Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Having Trouble Identifying Problems


  • Please log in to reply
22 replies to this topic

#1 Madforit

Madforit

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 29 April 2008 - 04:38 PM

I have an advent 7250, at least i'm fairly sure that is the model anyway !

I Have 1MB Ram and a 65Gb HDD

A radeon X 700 256mb GFX card

An internal NIC although i don't use it as I am connected directly by a modem without a router


The problems I am having have only started appearing in the last few days, And I can't undertsand why this is as I haven't been doing anything different to what I have always done with my laptop, Mainly used for gaming and general webiste surfing and also checking my emails.

The other day I was informed by AVG Free that it had found 3 virii, One was the LOP virus and I can't actually remember the name of the other ones, But AVG healed the infections and the infections didn't re-appear.

Since this has happened, Every time I boot up or restart my laptop I receive a dialog box as soon as windows starts saying yuovjwr.dll cannot be found and so it will not be executed, I have re-scanned the whole HDD for virii and also spyware with spy bot and both come back saying the system is clean!.

Sometimes when I have left the computer idle for 15-20 minutes I come back to see a black screen with various green and blue vertical stripes and the only thing I can do form this point is to restart the computer, CTRL+ALT+ESC has no effect and even the power button doesn't bring up the restart or shutdown options that it normally does, Just before I posted this on here i had another infection warning but AVG successfully removed it, But I am starting to think that I have maybe got some Trojan or Mal ware somewhere on my computer that is replicating itself under different names every time it is removed, therefore reappearing at random times and I think this might be why my laptop keeps locking up when I leave it idle.

The other problem is one that has only just started happening and it is that when I start the pc up I can hear what sound slike interference from the hard drive coming form the speakers that are built into the laptop although nothing should be coming through these as I use a set of external speakers and have the laptop speakers disabled, Saying that I would be more interested in sorting the other more worrying problem out first.

I look forward to hearing form you soon and hope someone can help me to rectify my problems.

Below I have posted A recent HJT log and also a DSS log file (Main.txt) & (Extra.txt) as per the instructions on the forums!

If any other information is required please post or email me for it, Some kind of instructions to obtain any extra information would be appreciated, Although I do have a fair knowledge of computers anyway I would like to sort this problem ASAP rather than having to keep posting just to find out how to do certain things.

Many Many Many Thanks


Steve

Attached Files



BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 29 April 2008 - 10:07 PM

Hello Steve,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 05:59 AM

Hello Steve,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea


I have tried about 4 times to run a MBB scan, but after about 14 mins the computer locks up and I cant do anything except switch it off, Any other solutions would be a greta help.

Many thanks

steve

#4 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 06:31 AM

Hello Steve,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea


I have tried about 4 times to run a MBB scan, but after about 14 mins the computer locks up and I cant do anything except switch it off, Any other solutions would be a greta help.

Many thanks

steve


I am currently running an SuperAntiSpyware scan and will send the log form this if it is any use to you, Please let me know soon so i don't end up posting unneccessary items.

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 30 April 2008 - 08:01 AM

That's fine. It'll give us a starting pint anyway. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 01:24 PM

I have done the scan but can't find where to get the log from, also I have noticed that I have got the Vundo.N Trojan which i have supposedly deleted with SuperSpyware Scanner, But when I removed it the first time the second scan found it again.

I may be away for a while after tonight, I know you are very busy but would love to get somewhere at least with this before I go even if it is only making a start with my problems it would be good as I am trying desperately not to do a full re-install of windows as I have got a lot of things that I really haven't got time to back-up as I haven't got an external hard drive so can only back up onto cd/dvd's, Although I was wondering whether doing a Non-Destructive Re-Install would get rid of the problems, As this way all the thngs I want to keep would remain on my drive although I think this would probably still leave the infections on the drive, Any information on this would be greatfully appreciated..

Many Thanks

Steve

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 30 April 2008 - 01:33 PM

Hi Steve,

Part of the goal here is to get rid of the nasties without loss of data. Otherwise we'd spend all day telling folks to reformat and reinstall. :blink: I have lots of options here, so nowhere near out of ideas. :thumbsup:

Let's try this one instead.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 02:07 PM

Here's the ComboFix log file for you to take a look at, Also if you can tell me how to find the SuperSpyware Scanner's Logfile I will also post that here for you too.

I hope everyone is not too busy tonight, But I can also understand it if you are.

