Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Cutting Out Every 5-10 Minutes


  • Please log in to reply
11 replies to this topic

#1 flickerstick

flickerstick

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 August 2007 - 11:53 AM

Hi there, recently been having alot of trouble ith my PC in general, but have finally got it down to one problem, albeit a rather biggy. Every 5-10 minutes my internet just cuts off and I have to restart my computer for it to come back on, til another 10 minutes in when it will cut off again etc. Here is my log file, pretty new to this so I hope everyting is there. Thanks very much n advance for an reply

------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:47:44, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Razer\razertra.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Craig Martindale\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C674706-7842-40A0-8873-334396976F3E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\cwghtscf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\efcbbcc.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O20 - Winlogon Notify: efcbbcc - efcbbcc.dll (file missing)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\sllrtpil.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 17 August 2007 - 06:32 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum flickerstick :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 flickerstick

flickerstick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 August 2007 - 03:57 AM

Hi there Richie, thanks for your help realy appreciate it. Here are ht econtents of ComboFix.txt:


ComboFix 07-08-17.2 - "Craig Martindale" 2007-08-18 9:44:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1542 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Ultimate Fixer
C:\WINDOWS\system32\scchk32.exe.bak


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 09:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 22:14 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-16 22:14 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-16 22:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-16 21:55 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-16 18:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-16 17:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-11 15:51 <DIR> d-------- C:\WINDOWS\pss
2007-08-11 15:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(3)
2007-08-10 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2007-08-08 19:43 4,685,824 --a------ C:\DOCUME~1\CRAIGM~1\ntuser.dat
2007-07-23 12:17 364,160 --a------ C:\WINDOWS\system32\drivers\update.sys
2007-07-23 12:11 144,896 --a------ C:\WINDOWS\system32\schannel.dll
2007-07-22 20:13 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-22 20:13 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 19:25 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 19:25 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-16 21:57 --------- d---s---- C:\Program Files\Xfire
2007-08-16 21:57 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\Xfire
2007-08-16 21:57 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\Azureus
2007-08-16 19:11 --------- d-------- C:\Program Files\Messenger
2007-08-16 19:11 --------- d-------- C:\Program Files\GameSpy Arcade
2007-07-31 18:59 --------- d-------- C:\Program Files\Steam
2007-07-17 20:34 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\Opera
2007-07-14 11:23 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\Apple Computer
2007-07-14 10:52 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 10:50 --------- d-------- C:\Program Files\iTunes
2007-07-14 10:50 --------- d-------- C:\Program Files\iPod
2007-07-14 10:49 --------- d-------- C:\Program Files\QuickTime
2007-07-14 10:47 --------- d-------- C:\Program Files\Apple Software Update
2007-07-14 10:46 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-10 18:06 --------- d-------- C:\Program Files\Eidos
2007-07-09 14:30 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\DivX
2007-07-09 14:26 --------- d-------- C:\Program Files\DivX
2007-07-03 08:01 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-07-03 08:01 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-07-03 08:01 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 08:01 --------- d-------- C:\Program Files\AGEIA Technologies
2007-07-03 07:57 --------- d-------- C:\Program Files\Focus
2007-07-02 20:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-01 21:55 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-01 21:55 --------- d-------- C:\Program Files\Ahead
2007-07-01 20:57 --------- d-------- C:\Program Files\Razer
2007-07-01 19:39 --------- d-------- C:\Program Files\Common Files\ACD Systems
2007-07-01 19:39 --------- d-------- C:\Program Files\ACD Systems
2007-07-01 19:39 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\ACD Systems
2007-06-27 15:40 824320 --a------ C:\WINDOWS\system32\wininet(3)(2).dll
2007-06-27 15:40 1154048 --a------ C:\WINDOWS\system32\urlmon(3)(2).dll
2007-06-27 15:40 105984 --a------ C:\WINDOWS\system32\url(3)(2).dll
2007-06-27 15:39 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-26 07:06 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-22 19:27 --------- d-------- C:\Program Files\Azureus
2007-06-22 17:04 --------- d-------- C:\Program Files\EA GAMES
2007-06-21 15:03 --------- d-------- C:\Program Files\MSBuild
2007-06-21 15:03 --------- d-------- C:\Program Files\Microsoft Works
2007-06-21 15:02 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-21 15:00 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2007-06-21 14:45 --------- d-------- C:\Program Files\Bonjour
2007-06-21 14:09 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-21 13:58 --------- d-------- C:\Program Files\PowerISO
2007-06-20 19:40 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-19 22:34 --------- d-------- C:\Program Files\Windows NT
2007-06-19 22:34 --------- d-------- C:\Program Files\Movie Maker
2007-06-19 22:06 --------- d-------- C:\Program Files\Safari
2007-06-19 21:03 --------- d-------- C:\Program Files\Lavasoft
2007-06-19 20:11 1248596 ---hs---- C:\WINDOWS\system32\oqtwa.bak1
2007-06-19 14:37 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-18 22:13 --------- d-------- C:\Program Files\MSN Messenger
2007-06-18 22:08 --------- d-------- C:\DOCUME~1\CRAIGM~1\APPLIC~1\MSNInstaller
2007-06-13 12:26 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-19 14:34 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-05-19 14:33 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-05-18 17:12 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-18 16:21 315392 --a------ C:\WINDOWS\HideWin.exe
2007-05-18 12:51 0 -rahs---- C:\MSDOS.SYS
2007-05-18 12:51 0 -rahs---- C:\IO.SYS
2007-05-18 12:51 0 --a------ C:\CONFIG.SYS
2007-05-18 12:51 0 --a------ C:\AUTOEXEC.BAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C674706-7842-40A0-8873-334396976F3E}]
C:\WINDOWS\system32\awtqo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"Adobe Version Cue CS2"="c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-18 09:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-04-15 23:25]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-19 20:54:08]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqo]
C:\WINDOWS\system32\awtqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbbcc]
efcbbcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winaqr32]
winaqr32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys


