Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Taskbar\icons Not Showing. Please Help


  • Please log in to reply
5 replies to this topic

#1 TayBoy

TayBoy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 13 September 2007 - 07:04 AM

I think I might be infected with a virus. When I started up my computer, my taskbar\icons could not be seen. So I did a system restore and now everything seems fine except for the fact that my AVG antivirus is going a little crazy. I was wondering whether you guys could take a look at my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:34 PM, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Donna Loo\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 72.18.196.155 www.webcheats.com.br
O1 - Hosts: 72.18.196.155 webcheats.com.br
O1 - Hosts: 72.18.196.155 www.cheatsbrasil.com
O1 - Hosts: 72.18.196.155 cheatsbrasil.com
O1 - Hosts: 72.18.196.155 www.cheatsbrasil.com.br
O1 - Hosts: 72.18.196.155 cheatsbrasil.com.br
O1 - Hosts: 72.18.196.155 www.bothack.net
O1 - Hosts: 72.18.196.155 bothack.net
O1 - Hosts: 72.18.196.155 www.cheatstotal.net
O1 - Hosts: 72.18.196.155 cheatstotal.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\byxursp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Remote Dog Roam Drv] C:\Documents and Settings\All Users\Application Data\Inside Hole Remote Dog\magsace.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [liesthunk] C:\DOCUME~1\DONNAL~1\APPLIC~1\CLOCKA~1\regs bags.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex/HanGamePlugin19.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162610480546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.ilkr.com/update/ansim/ilkactx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: byxursp - C:\WINDOWS\SYSTEM32\byxursp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Servišo de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10090 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 13 September 2007 - 08:08 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum TayBoy :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.


Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 TayBoy

TayBoy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 14 September 2007 - 03:15 AM

Hello Richie. Thank you so much for your help.

DelJob Log

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
FRU Task #Hewlett-Packard#hp psc 2200 series#1163421543.job
MP Scheduled Scan.job
WebReg 20070913211806.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is 4C20-45EF

Directory of C:\Documents and Settings\Donna Loo\Application Data

19/08/2007 09:44 PM <DIR> .
19/08/2007 09:44 PM <DIR> ..
05/03/2007 06:49 PM <DIR> Adobe
05/03/2007 06:59 PM <DIR> AdobeUM
05/01/2007 02:29 PM <DIR> Ahead
01/07/2007 01:10 PM <DIR> APPLEC~1 Apple Computer
14/09/2007 08:00 AM <DIR> AVG7
10/11/2006 08:31 PM <DIR> Azureus
13/07/2007 11:34 PM <DIR> DivX
19/08/2007 09:45 PM <DIR> Google
04/11/2006 10:29 AM <DIR> Help
15/11/2006 06:23 PM <DIR> HEWLET~1 Hewlett-Packard
03/11/2006 05:35 PM <DIR> IDENTI~1 Identities
13/07/2007 03:25 PM <DIR> ijjigame
25/11/2006 12:48 PM <DIR> Lavasoft
04/11/2006 09:50 AM <DIR> LEADER~1 Leadertech
09/11/2006 07:28 PM <DIR> LGELEC~1 LG Electronics
29/08/2007 10:42 PM <DIR> LimeWire
04/11/2006 10:31 PM <DIR> MACROM~1 Macromedia
11/02/2007 09:19 AM <DIR> MEDIAP~1 Media Player Classic
02/06/2007 10:07 PM <DIR> MICROS~1 Microsoft
03/12/2006 11:55 AM <DIR> MOYEAF~1 MoyeaFLV2Video
02/12/2006 10:03 PM <DIR> Mozilla
03/08/2007 08:29 AM <DIR> NHNCOR~1 NHN Corporation
05/03/2007 09:17 PM <DIR> Real
04/11/2006 09:50 AM <DIR> Sonic
10/11/2006 07:07 PM <DIR> Sun
09/08/2007 05:20 PM <DIR> TVUNET~1 TVU Networks
10/09/2007 07:06 PM <DIR> uTorrent
21/01/2007 10:11 PM <DIR> Ventrilo
19/01/2007 09:10 PM <DIR> vlc
0 File(s) 0 bytes
31 Dir(s) 100,432,097,280 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C20-45EF