Many Thanks yet again

Steve

ComboFix 08-04-29.5 - Molly 2008-04-30 19:44:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503 [GMT 1:00]
Running from: C:\Documents and Settings\Molly\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alvvgene.ini
C:\WINDOWS\system32\sBcKRtwa.ini
C:\WINDOWS\system32\sBcKRtwa.ini2
C:\WINDOWS\system32\upqyecmk.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 12:26 . 2008-04-30 12:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\SUPERAntiSpyware.com
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 12:18 . 2008-04-30 12:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-30 11:35 . 2008-04-30 11:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Malwarebytes
2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 21:05 . 2008-04-29 21:05 <DIR> d----c--- C:\Deckard
2008-04-29 14:28 . 2008-04-29 14:28 112 --a------ C:\Documents and Settings\Molly\DatRemover.log
2008-04-29 14:21 . 2008-04-29 14:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-29 14:21 . 2008-04-24 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 20:25 . 2008-04-28 20:25 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\NPLUTO Corporation
2008-04-27 00:08 . 2007-06-21 18:59 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-04-27 00:07 . 2008-04-27 00:07 <DIR> d-------- C:\Program Files\NHN USA
2008-04-27 00:07 . 2008-01-16 18:25 679,936 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-04-26 23:14 . 2008-04-26 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-26 08:51 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\MxBoost
2008-04-26 08:49 . 2008-04-30 00:31 <DIR> d-------- C:\Program Files\Maxthon2
2008-04-26 07:38 . 2008-04-26 07:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 07:38 . 2008-04-26 07:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 07:21 . 2008-04-30 19:15 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-04-26 07:11 . 2008-04-30 18:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-26 07:11 . 2008-04-26 07:11 <DIR> d-------- C:\Program Files\AVG
2008-04-26 07:11 . 2008-04-26 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-26 07:11 . 2008-04-26 07:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-26 07:11 . 2008-04-26 07:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-26 07:11 . 2008-04-26 07:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-24 23:32 . 2008-04-25 23:34 109,734 --a------ C:\WINDOWS\BM8b634c53.xml
2008-04-24 17:46 . 2008-04-24 17:46 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\ESET
2008-04-24 17:43 . 2008-04-24 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-24 02:18 . 2008-04-24 02:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-24 02:13 . 2008-04-24 11:37 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-04-24 01:34 . 2008-04-24 01:34 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-04-24 01:34 . 2008-04-24 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-04-24 01:34 . 2006-11-22 12:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-04-22 13:53 . 1996-10-15 10:40 291,600 --a------ C:\WINDOWS\system\WININET.DLL
2008-04-22 13:31 . 2008-04-25 18:00 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\InstallShield
2008-04-22 13:30 . 2008-04-22 13:30 921 --a------ C:\WINDOWS\QSFVExit.bat
2008-04-21 18:01 . 2008-04-21 18:07 2,621,517 --a--c--- C:\az.log.bak
2008-04-20 15:43 . 2008-04-22 13:55 399 --a------ C:\WINDOWS\SIERRA.INI
2008-04-20 00:36 . 2008-04-20 00:36 <DIR> d-------- C:\Program Files\uTorrent
2008-04-20 00:36 . 2008-04-29 22:40 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\uTorrent
2008-04-20 00:21 . 2008-04-20 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-04-16 15:50 . 2008-04-16 17:29 134 --a------ C:\WINDOWS\rootkitno.ini
2008-04-16 15:49 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-04-16 15:37 . 2008-04-16 15:38 258 --a------ C:\WINDOWS\wininit.ini
2008-04-16 13:52 . 2008-04-16 13:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 22:21 . 2008-04-22 13:30 <DIR> d-------- C:\Program Files\Playwinpoker.com
2008-04-07 04:05 . 2008-04-07 04:05 145 --a--c--- C:\Shortcut to CD Drive.lnk
2008-04-06 01:51 . 2008-04-24 01:26 <DIR> d-------- C:\Program Files\Serials 2005
2008-04-06 01:36 . 2008-03-13 16:18 506,496 --a------ C:\WINDOWS\system32\drivers\DrmRDriverV32.sys
2008-04-06 01:36 . 2008-03-13 16:18 3,768 --a------ C:\WINDOWS\system32\drivers\DrmRVideo32.sys
2008-04-05 22:25 . 2008-04-05 22:25 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\vlc
2008-04-05 22:22 . 2008-04-05 22:22 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-05 02:37 . 2007-08-09 16:36 <DIR> d-a------ C:\Program Files\Incredible Technologies
2008-04-04 22:31 . 2008-04-04 22:31 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-03 00:16 . 2008-04-03 00:16 242 --a------ C:\WINDOWS\SuperBlank.INI
2008-04-01 15:35 . 2008-04-01 15:35 22,328 --a------ C:\Documents and Settings\Molly\Application Data\PnkBstrK.sys
2008-03-29 17:00 . 2004-08-04 01:56 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-03-29 17:00 . 2004-08-04 01:56 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-03-29 16:14 . 2008-03-29 17:01 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\skypePM
2008-03-29 16:14 . 2008-03-29 16:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-28 18:24 . 2008-04-26 06:49 <DIR> d-------- C:\Program Files\GameSpot
2008-03-26 11:55 . 2008-04-12 22:28 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-26 11:19 . 2005-12-09 16:31 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe
2008-03-26 11:19 . 2005-12-09 16:35 245,824 -ra------ C:\WINDOWS\Instexec.exe
2008-03-26 11:19 . 2005-12-09 16:31 719 -ra------ C:\WINDOWS\system32\InstExec.ini
2008-03-26 11:18 . 2008-03-26 11:18 <DIR> d-------- C:\Program Files\Logitech
2008-03-26 11:18 . 2008-03-26 11:49 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-26 11:10 . 2008-03-26 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-26 06:12 . 2008-03-26 06:12 <DIR> d-------- C:\Program Files\Skype
2008-03-26 06:12 . 2008-03-26 06:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-26 06:12 . 2008-04-24 01:47 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Skype
2008-03-26 06:12 . 2008-03-26 06:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-25 13:09 . 2008-03-25 13:09 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Sports Interactive
2008-03-25 13:05 . 2008-04-24 01:47 <DIR> dr-h----- C:\Documents and Settings\Molly\Application Data\SecuROM
2008-03-25 13:05 . 2008-03-25 13:05 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 13:02 . 2008-03-25 13:05 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-25 13:02 . 2008-03-25 13:02 <DIR> d-------- C:\Program Files\Sports Interactive
2008-03-25 12:27 . 2008-03-25 12:29 <DIR> d-------- C:\Program Files\Metaboli Player
2008-03-25 01:10 . 2008-03-25 01:10 <DIR> d-------- C:\Program Files\Virgin Media Games
2008-03-25 01:10 . 2008-03-25 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-03-24 20:05 . 2008-03-25 19:06 <DIR> d-------- C:\Program Files\LimeWire
2008-03-23 19:14 . 2008-03-23 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Program Files\Common Files\Freeloader Shared
2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-03-22 21:14 . 2008-03-22 22:18 <DIR> d-------- C:\Program Files\freeloader.com
2008-03-19 10:39 . 2008-03-19 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Exetender
2008-03-19 10:39 . 2004-02-04 11:01 2,238 --------- C:\WINDOWS\metaboli.ico
2008-03-19 10:39 . 2008-03-19 10:39 68 --a------ C:\WINDOWS\GPlrLanc.dat
