:
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Download/install Mozilla Firefox:
http://www.mozilla.com/en-US/firefox/

Let me know if you've any problems using both the above browsers.
Also let me know how your pc is running now.
Posted Image
Posted Image

#7 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 August 2007 - 10:50 AM

I am using firefox now and it is slow. I was able to get ActivCsan to run in safe mode by turning off my pagefile and moving ntldr.sys into a diff. folder while the scan ran. Here is the result:


Incident Status Location

Potentially unwanted tool:Application/ServUBased.N Not disinfected C:\Program Files\Serv-U\ServUAdmin.exe
Potentially unwanted tool:Application/Servu.A Not disinfected C:\Program Files\Serv-U\ServUPerfCount.dll
Potentially unwanted tool:Application/Servu.A Not disinfected C:\Program Files\Serv-U\ServUTray.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected K:\applications\Nero 6 Updates\Nero-6.6.1.15a.exe[Toolbar.exe]
Potentially unwanted tool:Application/ServUBased.A Not disinfected K:\applications\Serv-U FTP Server v6.0.0.2.rar[Serv-U FTP Server v6.0.0.2\ServUSetup.exe][SERVUDAEMON.EXE]
Potentially unwanted tool:Application/Servu.A Not disinfected K:\applications\Serv-U FTP Server v6.0.0.2.rar[Serv-U FTP Server v6.0.0.2\ServUSetup.exe][SERVUTRAY.EXE]
Potentially unwanted tool:Application/Servu.A Not disinfected K:\applications\Serv-U FTP Server v6.0.0.2.rar[Serv-U FTP Server v6.0.0.2\ServUSetup.exe][SERVUPERFCOUNT.DLL]
Potentially unwanted tool:Application/ServUBased.N Not disinfected K:\applications\Serv-U FTP Server v6.0.0.2.rar[Serv-U FTP Server v6.0.0.2\ServUSetup.exe][SERVUADMIN.EXE]

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 August 2007 - 11:10 AM

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in Safe Mode with Networking.

Whats Firefox run like now.
Posted Image
Posted Image

#9 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 August 2007 - 05:08 PM

Both Firefox and IE fly like normal when I run them in safe mode.
In Normal Mode firefox hangs when loading ads, videos, and other images.
In normal Mode IE is just plain horrible. it's speeds run worse than dial-up. Much worse
When typing in firefox like right now when posting this reply the browser will freeze then un-freeze and everything I typed will catch-up and jump on the page when it starts running again.

My CPU usage is erradic jumping from low to high for no apparent reason.

Gah! I am so frustrated, why does my internet speed run normal in safe but not in normal??

Also I have noticed that sometimes when I re-boot after the bios loads and before windows starts to load the screen will stay black for a couple of minutes with a curser bliinking in the upper left hand of the screen.

Due to the CPU usage going everywhere my pc does freeze sometimes but goes back to normal after a min and catches up on all the work it missed while it was hanging.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 August 2007 - 07:19 PM

Ok,uninstall the following programs via Add/Remove Programs,then restart your pc.
SpySweeper
AVG Anti-Spyware
SUPERAntiSpyware


------------------------------------------------------

Click on Start/Run,type msconfig then press Ok.
Inside the System Configuration Utility,click on the 'Startup' tab.
Uncheck ALL the boxes except your antivirus.
Restart your pc.
If your browsers are now running normally then obviously its some program/process you've stopped from running at startup is your problem.
Start re-checking the boxes one at a time,reboot after each.
You should then find out by trial and error whats causing your issue.
Posted Image
Posted Image

#11 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 August 2007 - 09:07 PM

Ok I turned off all start-up programs and disabled all services that were non-microsoft and now everything looks great!!

I'm going to go thru trial and error and find out what is causing the delay and will let you know.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 17 August 2007 - 03:44 AM

If you will please,thanks :thumbsup:
Posted Image
Posted Image

#13 jcdees24

jcdees24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 18 August 2007 - 04:10 AM

Believe it or not it was my Symantec Anti-Virus. I un-installed it and re-installed it and now everything is back to normal.

Thanks Alot for your time and Help!!!!!!!!

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 18 August 2007 - 10:54 AM

If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users