Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Typing Just Stops


  • Please log in to reply
5 replies to this topic

#1 kendq

kendq

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 13 February 2008 - 03:06 PM

First of all I hope I am in the right place

I can be typing (in many different progams) and the typing just stops The vertical line is gone but if I click the mouse where it stoped I can resume but i lost the typing between where it stoped and i noticed it below is a hyjack this log any help is appreciated I have run the spyware progs and googled the prob with no fixes but there are others haveing the same problem
thanks
kendq


StartupList report, 02/13/2008, 1:32:05 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\ofps.exe
C:\SUPERVOC\PROGRAM\PICPMON.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Larry\Start Menu\Programs\Startup]
DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
PaperPort PTD = C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
(Default) =
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\AlertEng.dll"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=c:\01comm32\bin\01comm32.exe
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...ector/swdir.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

[AxProdInfoCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\nprdtinf.dll
CODEBASE = http://www.symantec.com/techsupp/activedata/nprdtinf.cab

[HTECtrl Class]
InProcServer32 = C:\WINDOWS\HTEWEB.DLL
CODEBASE = https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab

[Symantec Download Manager]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
CODEBASE = https://webdl.symantec.com/activex/symdlmgr.cab

[ActiveReports Viewer2]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\arview2.ocx
CODEBASE = https://reports.paychoiceonline.com/pcoreports/arview2.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7635.7424421296

[{C32F59BF-180B-416A-ABF7-161060990A88}]
CODEBASE = http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab

[Crystal Report Viewer Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CRViewer.dll
CODEBASE = http://www.myworkinfo.com/ActiveX/activexviewer.cab

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
CODEBASE = https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #5: C:\WINDOWS\system32\wshbth.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 9,142 bytes
Report generated in 0.110 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 18 February 2008 - 06:36 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 kendq

kendq
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 19 February 2008 - 08:55 AM

The porblem seems to come and go. yes I have avg spyware and antivirus and have run such malware removal programs. right now its not doing it however it has done it a few times speraticly I am now thinking it must be hardware related. just in case I am posting a log below (when it is not doing it) in case there was something and it could help someone else.
Thanks
kendq

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:27 AM, on 02/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\ofps.exe
C:\SUPERVOC\PROGRAM\PICPMON.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://reports.paychoiceonline.com/pcoreports/arview2.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.myworkinfo.com/ActiveX/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Apache Software Foundation - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERVOC\PROGRAM\PICPMON.EXE
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9624 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 19 February 2008 - 11:06 AM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


Please follow the instructions in the link below for the downloading and running of ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This also includes installing the Windows XP Recovery Console in case you have not got it installed.
Post the log from ComboFix when you've finished,along with a new HijackThis log please.
Posted Image
Posted Image

#5 kendq

kendq
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 19 February 2008 - 01:30 PM

