Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Fix My Messed Up Pc


  • Please log in to reply
7 replies to this topic

#1 the trooper2

the trooper2

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 04 October 2007 - 11:28 AM

So my pc has really been acting up lately i've been having the "driver stuck in infinate loop " rubbish and other problems. If you could please help me cure my pc i'd be very grateful.

Here's a hijackthis log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:00, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HiJackThis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O2 - BHO: (no name) - {19D170F6-4007-4E66-90B2-5A4A6D15723B} - (no file)
O2 - BHO: (no name) - {45484B13-30F1-410E-8E9D-469B2C4592CC} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g230871.dll (file missing)
O20 - Winlogon Notify: oppno - C:\WINDOWS\system32\oppno.dll (file missing)
O20 - Winlogon Notify: piidsk - C:\WINDOWS\Registration\piidsk.dll (file missing)
O20 - Winlogon Notify: tuvvvuv - tuvvvuv.dll (file missing)
O20 - Winlogon Notify: urqqqqp - urqqqqp.dll (file missing)
O20 - Winlogon Notify: windnu32 - windnu32.dll (file missing)
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - (no file)
O22 - SharedTaskScheduler: Windows Updater - {259BA022-2005-45E9-A965-10EDB9C00605} - (no file)
O22 - SharedTaskScheduler: Master Browseui - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10808 bytes



thanks

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 October 2007 - 03:03 AM

Hi the trooper2,

Are you still needing help with this machine??

#3 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  

Posted 25 October 2007 - 11:54 AM

Hi, yes i am.

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 12:25 PM

Good to see you back and Welcome!! :thumbsup:

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Edited by Cretemonster, 25 October 2007 - 12:25 PM.


#5 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 26 October 2007 - 07:59 AM

ComboFix 07-10-23.2 - Josh 2007-10-26 13:46:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.172 [GMT 1:00]
Running from: C:\Documents and Settings\Josh\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ellie\My Documents\internet.lnk
C:\Documents and Settings\john\Application Data\searchtoolbarcorp
C:\Documents and Settings\john\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\john\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Josh\Application Data\searchtoolbarcorp
C:\Documents and Settings\Josh\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Josh\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Program Files\windows
C:\Program Files\windows\.fld
C:\WINDOWS\gimmygames101.dat
C:\WINDOWS\gimmygames91.dat
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS


((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-26 13:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 19:54 <DIR> d-------- C:\Program Files\Cheat Engine1
2007-10-04 19:54 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-10-04 19:54 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-10-04 16:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-03 20:27 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
2007-10-03 17:33 <DIR> d-------- C:\Program Files\YourWare Solutions
2007-10-03 17:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 12:54 --------- d-----w C:\Program Files\Steam
2007-10-25 12:43 --------- d-----w C:\Program Files\ewido anti-malware
2007-10-10 16:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-08 16:02 --------- d-----w C:\Program Files\Java
2007-10-03 19:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-22 11:27 --------- d-----w C:\Program Files\PartyGaming
2007-09-02 13:27 --------- d-----w C:\Documents and Settings\Josh\Application Data\teamspeak2
2007-08-31 10:53 --------- d-----w C:\Program Files\PKR
2007-08-31 10:49 --------- d-----w C:\Documents and Settings\Ellie\Application Data\Winamp
2007-08-26 10:32 --------- d-----w C:\Documents and Settings\Josh\Application Data\Apple Computer
2007-02-25 17:07 36,008 ----a-w C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT
2006-08-15 10:18 0 ----a-w C:\Documents and Settings\Josh\loaded.exe
2006-08-13 20:39 0 ----a-w C:\Documents and Settings\john\loaded.exe
2006-04-21 11:55 262 ----a-w C:\Documents and Settings\Josh\n.bat
2006-04-18 13:15 220 ----a-w C:\Documents and Settings\john\n.bat
2006-04-18 13:15 128 ----a-w C:\Documents and Settings\john\mc-110-12-0000140.exe
2006-04-18 05:36 128 ----a-w C:\Documents and Settings\john\mc-110-12-0000137.exe
2006-04-06 14:41 128 ----a-w C:\Documents and Settings\john\rar.exe
2006-04-06 14:40 128 ----a-w C:\Documents and Settings\john\dr.exe
2006-04-04 13:48 262,144 ---ha-w C:\Documents and Settings\john\NTUSER(2).DAT
2006-03-17 21:19 128 ----a-w C:\Documents and Settings\john\exe.exe
2006-03-06 14:43 282 ----a-w C:\Documents and Settings\john\g.bat
2006-03-06 14:42 128 ----a-w C:\Documents and Settings\john\xxx.exe
2005-10-14 15:15 32,376 ----a-w C:\Documents and Settings\john\Application Data\GDIPFONTCACHEV1.DAT
2007-04-19 16:10:56 803,218 --sha-w C:\WINDOWS\Registration\ksdiip.bak1
2007-05-02 15:34:29 816,992 --sha-w C:\WINDOWS\Registration\ksdiip.bak2
2007-05-02 18:52:26 819,261 --sha-w C:\WINDOWS\Registration\ksdiip.ini2
2007-06-25 17:07:41 1,514,533 --sh--w C:\WINDOWS\system32\onppo.bak1
2007-07-06 16:11:37 1,273,029 --sh--w C:\WINDOWS\system32\onppo.bak2
2007-07-06 19:15:42 1,276,647 --sh--w C:\WINDOWS\system32\onppo.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19D170F6-4007-4E66-90B2-5A4A6D15723B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45484B13-30F1-410E-8E9D-469B2C4592CC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 17:45]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 06:22]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\SOUNDMAN.EXE]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2007-06-23 09:37]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 16:49]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2006-10-05 16:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32]
C:\WINDOWS\g230871.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppno]
C:\WINDOWS\system32\oppno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\piidsk]
C:\WINDOWS\Registration\piidsk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvuv]
tuvvvuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
urqqqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windnu32]
windnu32.dll