Contents of the 'Scheduled Tasks' folder
2007-08-16 17:09:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 09:49:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-18 9:50:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 09:50

--- E O F ---

--------------------------------------------------------------------------------------------------

And the new HiJack this log:

Logfile of HijackThis v1.99.1
Scan saved at 09:56:31, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Craig Martindale\Desktop\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C674706-7842-40A0-8873-334396976F3E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O20 - Winlogon Notify: efcbbcc - efcbbcc.dll (file missing)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 18 August 2007 - 10:51 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {1C674706-7842-40A0-8873-334396976F3E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O20 - Winlogon Notify: efcbbcc - efcbbcc.dll (file missing)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)

Exit Hijackthis.

Find and delete:
C:\WINDOWS\system32\oqtwa.bak1

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#5 flickerstick

flickerstick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 August 2007 - 02:20 PM

Thanks again for you help, still having some trouble with the internet ie still cutting off yet still shows as having a connection. Also the file in the systems32 folder you said needd to be deleted wasn't there.

Here are the three logs you requested:

------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/18/2007 at 06:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3289
Trace Rules Database Version: 1300

Scan type : Complete Scan
Total Scan Time : 00:44:37
Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 5726
Registry threats detected : 0
File items scanned : 39892
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Craig Martindale\Cookies\craig_martindale@stats.drivecleaner[1].txt
C:\Documents and Settings\Craig Martindale\Cookies\craig_martindale@drivecleaner[2].txt
C:\Documents and Settings\Craig Martindale\Cookies\craig_martindale@cpvfeed[2].txt
C:\Documents and Settings\Craig Martindale\Cookies\craig_martindale@winantivirus[1].txt
C:\Documents and Settings\Craig Martindale\Cookies\craig_martindale@ad.zanox[1].txt

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR

Trojan.Downloader-UltimateFixer
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SCCHK32.EXE.BAK.VIR

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP59\A0010936.DLL

Malware.Ultimate Defender
C:\WINDOWS\SYSTEM32\QKCHUKOE\QKCHUKOE1.EXE


------------------------------------------------------------------------------------------



BitDefender Online Scanner

Scan report generated at: Sat, Aug 18, 2007 - 20:07:01

Scan path: C:\;D:\;


Statistics

Time


01:11:41

Files


531797

Folders


13414

Boot Sectors


2

Archives


1741

Packed Files


40639







Results

Identified Viruses


5

Infected Files


5

Suspect Files


2

Warnings


0

Disinfected


0

Deleted Files


7







Engines Info

Virus Definitions


731223

Engine build


AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins


14

Archive plugins


37

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP108\A0023933.exe


Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP108\A0023933.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP108\A0023933.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP119\A0027249.exe


Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP119\A0027249.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP119\A0027249.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>keygen.exe


Infected with: Trojan.Downloader.LoadAdv.B

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>keygen.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>keygen.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)


Update failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>crack.exe


Infected with: Trojan.Vundo.DMA

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>crack.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>crack.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)


Update failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>serial.exe


Infected with: Dropped:Trojan.Downloader.Agent.BGY

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>serial.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>serial.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)


Update failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>install.exe


Infected with: Trojan.Downloader.Agent.YEG

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>install.exe


Disinfection failed

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)=>install.exe


Deleted

C:\System Volume Information\_restore{A5853C7B-38BF-4BCC-8A40-FD1392920B89}\RP54\A0010521.exe=>(RAR Sfx o)


Update failed

C:\WINDOWS\system32\mrcmgr.exe


Infected with: Generic.Malware.Yd!.320ABD27

C:\WINDOWS\system32\mrcmgr.exe


Disinfection failed

C:\WINDOWS\system32\mrcmgr.exe


Deleted



------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:19:23, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Craig Martindale\Desktop\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 18 August 2007 - 04:58 PM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\oqtwa.bak1

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.
--------------------------------------------------------------------
Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.

Restart your pc,then copy and paste the SpySweeper log into your next reply.
Posted Image
Posted Image

#7 flickerstick

flickerstick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 19 August 2007 - 08:57 AM

Here are the two logs, cheers:

C:\WINDOWS\system32\oqtwa.bak1 moved successfully.

Created on 08/19/2007 14:22:18


---------------------------------------------------------------------------------