Done

here is combo log

ComboFix 08-02-11.2 - Larry 2008-02-19 13:06:21.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -5:00]
Running from: C:\Documents and Settings\Larry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-19 11:49 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-19 11:48 . 2008-02-19 11:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-17 13:34 . 2008-02-17 13:34 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-02-17 13:34 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-02-17 13:33 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-02-13 13:20 . 2008-02-13 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 16:36 5,590,016 ----a-w C:\WINDOWS\Internet Logs\xDB1C1.tmp
2008-02-18 17:58 55,296 ----a-w C:\WINDOWS\Internet Logs\xDB258.tmp
2008-02-18 17:58 5,590,016 ----a-w C:\WINDOWS\Internet Logs\xDB257.tmp
2008-02-17 18:54 5,649,408 ----a-w C:\WINDOWS\Internet Logs\xDB1C0.tmp
2008-02-15 16:18 5,575,168 ----a-w C:\WINDOWS\Internet Logs\xDB1BF.tmp
2008-02-14 21:24 5,592,064 ----a-w C:\WINDOWS\Internet Logs\xDB1BE.tmp
2008-02-13 18:54 5,597,184 ----a-w C:\WINDOWS\Internet Logs\xDB1BD.tmp
2008-02-12 20:48 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1BC.tmp
2008-02-11 19:38 5,570,560 ----a-w C:\WINDOWS\Internet Logs\xDB1BB.tmp
2008-02-08 17:30 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1BA.tmp
2008-02-08 12:57 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B9.tmp
2008-02-07 14:55 5,571,072 ----a-w C:\WINDOWS\Internet Logs\xDB1B8.tmp
2008-02-06 20:15 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B7.tmp
2008-02-05 21:33 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B6.tmp
2008-02-05 12:56 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B5.tmp
2008-02-04 21:14 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B4.tmp
2008-02-04 14:42 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B3.tmp
2008-02-03 14:42 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B2.tmp
2008-02-02 21:12 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1B0.tmp
2008-02-02 14:43 53,248 ----a-w C:\WINDOWS\Internet Logs\xDB1B1.tmp
2008-02-01 14:42 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1AF.tmp
2008-01-31 15:03 5,571,072 ----a-w C:\WINDOWS\Internet Logs\xDB1AE.tmp
2008-01-30 16:45 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1AD.tmp
2008-01-29 20:54 5,571,072 ----a-w C:\WINDOWS\Internet Logs\xDB1AC.tmp
2008-01-28 23:16 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1AB.tmp
2008-01-25 18:33 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1AA.tmp
2008-01-24 19:51 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1A9.tmp
2008-01-24 14:42 5,569,536 ----a-w C:\WINDOWS\Internet Logs\xDB1A8.tmp
2008-01-22 23:41 5,544,960 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
2008-01-22 02:31 5,543,424 ----a-w C:\WINDOWS\Internet Logs\xDB1A6.tmp
2008-01-18 14:42 5,543,424 ----a-w C:\WINDOWS\Internet Logs\xDB1A5.tmp
2008-01-17 22:01 5,543,424 ----a-w C:\WINDOWS\Internet Logs\xDB1A4.tmp
2008-01-17 18:27 5,545,984 ----a-w C:\WINDOWS\Internet Logs\xDB1A3.tmp
2008-01-16 14:54 5,544,960 ----a-w C:\WINDOWS\Internet Logs\xDB1A2.tmp
2008-01-15 21:46 5,543,424 ----a-w C:\WINDOWS\Internet Logs\xDB1A1.tmp
2008-01-15 14:42 5,570,048 ----a-w C:\WINDOWS\Internet Logs\xDB1A0.tmp
2008-01-15 14:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-15 14:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-01-15 14:30 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-15 14:30 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-15 14:30 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-01-14 21:12 5,598,720 ----a-w C:\WINDOWS\Internet Logs\xDB19F.tmp
2008-01-14 21:01 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-14 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-13 14:42 5,544,960 ----a-w C:\WINDOWS\Internet Logs\xDB19E.tmp
2008-01-12 20:09 5,543,424 ----a-w C:\WINDOWS\Internet Logs\xDB19D.tmp
2008-01-12 13:15 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB19C.tmp
2008-01-11 20:26 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB19B.tmp
2008-01-11 20:21 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB19A.tmp
2008-01-11 17:04 5,544,448 ----a-w C:\WINDOWS\Internet Logs\xDB198.tmp
2008-01-11 17:04 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB199.tmp
2008-01-11 14:12 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB197.tmp
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 19:10 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB195.tmp
2008-01-10 19:09 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB196.tmp
2008-01-10 14:42 5,547,520 ----a-w C:\WINDOWS\Internet Logs\xDB194.tmp
2008-01-09 17:50 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB193.tmp
2008-01-09 14:43 5,548,544 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-01-08 19:54 5,551,616 ----a-w C:\WINDOWS\Internet Logs\xDB190.tmp
2008-01-08 14:52 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-01-08 00:12 5,543,936 ----a-w C:\WINDOWS\Internet Logs\xDB18F.tmp
2008-01-07 16:41 --------- d-----w C:\Program Files\DiscWizard for Windows