Directory of C:\Documents and Settings\All Users\Application Data

20/08/2007 07:01 PM <DIR> .
20/08/2007 07:01 PM <DIR> ..
05/03/2007 07:01 PM <DIR> Adobe
01/07/2007 01:04 PM <DIR> Apple
05/11/2006 09:09 PM <DIR> APPLEC~1 Apple Computer
04/11/2006 10:20 AM <DIR> avg7
04/11/2006 10:18 AM <DIR> Grisoft
25/11/2006 12:47 PM <DIR> MICROS~1 Microsoft
03/03/2007 07:48 PM <DIR> OFFICE~1 Office Genuine Advantage
04/11/2006 10:20 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
04/11/2006 11:01 AM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
11 Dir(s) 100,432,097,280 bytes free
--------------------------------------------------------

Combofix Log

ComboFix 07-09-14.1 - "Donna Loo" 2007-09-14 15:29:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 8:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-14 07:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 21:18 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-09-13 21:18 <DIR> d-------- C:\Program Files\NHN USA
2007-09-13 08:41 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2007-09-12 14:28 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2007-09-11 16:01 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2007-08-29 22:18 931,480 --a------ C:\WINDOWS\system32\SCSKAppLink.dll
2007-08-29 22:18 28,672 --a------ C:\WINDOWS\system32\UnSCSK.exe
2007-08-29 22:18 169,109 --a------ C:\WINDOWS\system32\drivers\scskusbs.sys
2007-08-29 22:18 11,385 --a------ C:\WINDOWS\system32\drivers\scskusbf.sys
2007-08-29 22:14 41,648 --a------ C:\WINDOWS\system32\HanGamePlugin19.dll
2007-08-29 22:14 128,488 --a------ C:\WINDOWS\system32\HGReport.dll
2007-08-25 21:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-08-21 21:23 <DIR> d-------- C:\Program Files\iTunes
2007-08-21 21:23 <DIR> d-------- C:\Program Files\iPod
2007-08-19 21:44 <DIR> d-------- C:\DOCUME~1\DONNAL~1\APPLIC~1\Google
2007-08-19 21:41 <DIR> d-------- C:\Program Files\Google
2007-08-16 20:18 <DIR> d-------- C:\etax2007

