Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 miztrniceguy

miztrniceguy

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 13 January 2008 - 02:16 PM

i keep getting a "windows explorer has encountered a problem and needs to close" error. it happens when i open widows explorer, or open mycomputer, or another program that finds files.

i run xp sp2, i have run spybot,adaware,spy sweeper, trend housecall, and bit defender, and pandascan, which i dont think is useful anymore. pandascan now tells you that there are 600+ infected files, but wont do anything unless you buy there program.

anyway....to whoever gets to this, i appreciate any help.

thanks in advance,
Miztrniceguy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:10 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Logi_MwX.Exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183093078342
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123677765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 8198 bytes

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 28 January 2008 - 01:50 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 28 January 2008 - 02:28 PM

thank you for answering. yes, i am still having problems. i keep getting errors saying "windows explorer has encountered a problem and needs to close".

i have run all the different programs suggested by the preparation guide, and i will run a new hijack log immediatly and will post the results.

i have also googled the same error message, and done all the suggestions i could find.

thank you,

miztrniceguy

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#4 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 29 January 2008 - 04:55 AM

ok, here is my new log file.thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:02 AM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183093078342
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123677765
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 8141 bytes

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 29 January 2008 - 10:46 AM

So far you look clean, but let's try another tool and see if it finds anything. If it does not, then I am going to refer you to your Windows XP forum where someone may be able to help you with the error.
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#6 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 29 January 2008 - 09:36 PM

ok, here is the combofix log, followed by new hijacklog. no iquarantied files listed.


thanks


ComboFix 08-01-30.1 - Owner 2008-01-29 20:05:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.240 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\LogFiles

----- BITS: Possible infected sites -----

hxxp://origin.onecare.live.com
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-22 07:32 . 2008-01-22 07:39 <DIR> d-------- C:\Program Files\Hazard Shield
2008-01-20 22:55 . 2004-08-04 02:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-20 22:55 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-20 22:55 . 2001-08-23 06:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-20 22:55 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-20 22:55 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-20 22:55 . 2004-08-04 00:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-20 22:55 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-20 22:55 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-20 22:55 . 2004-08-04 00:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-20 22:55 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-20 22:54 . 2004-08-04 02:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-01-20 22:53 . 2004-08-04 00:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-01-20 22:53 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-01-20 22:53 . 2004-08-04 01:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-01-20 22:51 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-20 22:51 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-01-20 22:51 . 2001-08-17 13:28 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2008-01-20 22:51 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-20 22:51 . 2001-08-17 13:28 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-20 22:51 . 2001-08-17 12:14 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2008-01-20 22:51 . 2001-08-17 13:49 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2008-01-20 22:51 . 2004-08-04 00:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-01-20 22:49 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-01-20 22:48 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-20 22:47 . 2001-08-17 22:36 238,592 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll
2008-01-20 22:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-20 22:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-20 22:44 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-20 22:43 . 2004-08-04 02:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-01-20 22:42 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-20 22:41 . 2004-08-04 00:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-20 22:40 . 2004-08-04 01:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-01-20 22:40 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-01-20 22:39 . 2004-08-04 01:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-01-20 22:39 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-01-20 22:38 . 2004-08-04 02:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-20 22:38 . 2004-08-04 01:09 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-20 22:38 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-20 22:38 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-20 22:37 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-20 22:37 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-20 22:37 . 2001-08-17 13:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-01-20 22:37 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-20 22:37 . 2004-08-04 01:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-20 22:37 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-20 22:35 . 2001-08-17 13:28 727,786 --a--c--- C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-01-20 22:34 . 2004-08-04 00:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-20 22:34 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-01-20 22:34 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-01-20 22:34 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-01-20 22:32 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-01-20 22:31 . 2004-08-04 02:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-01-20 22:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-20 22:28 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-20 22:27 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-20 22:26 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-20 22:25 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-20 22:24 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-01-20 22:23 . 2004-08-04 02:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-01-20 22:22 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-20 22:21 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-20 22:20 . 2001-08-23 06:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls
2008-01-20 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-20 22:18 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-01-20 22:17 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-01-20 22:15 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-19 21:57 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-01-19 21:57 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-01-19 21:57 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-01-16 22:23 . 2008-01-16 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-15 23:22 . 2008-01-15 23:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-15 23:21 . 2008-01-16 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 23:21 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 20:34 . 2008-01-15 20:34 <DIR> d-------- C:\RadarSync Downloads
2008-01-15 20:34 . 2008-01-27 21:54 <DIR> d-------- C:\Program Files\RadarSync
2008-01-15 18:11 . 2008-01-15 18:11 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-13 12:32 . 2008-01-13 12:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 07:46 . 2008-01-13 07:46 <DIR> d-------- C:\Program Files\Network Associates
2008-01-12 23:41 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-12 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\hojycljywjuv.sys
2008-01-12 21:40 . 2008-01-28 16:19 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-12 21:39 . 2008-01-12 21:39 <DIR> d-------- C:\WINDOWS\Sun
2008-01-12 21:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 21:35 . 2008-01-12 21:37 <DIR> d-------- C:\Program Files\Java
2008-01-12 21:34 . 2008-01-12 21:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-12 21:33 . 2008-01-28 16:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-12 14:27 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-12 14:27 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-12 14:25 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-12 14:24 . 2007-03-29 06:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-12 14:24 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-12 14:19 . 2008-01-29 07:55 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-12 12:38 . 2008-01-12 12:40 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-01-11 00:23 . 2008-01-11 00:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-01-10 08:22 . 2008-01-10 08:22 <DIR> d-------- C:\phonetools
2008-01-08 16:44 . 2008-01-08 17:19 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 01:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-01-13 06:19 --------- d-----w C:\Program Files\Symantec
2008-01-13 06:07 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-13 05:56 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-12 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 06:11 --------- d-----w C:\Program Files\Creative
2008-01-08 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-25 16:58 --------- d-----w C:\Program Files\Logitech
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-09 19:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 19:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 19:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 19:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 19:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 19:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 19:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 19:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 18:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-07-04 17:04 20,860,979 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_04_11_50_28_full.dmp.zip
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 18:34 3084288]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-12-09 18:34 3545088]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 13:48 131072]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 14:06 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-23 06:00 77891]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-10-26 05:24 75432]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-29 23:47 95960]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"QD FastAndSafe"="" []
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00 270336]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 11:01 1037736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleanSweep Smart Sweep-Internet Sweep.lnk - C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe [2007-06-29 11:51:11 221184]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 20:00:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=apitrap.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2001-08-10 05:00]
R3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2002-02-01 12:22]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 07:28]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 15:18]