2008-01-07 16:35 5,541,376 ----a-w C:\WINDOWS\Internet Logs\xDB18E.tmp
2008-01-07 15:47 --------- d-----w C:\Program Files\HP Web Jetadmin
2008-01-06 16:43 5,527,040 ----a-w C:\WINDOWS\Internet Logs\xDB18C.tmp
2008-01-06 16:25 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB18D.tmp
2008-01-06 16:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 16:21 --------- d-----w C:\Documents and Settings\Larry\Application Data\AVG7
2008-01-06 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-06 16:19 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-06 02:32 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB18A.tmp
2008-01-06 02:32 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB18B.tmp
2008-01-06 02:25 --------- d-----w C:\Documents and Settings\Larry\Application Data\Grisoft
2008-01-06 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 01:56 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB189.tmp
2008-01-06 01:54 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB188.tmp
2008-01-05 18:00 5,487,616 ----a-w C:\WINDOWS\Internet Logs\xDB187.tmp
2008-01-05 13:09 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB186.tmp
2008-01-04 18:49 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB185.tmp
2008-01-04 14:03 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB184.tmp
2008-01-03 13:34 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB183.tmp
2008-01-02 13:02 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB182.tmp
2008-01-01 14:34 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB181.tmp
2007-12-31 20:20 5,488,128 ----a-w C:\WINDOWS\Internet Logs\xDB180.tmp
2007-12-30 14:18 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB17F.tmp
2007-12-30 14:17 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB17E.tmp
2007-12-29 13:08 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB17D.tmp
2007-12-28 22:13 5,488,128 ----a-w C:\WINDOWS\Internet Logs\xDB17C.tmp
2007-12-27 19:28 5,486,592 ----a-w C:\WINDOWS\Internet Logs\xDB17B.tmp
2007-12-26 19:52 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB17A.tmp
2007-12-23 15:48 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB179.tmp
2007-12-22 23:33 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB178.tmp
2007-12-21 13:15 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB177.tmp
2007-12-20 22:24 5,489,152 ----a-w C:\WINDOWS\Internet Logs\xDB176.tmp
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 15:09 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB175.tmp
2007-12-19 03:41 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB174.tmp
2007-12-18 23:45 5,486,080 ----a-w C:\WINDOWS\Internet Logs\xDB173.tmp
2007-12-18 19:28 5,484,544 ----a-w C:\WINDOWS\Internet Logs\xDB172.tmp
2007-12-18 13:08 5,484,544 ----a-w C:\WINDOWS\Internet Logs\xDB171.tmp
2004-01-08 22:03 32 --sha-w C:\WINDOWS\{9062BC76-4B4A-401F-B8D2-91DDC1ACC42E}.dat
2004-01-08 22:05 32 --sha-w C:\WINDOWS\{C03FCF2F-1586-47D4-954A-008C624F261F}.dat
2004-01-08 22:06 32 --sha-w C:\WINDOWS\{A2B6743A-F75A-465D-848E-E86F7D00E195}.dat
2004-01-08 22:06 32 --sha-w C:\WINDOWS\{59D339DE-3E55-421A-97B4-6C57FC13F3C0}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\{A525A8F5-96A6-41EB-AEF2-5E7BBF81F58E}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\{E19812D4-D068-4083-9668-485E492A7B0F}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\{68DA78F7-A1B4-43B8-AF01-F9203AD8547E}.dat
2004-01-09 15:16 32 --sha-w C:\WINDOWS\{69EBD92C-11AB-4D73-BABB-877CE81BBEB2}.dat
2004-01-09 15:18 32 --sha-w C:\WINDOWS\{634D155B-17A1-4EC4-8639-8E999031BA01}.dat
2004-01-09 15:18 32 --sha-w C:\WINDOWS\{EFCF497C-CA08-45A1-AC76-7745B05A73B7}.dat
2006-07-03 17:38 763,736 --sh--w C:\WINDOWS\system32\wycfe.bak1
2006-07-05 14:12 765,182 --sh--w C:\WINDOWS\system32\wycfe.bak2
2004-01-08 22:03 32 --sha-w C:\WINDOWS\system32\{1A3966CE-01F7-4D30-A599-D0B6F58AB62B}.dat
2004-01-08 22:05 32 --sha-w C:\WINDOWS\system32\{B004D8A2-937B-4FAF-B222-C97623F4F1D2}.dat
2004-01-08 22:06 32 --sha-w C:\WINDOWS\system32\{713884F1-F065-4295-8186-36C2B9949B60}.dat
2004-01-08 22:06 32 --sha-w C:\WINDOWS\system32\{8D46273A-9DC9-4324-85B3-B7A453F863C8}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\system32\{523F9E1A-EA17-4AA8-B1DD-F441974CDE6F}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\system32\{4F6049BE-14C3-45CD-B555-F8E9B17808CF}.dat
2004-01-09 15:14 32 --sha-w C:\WINDOWS\system32\{16AC8447-EF2D-4001-860E-783771A96172}.dat
2004-01-09 15:16 32 --sha-w C:\WINDOWS\system32\{CA5A437C-F0F0-4DD1-BFAE-9BD5146C8F60}.dat
2004-01-09 15:18 32 --sha-w C:\WINDOWS\system32\{2CB6C926-5077-4D8E-9970-2A015D0EE127}.dat
2004-01-09 15:18 32 --sha-w C:\WINDOWS\system32\{B4F733F8-DFE1-45C1-B41D-1E600DC5D257}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2003-09-05 23:16 57393]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-03-30 09:08 77824]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-12-15 14:57 693528]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 17:33 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-07 10:45 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 11:21 219136]