2008-03-16 10:36 . 2008-03-16 10:36 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-16 10:28 . 2008-03-16 10:28 <DIR> d-------- C:\Program Files\NCH Software
2008-03-16 10:13 . 2008-04-24 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-16 09:38 . 2001-05-11 14:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-03-16 09:38 . 2001-05-16 18:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-16 09:38 . 2001-03-26 05:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-03-16 09:37 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-03-16 09:37 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-03-16 09:37 . 2002-01-20 00:10 597,834 --a------ C:\WINDOWS\system32\AS-IFce1.ocx
2008-03-16 09:37 . 2003-11-19 14:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-03-16 09:37 . 2002-01-05 17:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-03-16 09:37 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-03-16 09:37 . 2000-07-15 00:00 118,784 --a------ C:\WINDOWS\system32\msstdfmt.dll
2008-03-16 09:37 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-16 09:37 . 1999-01-26 20:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-03-16 09:31 . 2008-03-16 09:31 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\InterVideo
2008-03-15 11:42 . 2003-03-30 21:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-15 11:42 . 2004-09-10 14:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-03-15 11:40 . 2008-03-15 11:42 <DIR> d-------- C:\Program Files\Cucusoft
2008-03-15 11:40 . 2007-03-25 01:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-03-15 11:40 . 2007-03-25 22:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-03-15 11:40 . 2007-03-25 01:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-03-15 11:40 . 2007-01-01 06:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-03-15 11:40 . 2003-04-03 01:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-15 11:40 . 2007-03-25 01:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-14 09:22 . 2008-03-14 09:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-14 09:22 . 2008-03-14 09:22 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Media Player Classic
2008-03-14 00:09 . 2008-03-14 00:10 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-03-13 17:36 . 2008-03-13 17:36 <DIR> d-------- C:\Program Files\NETAMIN
2008-03-13 16:08 . 2008-04-10 10:07 <DIR> d-------- C:\Program Files\PKR
2008-03-13 16:00 . 2008-04-26 06:54 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Azureus
2008-03-13 16:00 . 2008-03-13 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-13 15:59 . 2008-04-26 06:55 <DIR> d-------- C:\Program Files\Azureus
2008-03-13 14:52 . 2008-03-13 14:53 787,844 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 12:05 --------- d-----w C:\Documents and Settings\Molly\Application Data\LimeWire
2008-04-29 13:22 --------- d-----w C:\Program Files\Java
2008-04-28 19:25 --------- d-----w C:\Program Files\DriftCity
2008-04-27 11:01 --------- d-s---w C:\Program Files\Xfire
2008-04-26 23:12 --------- d--h--w C:\Documents and Settings\Molly\Application Data\ijjigame
2008-04-26 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 21:56 --------- d-----w C:\Documents and Settings\Molly\Application Data\Xfire
2008-04-24 00:47 --------- d-----w C:\Documents and Settings\Molly\Application Data\mIRC
2008-04-24 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\UTour Golf
2008-04-24 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-24 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-04-24 00:45 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 13:09 --------- d-----w C:\Program Files\EA GAMES
2008-04-19 23:21 12,114 ----a-w C:\Program Files\install.log
2008-04-07 17:27 --------- d-----w C:\Program Files\Google
2008-04-07 03:18 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-07 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-25 00:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 01:46 --------- d-----w C:\Program Files\eMule
2008-03-16 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 03:52 --------- d-----w C:\Documents and Settings\Molly\Application Data\Microgaming
2008-03-13 14:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 13:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-29 15:05 --------- d-----w C:\Documents and Settings\Molly\Application Data\Apple Computer
2007-12-01 00:32 0 ----a-w C:\Documents and Settings\Molly\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E39601-F811-4B8D-BF1B-72C502AF315E}]
C:\WINDOWS\system32\awtRKcBs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f70e81a0-b19f-46d1-ba9f-b9de25f15f37}]
C:\WINDOWS\system32\gbdgpsnn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-20 04:51 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-20 04:50 688218]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 18:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 18:31 356352]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 04:05 339968]
"SoundMan"="SOUNDMAN.EXE" [2004-11-30 23:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 07:11 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 18:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnNDwVN]
opnNDwVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=???ail,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Molly^Start Menu^Programs^Startup^CPUCooL.lnk]
path=C:\Documents and Settings\Molly\Start Menu\Programs\Startup\CPUCooL.lnk
backup=C:\WINDOWS\pss\CPUCooL.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Molly^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Molly\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Molly^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Molly^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Molly^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup
--a--c--- 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\88507fcf]
C:\WINDOWS\system32\enegvvla.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-07-23 04:38 88361 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b634c53]
C:\WINDOWS\system32\yuovrjwr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadbandadvisor.exe]
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 19:37 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"MHN"=3 (0x3)
"WZCSVC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"McrdSvc"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"KService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"Freeloader Monthly Subscription Service"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SkillGround\\Games\\UTG\\Main.exe"=
"C:\\Program Files\\SkillGround\\Games\\LASR\\LASR.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 07:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 07:11]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 07:11]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 07:11]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-25 12:01]
S3 DrmRDriverV32;DrmRDriverV32;C:\WINDOWS\system32\drivers\DrmRDriverV32.sys [2008-03-13 16:18]
S3 DrmRVideo32;DrmRVideo32;C:\WINDOWS\system32\DRIVERS\DrmRVideo32.sys [2008-03-13 16:18]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []
S4 Freeloader Monthly Subscription Service;Freeloader Monthly Subscription Service;"C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Monthly Subscription Service File.exe" [2008-03-22 21:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c43346-0d96-11dd-b586-00142a2a8b24}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 14:34:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 19:52:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-04-30 19:58:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 18:58:13

