Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Changing Settings, Slow, Hijack Log Enclosed


  • This topic is locked This topic is locked
10 replies to this topic

#1 Paniolo808

Paniolo808

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 20 August 2007 - 07:04 PM

Aloha, my secretary decided it was a good idea to install Winantispypro on this computer and it is eating it alive. I get popups, my settings change, and crashes constantly. Please help me, i have ran Ad-Aware, Search and Destry and CCleaner....nothing is helping, here is a fresh log. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:04 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\plite731.exe
C:\Program Files\Movie Maker\niworicus22011.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YSTEM~1\csrss.exe
C:\Program Files\??mbols\m?hta.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\Noah.exe
C:\PROGRA~1\HIMSA\NOAHSY~1\EXECUT~1\NSAFiles\DBEVEN~1.EXE
C:\PROGRA~1\HIMSA\NOAHSY~1\EXECUT~1\NOAHCO~1\CORECO~1\NOAHCL~1.EXE
C:\PROGRA~1\HIMSA\NOAHSY~1\EXECUT~1\NOAHCO~1\CORECO~1\NOAHSE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [niworicus] C:\Program Files\Movie Maker\niworicus22011.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\nocprtpj.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\YSTEM~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Paregc] "C:\Program Files\??mbols\m?hta.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\lmdsrngm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://tjngn.viewnetcam.com:88/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.25.93.163:90/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RHVzdGlu\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\vikokiz.html
O24 - Desktop Component 1: (no name) - http://foxtrotters.tripod.com/cgirl4.gif

--
End of file - 11431 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 21 August 2007 - 06:23 AM

Hello,

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Reboot your computer afterwards.
After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

Post a new HijackThislog in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Paniolo808

Paniolo808
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 22 August 2007 - 06:23 PM

OK, lets try this again. Installed and running Comodo Firewall, and AVG. Had AVG do complete scan over lunch and came up with about 53 items to remove. Finished that and rebooted. Ran Spybot and Ad-Aware and rebooted then took a new log, here it is. Thanks again for your help.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:03 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\plite731.exe
C:\Program Files\Movie Maker\niworicus22011.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\??mbols\m?hta.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {34D9E322-41FB-496D-C793-12E84A5ED8CB} - C:\Program Files\MSN\rybivog215.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {65831879-A8B7-4424-89AD-9B2563C898C4} - C:\WINDOWS\system32\awvvv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {CE515740-E7FB-E423-8BAD-E7ABA20005E5} - C:\WINDOWS\system32\nxpuotun.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\niwmkann.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\ljjkjhh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [niworicus] C:\Program Files\Movie Maker\niworicus22011.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\burbsjqr.dll",forkonce
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Paregc] "C:\Program Files\??mbols\m?hta.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\lmdsrngm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://tjngn.viewnetcam.com:88/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.25.93.163:90/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll
O20 - Winlogon Notify: geebc - geebc.dll (file missing)
O20 - Winlogon Notify: ljjkjhh - ljjkjhh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RHVzdGlu\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\vikokiz.html
O24 - Desktop Component 1: (no name) - http://foxtrotters.tripod.com/cgirl4.gif

--
End of file - 13403 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 22 August 2007 - 11:52 PM

Hi,

Perform next steps in the right order please...

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select "C:\Program Files\MSN\vikokiz.html" you find in there and press the delete button on the right.
Hit ok below > apply in previous window.
In case you didn't set http://foxtrotters.tripod.com/cgirl4.gif as your active desktop either, remove it as well there.