C:\Documents and Settings\Larry\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-11-22 16:51]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-22 17:08]
R2 HPWebJetadmin;HP Web Jetadmin;"C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" [2003-12-01 15:23]
R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2004-12-30 12:11]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2005-10-03 16:35]
S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [1980-01-01 00:00]
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [1980-01-01 00:00]
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [1980-01-01 00:00]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\FA120.sys [2002-07-16 04:42]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-15 09:30]
S3 gwiopm;gwiopm;C:\DOCUME~1\Larry\LOCALS~1\Temp\Temporary Directory 1 for skymax_up1[1].3.zip\gwiopm.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 13:53]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-10-03 16:19]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 12:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75cee3a2-99d3-11dc-833e-0011b107a377}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75cee3a3-99d3-11dc-833e-0011b107a377}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 13:17:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\C:\DOCUME~1\Larry\LOCALS~1\Temp\Temporary Directory 1 for skymax_up1
[1].3.zip\gwiopm.sys"

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-02-19 13:20:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 18:20:38
.
2008-02-13 18:59:39 --- E O F ---




AND HERE IS HIJACK LOG




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:28 PM, on 02/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://reports.paychoiceonline.com/pcoreports/arview2.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.myworkinfo.com/ActiveX/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Apache Software Foundation - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERVOC\PROGRAM\PICPMON.EXE
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9415 bytes



I seems fine right now

Thanks for all your help

kendq

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 19 February 2008 - 06:55 PM