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 02:15:41 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2008-01-26 02:52:09 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-01-26 02:37:46 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Common Files\Symantec Shared\NMain.exeK /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule
"2008-01-29 15:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-01-30 00:44:10 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 20:19:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

hijacklog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:55 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183093078342
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123677765
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 8392 bytes

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 30 January 2008 - 01:17 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\drivers\hojycljywjuv.sys
C:\WINDOWS\system32\dllcache\bitsprx4.dll
C:\WINDOWS\system32\bitsprx4.dll


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#8 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 30 January 2008 - 11:04 PM

ok here is the new combofix log and hijack log

ComboFix 08-01-30.1 - Owner 2008-01-30 20:46:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://origin.onecare.live.com
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 20:42 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe
2008-01-22 07:32 . 2008-01-22 07:39 <DIR> d-------- C:\Program Files\Hazard Shield
2008-01-20 22:55 . 2004-08-04 02:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-20 22:55 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-20 22:55 . 2001-08-23 06:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-20 22:55 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-20 22:55 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-20 22:55 . 2004-08-04 00:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-20 22:55 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-20 22:55 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-20 22:55 . 2004-08-04 00:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-20 22:55 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-20 22:54 . 2004-08-04 02:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-01-20 22:53 . 2004-08-04 00:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-01-20 22:53 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-01-20 22:53 . 2004-08-04 01:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-01-20 22:51 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-20 22:51 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-01-20 22:51 . 2001-08-17 13:28 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2008-01-20 22:51 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-20 22:51 . 2001-08-17 13:28 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-20 22:51 . 2001-08-17 12:14 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2008-01-20 22:51 . 2001-08-17 13:49 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2008-01-20 22:51 . 2004-08-04 00:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-01-20 22:49 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-01-20 22:48 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-20 22:47 . 2001-08-17 22:36 238,592 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll
2008-01-20 22:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-20 22:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-20 22:44 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-20 22:43 . 2004-08-04 02:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-01-20 22:42 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-20 22:41 . 2004-08-04 00:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-20 22:40 . 2004-08-04 01:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-01-20 22:40 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-01-20 22:39 . 2004-08-04 01:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-01-20 22:39 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-01-20 22:38 . 2004-08-04 02:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-20 22:38 . 2004-08-04 01:09 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-20 22:38 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-20 22:38 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-20 22:37 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-20 22:37 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-20 22:37 . 2001-08-17 13:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-01-20 22:37 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-20 22:37 . 2004-08-04 01:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-20 22:37 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-20 22:35 . 2001-08-17 13:28 727,786 --a--c--- C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-01-20 22:34 . 2004-08-04 00:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-20 22:34 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-01-20 22:34 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-01-20 22:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-01-20 22:34 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-01-20 22:32 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-01-20 22:31 . 2004-08-04 02:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-01-20 22:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-20 22:28 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-20 22:27 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-20 22:26 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-20 22:25 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-20 22:24 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-01-20 22:23 . 2004-08-04 02:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-01-20 22:22 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-20 22:21 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-20 22:20 . 2001-08-23 06:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls
2008-01-20 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-20 22:18 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-01-20 22:17 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-01-20 22:15 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-19 21:57 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-01-19 21:57 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-01-19 21:57 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-01-16 22:23 . 2008-01-16 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-15 23:22 . 2008-01-15 23:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-15 23:21 . 2008-01-16 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 23:21 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 20:34 . 2008-01-15 20:34 <DIR> d-------- C:\RadarSync Downloads