Then,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: 0 - {34D9E322-41FB-496D-C793-12E84A5ED8CB} - C:\Program Files\MSN\rybivog215.dll (file missing)
O2 - BHO: (no name) - {65831879-A8B7-4424-89AD-9B2563C898C4} - C:\WINDOWS\system32\awvvv.dll
O2 - BHO: (no name) - {CE515740-E7FB-E423-8BAD-E7ABA20005E5} - C:\WINDOWS\system32\nxpuotun.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\niwmkann.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\ljjkjhh.dll (file missing)
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [niworicus] C:\Program Files\Movie Maker\niworicus22011.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\burbsjqr.dll",forkonce
O4 - HKCU\..\Run: [Paregc] "C:\Program Files\??mbols\m?hta.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\lmdsrngm.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll
O20 - Winlogon Notify: geebc - geebc.dll (file missing)
O20 - Winlogon Notify: ljjkjhh - ljjkjhh.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RHVzdGlu\command.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Paniolo808

Paniolo808
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 23 August 2007 - 03:39 PM

Thanks again. Ok, here is the new log, Combofix did an auto reboot also. Not sure if it has anything to do with this but i have been getting an error message now in startup with somthing about aawservice.exe being missing or something. Here is the new logs. My firewall keeps prompting me about letting certain files access the internet, im not sure which ones to let go through or not. Sorry for being such a moron. Thanks again in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:18 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDll32.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://tjngn.viewnetcam.com:88/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.25.93.163:90/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11171 bytes


ComboFix 07-08-23.5 - "Dustin" 2007-08-23 10:19:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1564 [GMT -10:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Dustin\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\Dustin\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\Dustin\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\inetget2
C:\Program Files\mbols~1
C:\Program Files\mbols~1\m?hta.exe
C:\Program Files\Movie Maker\niworicus22011.exe
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\ystem~1
C:\Program Files\ystem~1\?ystem\
C:\Program Files\ystem~1\csrss.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b104.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\SYSTEM32\sstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.ini
C:\WINDOWS\SYSTEM32\vvvwa.bak1
C:\WINDOWS\SYSTEM32\vvvwa.bak2
C:\WINDOWS\SYSTEM32\vvvwa.ini
C:\WINDOWS\SYSTEM32\vvvwa.ini2
C:\WINDOWS\SYSTEM32\vvvwa.tmp
C:\WINDOWS\system32\wtsisvtr.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 10:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 10:17 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-22 09:42 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Comodo
2007-08-22 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-22 09:39 <DIR> d-------- C:\Program Files\Comodo
2007-08-20 12:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-20 12:02 <DIR> d-------- C:\DOCUME~1\Dustin\.housecall6.6
2007-08-20 09:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-20 09:06 <DIR> d--hs---- C:\WINDOWS\RHVzdGlu
2007-08-20 09:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-17 11:55 <DIR> d-------- C:\spyware tools
2007-08-16 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-16 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-16 12:55 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-08-16 11:37 49,152 --a------ C:\WINDOWS\TISKY002.exe
2007-08-16 11:37 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-08-16 11:37 13,824 --a------ C:\WINDOWS\plite731.exe
2007-08-16 11:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\syschks22
2007-08-16 11:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\SS1
2007-08-16 11:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\ICM2
2007-08-16 11:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\chkfig5
2007-08-16 11:37 <DIR> d-------- C:\Temp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 10:27 --------- d-------- C:\Program Files\Steam
2007-08-23 10:23 --------- d-------- C:\Program Files\Movie Maker
2007-08-20 12:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-17 12:00 --------- d-------- C:\Program Files\Trend Micro
2007-08-16 14:20 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-16 14:20 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-16 12:55 --------- d-------- C:\Program Files\Yahoo!
2007-08-16 10:20 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\AdobeUM
2007-08-16 10:20 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\AdobeUM
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-27 23:06 135 --a------ C:\Program Files\page.html
2007-07-13 09:23 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-13 09:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 09:16 --------- d-------- C:\Program Files\Sierra Entertainment
2007-07-13 09:13 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\InstallShield
2007-07-13 09:13 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\InstallShield
2007-07-12 18:43 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\IGN_DLM
2007-07-12 18:43 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\IGN_DLM
2007-07-11 13:16 --------- d-------- C:\Program Files\JFK Reloaded
2007-07-11 13:15 --------- d-------- C:\Program Files\EA GAMES
2007-07-11 13:06 --------- d-------- C:\Program Files\Common Files\AOL
2007-06-29 09:08 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\Yahoo!
2007-06-29 09:08 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\Yahoo!
2007-06-28 14:21 --------- d-------- C:\Program Files\Samsung
2007-06-27 09:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 09:32 --------- d-------- C:\Program Files\id Software
2007-06-26 05:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 04:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 14:15 --------- dr-h----- C:\DOCUME~1\Dustin\APPLIC~1\SecuROM
2007-06-25 14:15 --------- dr-h----- C:\DOCUME~1\Dustin\APPLIC~1\SecuROM
2007-06-19 03:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 03:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 08:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 08:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 08:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 08:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 08:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 08:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 08:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 08:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 08:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 08:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 08:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 08:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 08:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 08:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 08:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 08:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 08:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 04:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 00:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 00:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-30 13:20 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-05-24 10:01 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\RHVzdGlu\lJpWx35R.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 15:12]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 05:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 14:47]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-02 20:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 20:00]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 20:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 20:01]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"SbUsb AudCtrl"="sbusbdll.dll" [2003-11-24 11:26 C:\WINDOWS\SYSTEM32\sbusbdll.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-13 15:17]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-06-30 22:12]
"nwiz"="nwiz.exe" [2004-06-30 22:12 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-06-30 22:12]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-22 09:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-22 10:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56]
"Sonic RecordNow!"="" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 11:57]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-29 09:01]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 07:58:38]