Pre-Run: 26,190,856,192 bytes free
Post-Run: 26,251,825,152 bytes free

379 --- E O F --- 2008-04-17 00:55:07

#9 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 02:10 PM

Oops, I forgot to add the HJT log so here it is, Hope you can make some sense out of it for me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:04, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D5E39601-F811-4B8D-BF1B-72C502AF315E} - C:\WINDOWS\system32\awtRKcBs.dll (file missing)
O2 - BHO: {73f51f52-ed9b-f9ab-1d64-f91b0a18e07f} - {f70e81a0-b19f-46d1-ba9f-b9de25f15f37} - C:\WINDOWS\system32\gbdgpsnn.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} (CLaunchRBO10 Object) - http://www.playrealbaseball.com/include/la...BO_v1.1.0.0.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196541759781
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ???ail,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnNDwVN - opnNDwVN.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 1: (no name) - http://www.google.co.uk/

--
End of file - 7237 bytes

#10 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 02:14 PM

As mentioned before, I have tried 2 or 3 times to run a MalwareBytes Anti-Malware scan but it always crashes and locks the system up at about the 13-14 minute mark, could this be something to do with the Vundo.N trojan or something similar, I'm pretty sure that it's not the program itself as I have downloaded it twice since the initial install as I initially thought this could be the problem, I look forward to hearing from someone soon.