2008-01-15 20:34 . 2008-01-27 21:54 <DIR> d-------- C:\Program Files\RadarSync
2008-01-15 18:11 . 2008-01-15 18:11 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-13 12:32 . 2008-01-13 12:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 07:46 . 2008-01-13 07:46 <DIR> d-------- C:\Program Files\Network Associates
2008-01-12 23:41 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-12 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\hojycljywjuv.sys
2008-01-12 21:40 . 2008-01-28 16:19 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-12 21:39 . 2008-01-12 21:39 <DIR> d-------- C:\WINDOWS\Sun
2008-01-12 21:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 21:35 . 2008-01-12 21:37 <DIR> d-------- C:\Program Files\Java
2008-01-12 21:34 . 2008-01-12 21:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-12 21:33 . 2008-01-28 16:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-12 14:27 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-12 14:27 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-12 14:25 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-12 14:24 . 2007-03-29 06:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-12 14:24 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-12 14:19 . 2008-01-30 07:55 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-12 12:38 . 2008-01-12 12:40 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-01-11 00:23 . 2008-01-11 00:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-01-10 08:22 . 2008-01-10 08:22 <DIR> d-------- C:\phonetools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 02:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-01-13 06:19 --------- d-----w C:\Program Files\Symantec
2008-01-13 06:07 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-13 05:56 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-12 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 06:11 --------- d-----w C:\Program Files\Creative
2008-01-08 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-25 16:58 --------- d-----w C:\Program Files\Logitech
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-09 19:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 19:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 19:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 19:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 19:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 19:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 19:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 19:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 18:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-07-04 17:04 20,860,979 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_04_11_50_28_full.dmp.zip
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 18:34 3084288]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-12-09 18:34 3545088]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 13:48 131072]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 14:06 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-23 06:00 77891]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-10-26 05:24 75432]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-29 23:47 95960]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"QD FastAndSafe"="" []
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00 270336]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 11:01 1037736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleanSweep Smart Sweep-Internet Sweep.lnk - C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe [2007-06-29 11:51:11 221184]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 20:00:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=apitrap.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2001-08-10 05:00]
R3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2002-02-01 12:22]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 07:28]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 15:18]

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 02:15:41 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2008-01-26 02:52:09 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-01-26 02:37:46 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Common Files\Symantec Shared\NMain.exeK /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule
"2008-01-30 15:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-01-31 00:45:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 21:00:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 21:05:32
ComboFix-quarantined-files.txt 2008-01-31 03:05:11
ComboFix2.txt 2008-01-30 02:24:09
.
2008-01-17 09:01:35 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:17 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183093078342
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123677765
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 8443 bytes

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 31 January 2008 - 11:28 AM

miztrniceguy,

Please open up the following file and post the contents as a reply to this post.

The file is: C:\Qoobox\ComboFix-quarantined-files.txt

#10 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 31 January 2008 - 09:33 PM

here you go...thanks


2008-01-30 04:23 4232 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2008-01-30 04:23 5625 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#11 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 19 February 2008 - 12:35 AM

i just wondered if i needed to do something else...i know you're busy,

thanks

miztrniceguy

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 19 February 2008 - 04:08 PM

Sorry miztrniceguy, I did not get a notification for this. Sorry for the long absence.

Thankfully, the computer now looks clean. Has it been working well for you.

#13 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 20 February 2008 - 12:14 AM

yes it has for the last couple of weeks, i don't think i've gotton the windows explorer error in that time. i will keep my fingers crossed. if it happens again i will let you know.

thanks for your help.

miztrniceguy

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:34 AM

Posted 20 February 2008 - 02:38 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users