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 08:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 19:06 --------- d-------- C:\DOCUME~1\DONNAL~1\APPLIC~1\uTorrent
2007-09-09 18:27 --------- d-------- C:\Program Files\DriftCity
2007-09-09 09:21 --------- d-------- C:\Program Files\Roguescanfix
2007-08-29 22:42 --------- d-------- C:\DOCUME~1\DONNAL~1\APPLIC~1\LimeWire
2007-08-21 20:22 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-09 17:20 --------- d-------- C:\DOCUME~1\DONNAL~1\APPLIC~1\TVU Networks
2007-08-03 08:29 --------- d-------- C:\Program Files\Common Files\DirectX
2007-08-03 08:29 --------- d-------- C:\DOCUME~1\DONNAL~1\APPLIC~1\NHN Corporation
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 18:53 --------- d-------- C:\Program Files\Silkroad
2007-07-24 17:25 12289487 --a------ C:\AVG7QT.DAT
2007-07-18 17:15 644552 --a------ C:\WINDOWS\system32\HanSetup.exe
2007-07-17 16:52 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-03 03:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-03 03:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-03 03:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-03 03:41 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-03 03:41 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-07-03 03:41 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-07-03 03:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-03 03:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-03 03:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-03 03:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-03 03:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-03 03:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-03 03:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-03 03:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-03 03:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-03 03:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-03 03:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-03 03:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-03 03:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-03 03:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-03 03:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-20 20:45 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2005-05-13 09:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 03:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 13:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-06-26 07:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 14:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 16:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 02:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 05:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 16:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 08:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 17:01]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"Remote Dog Roam Drv"="C:\Documents and Settings\All Users\Application Data\Inside Hole Remote Dog\magsace.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-09-06 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"liesthunk"="C:\DOCUME~1\DONNAL~1\APPLIC~1\CLOCKA~1\regs bags.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" []
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
S2 svchostx;Servišo de protocolo Microsoft SSVP;C:\WINDOWS\system\svchost.exe
S3 CEDRIVER53;CEDRIVER53;\??\C:\Program Files\Cheat Engine\dbk32.sys
S3 Dual2;Dual2;\??\C:\Documents and Settings\Donna Loo\Desktop\Aim\Bypass\Dual2.sys
S3 GGA1;GGA1;\??\C:\Documents and Settings\Donna Loo\Desktop\GGA Engine 1 of my favourite\GGA.sys
S3 GR;GR;\??\C:\Documents and Settings\Donna Loo\Desktop\Gunbound Hacks\Hack Set\DualEngine2\GR.sys
S3 kaspersky1;kaspersky1;\??\C:\Documents and Settings\Donna Loo\Desktop\New Folder\kaspersky.sys
S3 NTProcDrv;Process creation detector for NT.;\??\C:\Documents and Settings\Donna Loo\Desktop\SROBOT\NtProcDrv.sys
S3 ovt519;D-Link VGA Webcam;C:\WINDOWS\system32\Drivers\ov519vid.sys
S3 projectx1;projectx1;\??\C:\Documents and Settings\Donna Loo\Desktop\Gunbound CE\FelipeZe.sys
S3 puma1;puma1;\??\C:\Documents and Settings\Donna Loo\Desktop\Pointblank2xtHackPack(June29)\puma.sys
S3 Revolution1;Revolution1;\??\C:\Documents and Settings\Donna Loo\Desktop\Pointblank2xtHackPack(June25)\UCE\SHAK3.sys
S3 saruenGang;saruenGang;\??\C:\Documents and Settings\Donna Loo\Desktop\saruenGang.sys
S3 scsk4;SCSK4 Driver Service;C:\WINDOWS\system32\drivers\scsk4.sys
S3 TSHAK3T1;TSHAK3T1;\??\C:\Documents and Settings\Donna Loo\Desktop\Gunbound Hacks\COMIs ULTIMATE HACK PACK v1.4\RE 3.2\spuce.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-11 13:11:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-12 12:17:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1163421543.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-09-13 23:29:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-13 13:18:08 C:\WINDOWS\Tasks\WebReg 20070913211806.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 15:31:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-14 15:35:45
C:\ComboFix-quarantined-files.txt ... 2007-09-14 15:35
C:\ComboFix2.txt ... 2007-09-14 07:30
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 14 September 2007 - 04:47 AM

Could you post the new Hijackthis log please.
Posted Image
Posted Image

#5 TayBoy

TayBoy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 15 September 2007 - 04:57 AM

Will do..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:04 PM, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ijji\ENGLISH\u_skid.exe
C:\Documents and Settings\Donna Loo\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Remote Dog Roam Drv] C:\Documents and Settings\All Users\Application Data\Inside Hole Remote Dog\magsace.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [liesthunk] C:\DOCUME~1\DONNAL~1\APPLIC~1\CLOCKA~1\regs bags.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex/HanGamePlugin19.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162610480546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.ilkr.com/update/ansim/ilkactx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Servišo de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9350 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 15 September 2007 - 07:46 AM

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Copy and paste the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop svchostx
sc delete svchostx

Restart your pc.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Remote Dog Roam Drv] C:\Documents and Settings\All Users\Application Data\Inside Hole Remote Dog\magsace.exe
O4 - HKCU\..\Run: [liesthunk] C:\DOCUME~1\DONNAL~1\APPLIC~1\CLOCKA~1\regs bags.exe
O23 - Service: Servišo de protocolo Microsoft SSVP (svchostx) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users