C:\DOCUME~1\Dustin\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 07:58:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

R2 Kithara-kbas6;Kithara Base Driver 6;\??\C:\WINDOWS\System32\kbas6.sys
R2 Kithara-kioa6;Kithara »I/O Accelerator« 6;\??\C:\WINDOWS\System32\kioa6.sys
R3 minicom;SpeedLink Hearing Instrument Interface (miniCom.sys);C:\WINDOWS\system32\DRIVERS\miniCom.sys
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys


Contents of the 'Scheduled Tasks' folder
2007-08-21 19:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 10:26:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 10:29:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 10:29

--- E O F ---

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 23 August 2007 - 03:50 PM

Hi,

This is already a lot better :thumbsup:

Not sure if it has anything to do with this but i have been getting an error message now in startup with somthing about aawservice.exe being missing or something

This is related with your Adaware.
This happens quite frequently with the latest version of Adaware. If you are still getting that error after reboot, I suggest you uninstall Adaware and reinstall it again.

Anyway, let's deal with the malware leftovers first..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\TISKY002.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\plite731.exe

Folder::
C:\WINDOWS\SYSTEM32\syschks22
C:\WINDOWS\SYSTEM32\SS1
C:\WINDOWS\SYSTEM32\ICM2
C:\WINDOWS\SYSTEM32\chkfig5
C:\Temp
C:\WINDOWS\RHVzdGlu
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Edited by miekiemoes, 23 August 2007 - 03:50 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Paniolo808

Paniolo808
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 23 August 2007 - 04:37 PM

here is the new log...

ComboFix 07-08-23.5 - "Dustin" 2007-08-23 11:32:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1572 [GMT -10:00]
Command switches used :: C:\Documents and Settings\Dustin\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\TISKY002.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\plite731.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Temp
C:\WINDOWS\plite731.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\RHVzdGlu
C:\WINDOWS\RHVzdGlu\lJpWx35R.vbs
C:\WINDOWS\SYSTEM32\chkfig5
C:\WINDOWS\SYSTEM32\ICM2
C:\WINDOWS\SYSTEM32\SS1
C:\WINDOWS\SYSTEM32\syschks22
C:\WINDOWS\SYSTEM32\syschks22\fcadz002.exe
C:\WINDOWS\TISKY002.exe


