Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore Popups And Error X


  • Please log in to reply
8 replies to this topic

#1 roninknife

roninknife

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 February 2008 - 09:34 PM

I'm getting iexplore error message popups and some other weird advertising that pop up on my tool bar where my updates and system resources warnings are. I read the "what to do before" stuff, adaware 07, S&D, trend micro. Heres my log. Oh Yeah one other thing i noticed was that in my internet explorer menu tree it has a picture of a red x next to my c: drive rather than a drive picture. Does this make any sense?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:01 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\windows
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [76733dc0] rundll32.exe "C:\WINDOWS\system32\woiuuysg.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA9888] command /c del "C:\WINDOWS\system32\windows_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4762] cmd /c del "C:\WINDOWS\system32\windows_tobedeleted_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9] command /c del "C:\WINDOWS\system32\windows_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5750] cmd /c del "C:\WINDOWS\system32\windows_tobedeleted_old"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 7365 bytes

:thumbsup:

Thanks RN

Edited by roninknife, 04 February 2008 - 12:44 AM.


BC AdBot (Login to Remove)

 


#2 roninknife

roninknife
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 11 February 2008 - 07:27 PM

Heah, I know that i posted this log while the Superbowl was going on but i thought that i would at least been looked at couple days later. Through me a bone here. :thumbsup:

RN

Ps I know that i have a had a butt load of computer problems lately, but there not my fault, really, i've just been really unlucky. Please help!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:33 PM

Posted 13 February 2008 - 11:37 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#4 roninknife

roninknife
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 17 February 2008 - 12:58 PM

I did as you asked, here are the two logs you requested.

ComboFix 08-02-17.2 - Christian & Kelly 2008-02-17 9:02:40.1 - NTFSx86
Running from: C:\Documents and Settings\Christian & Kelly\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\opnomkk.dll
C:\WINDOWS\system32\sesuqhyp.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\arvjcatu.ini
C:\WINDOWS\system32\aycjlved.dll
C:\WINDOWS\system32\bnembxvd.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\btnduiom.ini
C:\WINDOWS\system32\cedsfcle.dll
C:\WINDOWS\system32\chikkdas.dll
C:\WINDOWS\system32\cxfidick.dll
C:\WINDOWS\system32\dnfjbcrd.ini
C:\WINDOWS\system32\dnjerxpk.dll
C:\WINDOWS\system32\drcbjfnd.dll
C:\WINDOWS\system32\durpdhvy.ini
C:\WINDOWS\system32\dvxbmenb.ini
C:\WINDOWS\system32\etqokidq.ini
C:\WINDOWS\system32\fdlkmycj.dll
C:\WINDOWS\system32\fetmveuy.ini
C:\WINDOWS\system32\flmmlvxa.dll
C:\WINDOWS\system32\gfnhwjnn.ini
C:\WINDOWS\system32\ggwyddfl.dll
C:\WINDOWS\system32\gmjasjeu.ini
C:\WINDOWS\system32\gsyuuiow.ini
C:\WINDOWS\system32\hewkayml.ini
C:\WINDOWS\system32\hpeyjlrt.dll
C:\WINDOWS\system32\hrktsdwi.dll
C:\WINDOWS\system32\hvvveagw.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ilglsqfl.dll
C:\WINDOWS\system32\iwdstkrh.ini
C:\WINDOWS\system32\jaeqobtj.dll
C:\WINDOWS\system32\jbfhdmlv.dll
C:\WINDOWS\system32\jeelumps.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jtboqeaj.ini
C:\WINDOWS\system32\jvpilncs.dll
C:\WINDOWS\system32\lhsfvjbf.dll
C:\WINDOWS\system32\lmxmtbrv.ini
C:\WINDOWS\system32\lmyakweh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlosdeyn.ini
C:\WINDOWS\system32\moiudntb.dll
C:\WINDOWS\system32\nghadyqq.ini
C:\WINDOWS\system32\nmryxpyx.ini
C:\WINDOWS\system32\nnjwhnfg.dll
C:\WINDOWS\system32\nyedsolm.dll
C:\WINDOWS\system32\opfxudaj.dll
C:\WINDOWS\system32\opnomkk.dll
C:\WINDOWS\system32\qdikoqte.dll
C:\WINDOWS\system32\qixpnprt.dll
C:\WINDOWS\system32\qopquurv.dll
C:\WINDOWS\system32\qqydahgn.dll
C:\WINDOWS\system32\qrgowkhv.dll
C:\WINDOWS\system32\sesuqhyp.dll
C:\WINDOWS\system32\sesuqhyp.dllbox
C:\WINDOWS\system32\sgnljyan.dll
C:\WINDOWS\system32\sohtqwkc.ini
C:\WINDOWS\system32\uejsajmg.dll
C:\WINDOWS\system32\ulbvhgby.dll
C:\WINDOWS\system32\utacjvra.dll
C:\WINDOWS\system32\vrbtmxml.dll
C:\WINDOWS\system32\vruuqpoq.ini
C:\WINDOWS\system32\wfgmvpkj.dll
C:\WINDOWS\system32\wgaevvvh.ini
C:\WINDOWS\system32\woiuuysg.dll
C:\WINDOWS\system32\wpiheykv.dll
C:\WINDOWS\system32\wxdpqrbn.dll
C:\WINDOWS\system32\xfcnnyux.ini
C:\WINDOWS\system32\xuynncfx.dll
C:\WINDOWS\system32\xypxyrmn.dll
C:\WINDOWS\system32\ybghvblu.ini
C:\WINDOWS\system32\yhvdjtfj.dll
C:\WINDOWS\system32\yuevmtef.dll
C:\WINDOWS\system32\yvhdprud.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-05 16:03 . 2008-02-05 16:03 90,688 --a------ C:\WINDOWS\system32\ckwqthos.dll
2008-02-03 18:25 . 2008-02-03 18:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 16:44 . 2008-02-03 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 02:20 --------- d-----w C:\Program Files\Quicken
2008-02-04 01:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:44 --------- d-----w C:\Program Files\Lavasoft
2008-02-04 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 04:01 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 21:33 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\Azureus
2008-01-18 23:42 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\AdobeUM
2008-01-03 06:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-03 06:35 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\DAEMON Tools
2008-01-03 06:26 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 20:59 --------- d-----w C:\Program Files\Azureus
2007-10-17 05:56 148 ----a-w C:\Documents and Settings\Christian & Kelly\Application Data\wklnhst.dat
2006-10-30 19:28 3,007,488 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w		   260,096 2008-01-28 02:45:43  C:\Program Files\Azureus\Torrents\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\VMware.New All .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"Azureus Installer"="C:\Program Files\Azureus Installer\Azureus-Installer.exe" [2007-03-15 06:45 346112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:26 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-11 05:36 1318912]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 20:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 12:50 729178]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 09:35 327720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03 24104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-10-20 10:49:14 200704]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-07-03 15:43:41 278528]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-09-21 16:53:32 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 06:15]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 01:06]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b6339ba-9248-11db-a4f4-0014a5a76778}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3612f3-0cdc-11dc-a534-0016d40c9d72}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 09:28:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe
.
**************************************************************************
.
Completion time: 2008-02-17 9:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 17:27:50
.
2008-01-11 06:05:39 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:51 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 7578 bytes