14:49: Removal process completed. Elapsed time 00:00:05
14:49: Quarantining All Traces: burstbeacon cookie
14:49: Quarantining All Traces: 888 cookie
14:49: Quarantining All Traces: xiti cookie
14:49: Quarantining All Traces: atwola cookie
14:49: Quarantining All Traces: burstnet cookie
14:49: Quarantining All Traces: imrworldwide.com cookie
14:49: Quarantining All Traces: adecn cookie
14:49: Quarantining All Traces: about cookie
14:49: Quarantining All Traces: pricegrabber cookie
14:49: Quarantining All Traces: tribalfusion cookie
14:49: Quarantining All Traces: specificclick.com cookie
14:49: Quarantining All Traces: mediaplex cookie
14:49: Quarantining All Traces: statcounter cookie
14:49: Quarantining All Traces: questionmarket cookie
14:49: Quarantining All Traces: bs.serving-sys cookie
14:49: Quarantining All Traces: serving-sys cookie
14:49: Quarantining All Traces: adtech cookie
14:49: Quarantining All Traces: tradedoubler cookie
14:49: Quarantining All Traces: partypoker cookie
14:49: Quarantining All Traces: 2o7.net cookie
14:49: Quarantining All Traces: yieldmanager cookie
14:49: Quarantining All Traces: touchclarity cookie
14:49: Quarantining All Traces: atlas dmt cookie
14:49: Quarantining All Traces: virtumonde
14:49: Removal process initiated
14:48: Traces Found: 48
14:48: Full Sweep has completed. Elapsed time 00:19:19
14:48: File Sweep Complete, Elapsed Time: 00:16:12
Not enough storage is available to process this command
14:47: Warning: Unable to sweep compressed file: System Error. Code: 8.
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa9d81b36-f55e-4b27-9309-1d9c3ba8733f.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5d721c4b-103d-47c4-80c2-38123792685e.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa14bd075-c2be-49b4-99ef-776db1748b3c.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsdf9a2fbf-6b1c-4053-b224-1750c22fb001.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms51ff7260-ffaa-4c25-98db-aa32cfc3de47.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsef0d0682-c929-4f0c-845b-6aaa26de2f9c.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3f62e4e0-81b9-415d-aac6-d75c81618ebc.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4c3fcce5-2d23-4c2b-a732-63b7a401c12c.tmp". The operation completed successfully
14:41: Warning: Failed to open file "c:\documents and settings\craig martindale\application data\mozilla\firefox\profiles\ln3doz6b.default\parent.lock". The operation completed successfully
14:32: Starting File Sweep
14:32: Cookie Sweep Complete, Elapsed Time: 00:00:00
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2335)
14:32: Found Spy Cookie: burstbeacon cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2019)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2019)
14:32: Found Spy Cookie: 888 cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3717)
14:32: Found Spy Cookie: xiti cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2255)
14:32: Found Spy Cookie: atwola cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2336)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2336)
14:32: Found Spy Cookie: burstnet cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2845)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2845)
14:32: Found Spy Cookie: imrworldwide.com cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2064)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2064)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2063)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2063)
14:32: Found Spy Cookie: adecn cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2037)
14:32: Found Spy Cookie: about cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3185)
14:32: Found Spy Cookie: pricegrabber cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3589)
14:32: Found Spy Cookie: tribalfusion cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3399)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3399)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3399)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3399)
14:32: Found Spy Cookie: specificclick.com cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 6442)
14:32: Found Spy Cookie: mediaplex cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3447)
14:32: Found Spy Cookie: statcounter cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3217)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3217)
14:32: Found Spy Cookie: questionmarket cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3343)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3343)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3343)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3343)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2330)
14:32: Found Spy Cookie: bs.serving-sys cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3343)
14:32: Found Spy Cookie: serving-sys cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2155)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2155)
14:32: Found Spy Cookie: adtech cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3575)
14:32: Found Spy Cookie: tradedoubler cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3111)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 1957)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 1957)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 1957)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3111)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3111)
14:32: Found Spy Cookie: partypoker cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 1957)
14:32: Found Spy Cookie: 2o7.net cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3751)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3751)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3751)
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3751)
14:32: Found Spy Cookie: yieldmanager cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 3566)
14:32: Found Spy Cookie: touchclarity cookie
14:32: C:\Documents and Settings\Craig Martindale\Application Data\Mozilla\Firefox\Profiles\ln3doz6b.default\cookies.txt (ID = 2253)
14:32: Found Spy Cookie: atlas dmt cookie
14:32: Starting Cookie Sweep
14:32: Registry Sweep Complete, Elapsed Time:00:00:17
14:32: HKU\S-1-5-21-1614895754-583907252-725345543-1003\atlmon.reusablecomp.5\ (ID = 1589917)
14:32: HKLM\software\microsoft\uniqdata\ (ID = 1997747)
14:32: Found Adware: virtumonde
14:31: Starting Registry Sweep
14:31: Memory Sweep Complete, Elapsed Time: 00:02:48
14:29: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:
14:29: Starting Memory Sweep
14:29: Start Full Sweep
14:29: Sweep initiated using definitions version 971
14:28: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
E-mail Attachment: On
14:28: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
14:28: Shield States
14:28: License Check Status (0): Success
14:28: Spyware Definitions: 971
14:27: Spy Sweeper 5.5.7.48 started
14:27: Spy Sweeper 5.5.7.48 started
14:27: | Start of Session, 19 August 2007 |
***************

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 19 August 2007 - 09:44 AM

Post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#9 flickerstick

flickerstick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 19 August 2007 - 12:26 PM

Still no doing yet I'm sorry to say. My iBook works when that is plugged in so I assume it is definitely a problem with the PC as opposed to my connection etc. If there is any other information at all you need I'll be happy to help.

Here is a new hijackthis log, thanks very much:

---------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:11:11, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Craig Martindale\Desktop\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 19 August 2007 - 05:26 PM

Your log is clean,i suggest you start a new topic here regarding the disconnection issue.
Networking:
http://www.bleepingcomputer.com/forums/f/21/networking/

Let me know how you get on,post back into this topic.
Posted Image
Posted Image

#11 flickerstick

flickerstick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 25 August 2007 - 08:06 AM

Hi again Richie, an update. My interent is now working, no idea why mind. Yesterday I gave a few of the things suggested by tos226 over on the network boards ie changing the power saving options on my PC. However, it didn't appear to make a difference even after a couple of reboots. Today however all is well again so I don't know if it was even purely a case of just being patient or what, and giving it a week or so.

So anyway, thanks very much for all your help, it really has been appreciated and I thought I'd just let you know for any future reference. I'll be sure to hang arond these boards, it's a breath of fresh air asking for help without being shot down as a noob etc. And it's always nice knowing that my PC has been given a good clean.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 25 August 2007 - 08:55 AM

Your log is clean and thanks for the update,glad you got the issue at hand resolved :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
OTMoveIt.exe

C:\Qoobox
C:\_OTMoveIt

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users