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\wycfe.bak1
C:\WINDOWS\system32\wycfe.bak2
C:\WINDOWS\Internet Logs\xDB1C1.tmp
C:\WINDOWS\Internet Logs\xDB258.tmp
C:\WINDOWS\Internet Logs\xDB257.tmp
C:\WINDOWS\Internet Logs\xDB1C0.tmp
C:\WINDOWS\Internet Logs\xDB1BF.tmp
C:\WINDOWS\Internet Logs\xDB1BE.tmp
C:\WINDOWS\Internet Logs\xDB1BD.tmp
C:\WINDOWS\Internet Logs\xDB1BC.tmp
C:\WINDOWS\Internet Logs\xDB1BB.tmp
C:\WINDOWS\Internet Logs\xDB1BA.tmp
C:\WINDOWS\Internet Logs\xDB1B9.tmp
C:\WINDOWS\Internet Logs\xDB1B8.tmp
C:\WINDOWS\Internet Logs\xDB1B7.tmp
C:\WINDOWS\Internet Logs\xDB1B6.tmp
C:\WINDOWS\Internet Logs\xDB1B5.tmp
C:\WINDOWS\Internet Logs\xDB1B4.tmp
C:\WINDOWS\Internet Logs\xDB1B3.tmp
C:\WINDOWS\Internet Logs\xDB1B2.tmp
C:\WINDOWS\Internet Logs\xDB1B0.tmp
C:\WINDOWS\Internet Logs\xDB1B1.tmp
C:\WINDOWS\Internet Logs\xDB1AF.tmp
C:\WINDOWS\Internet Logs\xDB1AE.tmp
C:\WINDOWS\Internet Logs\xDB1AD.tmp
C:\WINDOWS\Internet Logs\xDB1AC.tmp
C:\WINDOWS\Internet Logs\xDB1AB.tmp
C:\WINDOWS\Internet Logs\xDB1AA.tmp
C:\WINDOWS\Internet Logs\xDB1A9.tmp
C:\WINDOWS\Internet Logs\xDB1A8.tmp
C:\WINDOWS\Internet Logs\xDB1A7.tmp
C:\WINDOWS\Internet Logs\xDB1A6.tmp
C:\WINDOWS\Internet Logs\xDB1A5.tmp
C:\WINDOWS\Internet Logs\xDB1A4.tmp
C:\WINDOWS\Internet Logs\xDB1A3.tmp
C:\WINDOWS\Internet Logs\xDB1A2.tmp
C:\WINDOWS\Internet Logs\xDB1A1.tmp
C:\WINDOWS\Internet Logs\xDB1A0.tmp
C:\WINDOWS\Internet Logs\xDB19E.tmp
C:\WINDOWS\Internet Logs\xDB19D.tmp
C:\WINDOWS\Internet Logs\xDB19C.tmp
C:\WINDOWS\Internet Logs\xDB19B.tmp
C:\WINDOWS\Internet Logs\xDB19A.tmp
C:\WINDOWS\Internet Logs\xDB198.tmp
C:\WINDOWS\Internet Logs\xDB199.tmp
C:\WINDOWS\Internet Logs\xDB197.tmp
C:\WINDOWS\Internet Logs\xDB195.tmp
C:\WINDOWS\Internet Logs\xDB196.tmp
C:\WINDOWS\Internet Logs\xDB194.tmp
C:\WINDOWS\Internet Logs\xDB193.tmp
C:\WINDOWS\Internet Logs\xDB192.tmp
C:\WINDOWS\Internet Logs\xDB190.tmp
C:\WINDOWS\Internet Logs\xDB191.tmp
C:\WINDOWS\Internet Logs\xDB18F.tmp
C:\WINDOWS\Internet Logs\xDB18E.tmp
C:\WINDOWS\Internet Logs\xDB18C.tmp
C:\WINDOWS\Internet Logs\xDB18D.tmp
C:\WINDOWS\Internet Logs\xDB18A.tmp
C:\WINDOWS\Internet Logs\xDB18B.tmp
C:\WINDOWS\Internet Logs\xDB189.tmp
C:\WINDOWS\Internet Logs\xDB188.tmp
C:\WINDOWS\Internet Logs\xDB187.tmp
C:\WINDOWS\Internet Logs\xDB186.tmp
C:\WINDOWS\Internet Logs\xDB185.tmp
C:\WINDOWS\Internet Logs\xDB184.tmp
C:\WINDOWS\Internet Logs\xDB183.tmp