Thanks :thumbsup:

RK

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:33 PM

Posted 17 February 2008 - 02:20 PM

I suggest you delete this folder altogether:

C:\Program Files\Azureus\Torrents\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\

Trying to illegally crack copyrighted software is what got you into this mess to begin with.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

DRIVER::
MSControlService

COLLECT::[3]
C:\WINDOWS\system32\windows

FILE::
C:\WINDOWS\system32\ckwqthos.dll

RENV::
C:\Program Files\Azureus\Torrents\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\VMware.New All .exe


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#6 roninknife

roninknife
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 17 February 2008 - 03:16 PM

I know that i shouldn't have been trying to hack software, and your right, that is what caused this problem, thats what happens when you try to help out someone. Here is the log.

ComboFix 08-02-17.2 - Christian & Kelly 2008-02-17 12:05:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.558 [GMT -8:00]
Running from: C:\Documents and Settings\Christian & Kelly\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christian & Kelly\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ckwqthos.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ckwqthos.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-03 18:25 . 2008-02-03 18:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 16:44 . 2008-02-03 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 02:20 --------- d-----w C:\Program Files\Quicken
2008-02-04 01:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:44 --------- d-----w C:\Program Files\Lavasoft
2008-02-04 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 04:01 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 21:33 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\Azureus
2008-01-18 23:42 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\AdobeUM
2008-01-03 06:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-03 06:35 --------- d-----w C:\Documents and Settings\Christian & Kelly\Application Data\DAEMON Tools
2008-01-03 06:26 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 20:59 --------- d-----w C:\Program Files\Azureus
2007-10-17 05:56 148 ----a-w C:\Documents and Settings\Christian & Kelly\Application Data\wklnhst.dat
2006-10-30 19:28 3,007,488 --sha-w C:\Program Files\ehthumbs.db
.
<pre>
----a-w		   260,096 2008-01-28 02:45:43  C:\RECYCLER\S-1-5-21-3913183101-1353805949-536554433-1005\Dc2\VMware.New All .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"Azureus Installer"="C:\Program Files\Azureus Installer\Azureus-Installer.exe" [2007-03-15 06:45 346112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:26 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-11 05:36 1318912]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 20:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 12:50 729178]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 09:35 327720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03 24104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-10-20 10:49:14 200704]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-07-03 15:43:41 278528]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-09-21 16:53:32 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 06:15]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 01:06]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b6339ba-9248-11db-a4f4-0014a5a76778}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3612f3-0cdc-11dc-a534-0016d40c9d72}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 12:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-17 12:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 20:09:12
ComboFix2.txt 2008-02-17 17:27:54
.
2008-01-11 06:05:39 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:08 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7549 bytes


Thanks

RK

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:33 PM

Posted 19 February 2008 - 09:43 AM

Just empty your recycle bin to get rid of the infected files from there.

Other than that, you lookclean. How does the system feel to you now?

#8 roninknife

roninknife
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 21 February 2008 - 12:00 AM

Everything Seems To be workinh Great.

no pop ups, i love it, thank you so much it is so nice to have my laptop virus free.

I have another question for you. If you have read some of my recent post you have noticed that i have been having my fair share of computer problems. My desktop has been on the fritz. I have managed to get it working, it boots properly and my essential programs are working but i am having trouble with my windows mp 11 which in turn effects my media center. I have tried to reload it twice and it still won't play any music or movies. when i try to play something it has an error and closes. Also my windows explorer will frequently error and shutdown. Could this be caused by a virus? i haven't had any popups or other malware. Would it be a good idea to get a cleaning anyway, even i did it about 2 months ago? Or should i just do a clean install. if i do try a cleaning can i post it on this thread or should i open a new one?

thanks again for all your help,

Sorry about the bad grammer and sentence structure my wife is hounding me to get off the computer:)


RK

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:33 PM

Posted 21 February 2008 - 02:07 PM

Hmm..not sure. You may just need to reinstall Windows Media Player. I do not see any malware anymore so not sure what else you can do. You were infected with something, so a reinstall may help, but I can't guarantee it. Not sure what else to tell you at this point. You can try posting about your windows media player problem in this forum and see if that helps:

Audio and Video

Other than that, your all clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users