R2 BrwstrPF;Browster Proxy;C:\PROGRA~1\Browster\proxy\wrapper.exe -s C:\PROGRA~1\Browster\proxy\conf\wrapper.conf
R3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
S1 Secrray;Secrray;\??\C:\WINDOWS\system32\drivers\pcimsint.sys
S1 SpaODEM;SpaODEM;\??\C:\WINDOWS\system32\drivers\atibs2s2.sys
S1 srCOMP;srCOMP;\??\C:\WINDOWS\system32\drivers\hidl1080.sys
S2 DP1112;DP1112;\??\C:\WINDOWS\system32\Drivers\DP.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 o1394bul;o1394bul;\??\C:\DOCUME~1\Josh\LOCALS~1\Temp\o1394bul.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 10:29:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-04-25 15:11:32 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 13:53:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 13:57:31 - machine was rebooted
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:22, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
C:\program files\steam\steam.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HiJackThis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O2 - BHO: (no name) - {19D170F6-4007-4E66-90B2-5A4A6D15723B} - (no file)
O2 - BHO: (no name) - {45484B13-30F1-410E-8E9D-469B2C4592CC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g230871.dll (file missing)
O20 - Winlogon Notify: oppno - C:\WINDOWS\system32\oppno.dll (file missing)
O20 - Winlogon Notify: piidsk - C:\WINDOWS\Registration\piidsk.dll (file missing)
O20 - Winlogon Notify: tuvvvuv - tuvvvuv.dll (file missing)
O20 - Winlogon Notify: urqqqqp - urqqqqp.dll (file missing)
O20 - Winlogon Notify: windnu32 - windnu32.dll (file missing)
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - (no file)
O22 - SharedTaskScheduler: Windows Updater - {259BA022-2005-45E9-A965-10EDB9C00605} - (no file)
O22 - SharedTaskScheduler: Master Browseui - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10425 bytes

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2007 - 03:09 PM

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

Driver::
DP1112
Secrray
SpaODEM
srCOMP
File::
C:\WINDOWS\system32\drivers\pcimsint.sys
C:\WINDOWS\system32\drivers\atibs2s2.sys
C:\WINDOWS\system32\drivers\hidl1080.sys
C:\WINDOWS\system32\Drivers\DP.sys
C:\Documents and Settings\Josh\loaded.exe
C:\Documents and Settings\john\loaded.exe
C:\Documents and Settings\Josh\n.bat
C:\Documents and Settings\john\n.bat
C:\Documents and Settings\john\mc-110-12-0000140.exe
C:\Documents and Settings\john\mc-110-12-0000137.exe
C:\Documents and Settings\john\rar.exe
C:\Documents and Settings\john\dr.exe
C:\Documents and Settings\john\exe.exe
C:\Documents and Settings\john\g.bat
C:\Documents and Settings\john\xxx.exe
C:\WINDOWS\Registration\ksdiip.bak1
C:\WINDOWS\Registration\ksdiip.bak2
C:\WINDOWS\Registration\ksdiip.ini2
C:\WINDOWS\system32\onppo.bak1
C:\WINDOWS\system32\onppo.bak2
C:\WINDOWS\system32\onppo.ini2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19D170F6-4007-4E66-90B2-5A4A6D15723B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45484B13-30F1-410E-8E9D-469B2C4592CC}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppno]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\piidsk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvuv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windnu32]

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log.