C:\WINDOWS\Internet Logs\xDB182.tmp
C:\WINDOWS\Internet Logs\xDB181.tmp
C:\WINDOWS\Internet Logs\xDB180.tmp
C:\WINDOWS\Internet Logs\xDB17F.tmp
C:\WINDOWS\Internet Logs\xDB17E.tmp
C:\WINDOWS\Internet Logs\xDB17D.tmp
C:\WINDOWS\Internet Logs\xDB17C.tmp
C:\WINDOWS\Internet Logs\xDB17B.tmp
C:\WINDOWS\Internet Logs\xDB17A.tmp
C:\WINDOWS\Internet Logs\xDB179.tmp
C:\WINDOWS\Internet Logs\xDB178.tmp
C:\WINDOWS\Internet Logs\xDB177.tmp
C:\WINDOWS\Internet Logs\xDB176.tmp
C:\WINDOWS\Internet Logs\xDB175.tmp
C:\WINDOWS\Internet Logs\xDB174.tmp
C:\WINDOWS\Internet Logs\xDB173.tmp
C:\WINDOWS\Internet Logs\xDB172.tmp
C:\WINDOWS\Internet Logs\xDB171.tmp
C:\WINDOWS\{9062BC76-4B4A-401F-B8D2-91DDC1ACC42E}.dat
C:\WINDOWS\{C03FCF2F-1586-47D4-954A-008C624F261F}.dat
C:\WINDOWS\{A2B6743A-F75A-465D-848E-E86F7D00E195}.dat
C:\WINDOWS\{59D339DE-3E55-421A-97B4-6C57FC13F3C0}.dat
C:\WINDOWS\{A525A8F5-96A6-41EB-AEF2-5E7BBF81F58E}.dat
C:\WINDOWS\{E19812D4-D068-4083-9668-485E492A7B0F}.dat
C:\WINDOWS\{68DA78F7-A1B4-43B8-AF01-F9203AD8547E}.dat
C:\WINDOWS\{69EBD92C-11AB-4D73-BABB-877CE81BBEB2}.dat
C:\WINDOWS\{634D155B-17A1-4EC4-8639-8E999031BA01}.dat
C:\WINDOWS\{EFCF497C-CA08-45A1-AC76-7745B05A73B7}.dat
C:\WINDOWS\system32\{1A3966CE-01F7-4D30-A599-D0B6F58AB62B}.dat
C:\WINDOWS\system32\{B004D8A2-937B-4FAF-B222-C97623F4F1D2}.dat
C:\WINDOWS\system32\{713884F1-F065-4295-8186-36C2B9949B60}.dat
C:\WINDOWS\system32\{8D46273A-9DC9-4324-85B3-B7A453F863C8}.dat
C:\WINDOWS\system32\{523F9E1A-EA17-4AA8-B1DD-F441974CDE6F}.dat
C:\WINDOWS\system32\{4F6049BE-14C3-45CD-B555-F8E9B17808CF}.dat
C:\WINDOWS\system32\{16AC8447-EF2D-4001-860E-783771A96172}.dat
C:\WINDOWS\system32\{CA5A437C-F0F0-4DD1-BFAE-9BD5146C8F60}.dat
C:\WINDOWS\system32\{2CB6C926-5077-4D8E-9970-2A015D0EE127}.dat
C:\WINDOWS\system32\{B4F733F8-DFE1-45C1-B41D-1E600DC5D257}.dat


Return to OTMoveIt, right click on the "Paste Custom List of Files/Folders to Move" window under the "yellow" bar at the bottom,and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.
If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.It does not provide an option to clean/disinfect,i need to see the scan results.
Now click on the Save as Text button.
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

If the above link doesn't work,try this:
http://www.kaspersky.com/kos/english/kavwebscan.html

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users