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 10:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 09:42 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Comodo
2007-08-22 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-22 09:39 <DIR> d-------- C:\Program Files\Comodo
2007-08-20 12:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-20 12:02 <DIR> d-------- C:\DOCUME~1\Dustin\.housecall6.6
2007-08-20 09:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-17 11:55 <DIR> d-------- C:\spyware tools
2007-08-16 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-16 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-16 12:55 <DIR> d-------- C:\Program Files\Common Files\Scanner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 10:28 --------- d-------- C:\Program Files\Steam
2007-08-23 10:23 --------- d-------- C:\Program Files\Movie Maker
2007-08-20 12:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-17 12:00 --------- d-------- C:\Program Files\Trend Micro
2007-08-16 14:20 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-16 14:20 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-16 12:55 --------- d-------- C:\Program Files\Yahoo!
2007-08-16 10:20 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\AdobeUM
2007-08-16 10:20 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\AdobeUM
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 23:06 135 --a------ C:\Program Files\page.html
2007-07-13 09:23 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-13 09:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 09:16 --------- d-------- C:\Program Files\Sierra Entertainment
2007-07-13 09:13 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\InstallShield
2007-07-13 09:13 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\InstallShield
2007-07-12 18:43 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\IGN_DLM
2007-07-12 18:43 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\IGN_DLM
2007-07-11 13:16 --------- d-------- C:\Program Files\JFK Reloaded
2007-07-11 13:15 --------- d-------- C:\Program Files\EA GAMES
2007-07-11 13:06 --------- d-------- C:\Program Files\Common Files\AOL
2007-06-29 09:08 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\Yahoo!
2007-06-29 09:08 --------- d-------- C:\DOCUME~1\Dustin\APPLIC~1\Yahoo!
2007-06-28 14:21 --------- d-------- C:\Program Files\Samsung
2007-06-27 09:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 09:32 --------- d-------- C:\Program Files\id Software
2007-06-26 05:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 04:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 14:15 --------- dr-h----- C:\DOCUME~1\Dustin\APPLIC~1\SecuROM
2007-06-25 14:15 --------- dr-h----- C:\DOCUME~1\Dustin\APPLIC~1\SecuROM
2007-06-19 03:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 03:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 08:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 08:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 08:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 08:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 08:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 08:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 08:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 08:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 08:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 08:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 08:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 08:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 08:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 08:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 08:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 08:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 08:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 04:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 00:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 00:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-30 13:20 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-05-24 10:01 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 15:12]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 05:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 14:47]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-02 20:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 20:00]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 20:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 20:01]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"SbUsb AudCtrl"="sbusbdll.dll" [2003-11-24 11:26 C:\WINDOWS\SYSTEM32\sbusbdll.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-13 15:17]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-06-30 22:12]
"nwiz"="nwiz.exe" [2004-06-30 22:12 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-06-30 22:12]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-22 09:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-22 10:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56]
"Sonic RecordNow!"="" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 11:57]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-29 09:01]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 07:58:38]

C:\DOCUME~1\Dustin\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 07:58:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

R2 Kithara-kbas6;Kithara Base Driver 6;\??\C:\WINDOWS\System32\kbas6.sys
R2 Kithara-kioa6;Kithara »I/O Accelerator« 6;\??\C:\WINDOWS\System32\kioa6.sys
R3 minicom;SpeedLink Hearing Instrument Interface (miniCom.sys);C:\WINDOWS\system32\DRIVERS\miniCom.sys
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys


Contents of the 'Scheduled Tasks' folder
2007-08-21 19:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 11:34:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 11:35:32
C:\ComboFix-quarantined-files.txt ... 2007-08-23 11:35
C:\ComboFix2.txt ... 2007-08-23 10:29

--- E O F ---

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 23 August 2007 - 04:52 PM

Hi,

This looks OK again. :thumbsup:

Navigate to and delete the C:\Qoobox folder

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Let me know in your next reply how things are now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Paniolo808

Paniolo808
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 23 August 2007 - 07:26 PM

Things seem to be back to normal. I cant thank you enough for helping...have a wonderful weekend. Aloha!

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 24 August 2007 - 01:57 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:27 PM

Posted 27 August 2007 - 05:18 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users