#7 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  

Posted 27 October 2007 - 10:09 AM

ComboFix 07-10-23.2 - Josh 2007-10-27 15:57:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.267 [GMT 1:00]
Running from: C:\Documents and Settings\Josh\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Josh\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\john\dr.exe
C:\Documents and Settings\john\exe.exe
C:\Documents and Settings\john\g.bat
C:\Documents and Settings\john\loaded.exe
C:\Documents and Settings\john\mc-110-12-0000137.exe
C:\Documents and Settings\john\mc-110-12-0000140.exe
C:\Documents and Settings\john\n.bat
C:\Documents and Settings\john\rar.exe
C:\Documents and Settings\john\xxx.exe
C:\Documents and Settings\Josh\loaded.exe
C:\Documents and Settings\Josh\n.bat
C:\WINDOWS\Registration\ksdiip.bak1
C:\WINDOWS\Registration\ksdiip.bak2
C:\WINDOWS\Registration\ksdiip.ini2
C:\WINDOWS\system32\drivers\atibs2s2.sys
C:\WINDOWS\system32\Drivers\DP.sys
C:\WINDOWS\system32\drivers\hidl1080.sys
C:\WINDOWS\system32\drivers\pcimsint.sys
C:\WINDOWS\system32\onppo.bak1
C:\WINDOWS\system32\onppo.bak2
C:\WINDOWS\system32\onppo.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\john\dr.exe
C:\Documents and Settings\john\exe.exe
C:\Documents and Settings\john\g.bat
C:\Documents and Settings\john\loaded.exe
C:\Documents and Settings\john\mc-110-12-0000137.exe
C:\Documents and Settings\john\mc-110-12-0000140.exe
C:\Documents and Settings\john\n.bat
C:\Documents and Settings\john\rar.exe
C:\Documents and Settings\john\xxx.exe
C:\Documents and Settings\Josh\loaded.exe
C:\Documents and Settings\Josh\n.bat
C:\WINDOWS\Registration\ksdiip.bak1
C:\WINDOWS\Registration\ksdiip.bak2
C:\WINDOWS\Registration\ksdiip.ini2
C:\WINDOWS\system32\drivers\atibs2s2.sys
C:\WINDOWS\system32\drivers\hidl1080.sys
C:\WINDOWS\system32\onppo.bak1
C:\WINDOWS\system32\onppo.bak2
C:\WINDOWS\system32\onppo.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DP1112
-------\LEGACY_SECRRAY
-------\DP1112
-------\Secrray
-------\SpaODEM
-------\srCOMP


((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-26 15:47 <DIR> d-------- C:\Program Files\Multiquence
2007-10-26 13:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 19:54 <DIR> d-------- C:\Program Files\Cheat Engine1
2007-10-04 19:54 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-10-04 19:54 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-10-04 16:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-03 20:27 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
2007-10-03 17:33 <DIR> d-------- C:\Program Files\YourWare Solutions
2007-10-03 17:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 15:03 --------- d-----w C:\Program Files\Steam
2007-10-25 12:43 --------- d-----w C:\Program Files\ewido anti-malware
2007-10-10 16:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-08 16:02 --------- d-----w C:\Program Files\Java
2007-10-03 19:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-22 11:27 --------- d-----w C:\Program Files\PartyGaming
2007-09-02 13:27 --------- d-----w C:\Documents and Settings\Josh\Application Data\teamspeak2
2007-08-31 10:53 --------- d-----w C:\Program Files\PKR
2007-08-31 10:49 --------- d-----w C:\Documents and Settings\Ellie\Application Data\Winamp
2007-02-25 17:07 36,008 ----a-w C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT
2006-04-04 13:48 262,144 ---ha-w C:\Documents and Settings\john\NTUSER(2).DAT
2005-10-14 15:15 32,376 ----a-w C:\Documents and Settings\john\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-10-26_13.56.10.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-27 15:02:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_188.dat
+ 2007-10-27 15:03:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_37c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 17:45]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 06:22]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\SOUNDMAN.EXE]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2007-06-23 09:37]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 16:49]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

R3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 o1394bul;o1394bul;\??\C:\DOCUME~1\Josh\LOCALS~1\Temp\o1394bul.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 10:29:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-04-25 15:11:32 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 16:03:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-27 16:07:10 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-26 13:57
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:05, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Browster\proxy\wrapper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\Browster\proxy\jre\bin\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HiJackThis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - (no file)
O22 - SharedTaskScheduler: Windows Updater - {259BA022-2005-45E9-A965-10EDB9C00605} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browster Proxy (BrwstrPF) - Unknown owner - C:\PROGRA~1\Browster\proxy\wrapper.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9713 bytes

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 October 2007 - 05:32 PM

Thats gotta make the machine feel a bit better! :thumbsup:

Right-Click Here and Click "Save As" to download DelDomains.inf to your desktop.

Right Click DelDomains.inf on your desktop and select "Install"

It will perform a silent process>Give it a minute to run


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users