Thanks again

steve

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 30 April 2008 - 02:56 PM

Hello,

I am the only "someone" you'll be hearing from, and I already know you can't run MBAM. That's why I had you run ComboFix.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E39601-F811-4B8D-BF1B-72C502AF315E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f70e81a0-b19f-46d1-ba9f-b9de25f15f37}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\88507fcf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnNDwVN]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b634c53]

File::
C:\WINDOWS\system32\awtRKcBs.dll
C:\WINDOWS\system32\gbdgpsnn.dll
C:\WINDOWS\system32\enegvvla.dll
C:\WINDOWS\system32\yuovrjwr.dll


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 04:25 PM

Ok here we go then

1. ComboFix Log
2. New HJT Log



1:-

ComboFix 08-04-29.5 - Molly 2008-04-30 22:16:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT 1:00]
Running from: C:\Documents and Settings\Molly\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Molly\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awtRKcBs.dll
C:\WINDOWS\system32\enegvvla.dll
C:\WINDOWS\system32\gbdgpsnn.dll
C:\WINDOWS\system32\yuovrjwr.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 12:26 . 2008-04-30 12:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\SUPERAntiSpyware.com
2008-04-30 12:26 . 2008-04-30 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 12:18 . 2008-04-30 12:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-30 11:35 . 2008-04-30 11:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\Malwarebytes
2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 21:05 . 2008-04-29 21:05 <DIR> d----c--- C:\Deckard
2008-04-29 14:28 . 2008-04-29 14:28 112 --a------ C:\Documents and Settings\Molly\DatRemover.log
2008-04-29 14:21 . 2008-04-29 14:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-29 14:21 . 2008-04-24 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 20:25 . 2008-04-28 20:25 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\NPLUTO Corporation
2008-04-27 00:08 . 2007-06-21 18:59 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-04-27 00:07 . 2008-04-27 00:07 <DIR> d-------- C:\Program Files\NHN USA
2008-04-27 00:07 . 2008-01-16 18:25 679,936 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-04-26 23:14 . 2008-04-26 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-26 08:51 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\MxBoost
2008-04-26 08:49 . 2008-04-30 00:31 <DIR> d-------- C:\Program Files\Maxthon2
2008-04-26 07:38 . 2008-04-26 07:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 07:38 . 2008-04-26 07:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 07:21 . 2008-04-30 22:12 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-04-26 07:11 . 2008-04-30 18:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-26 07:11 . 2008-04-26 07:11 <DIR> d-------- C:\Program Files\AVG
2008-04-26 07:11 . 2008-04-26 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-26 07:11 . 2008-04-26 07:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-26 07:11 . 2008-04-26 07:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-26 07:11 . 2008-04-26 07:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-24 23:32 . 2008-04-25 23:34 109,734 --a------ C:\WINDOWS\BM8b634c53.xml
2008-04-24 17:46 . 2008-04-24 17:46 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\ESET
2008-04-24 17:43 . 2008-04-24 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-24 02:18 . 2008-04-24 02:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-24 02:13 . 2008-04-24 11:37 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-04-24 01:34 . 2008-04-24 01:34 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-04-24 01:34 . 2008-04-24 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-04-24 01:34 . 2006-11-22 12:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-04-22 13:53 . 1996-10-15 10:40 291,600 --a------ C:\WINDOWS\system\WININET.DLL
2008-04-22 13:31 . 2008-04-25 18:00 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\InstallShield
2008-04-22 13:30 . 2008-04-22 13:30 921 --a------ C:\WINDOWS\QSFVExit.bat
2008-04-21 18:01 . 2008-04-21 18:07 2,621,517 --a--c--- C:\az.log.bak
2008-04-20 15:43 . 2008-04-22 13:55 399 --a------ C:\WINDOWS\SIERRA.INI
2008-04-20 00:36 . 2008-04-20 00:36 <DIR> d-------- C:\Program Files\uTorrent
2008-04-20 00:36 . 2008-04-29 22:40 <DIR> d-------- C:\Documents and Settings\Molly\Application Data\uTorrent
2008-04-20 00:21 . 2008-04-20 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-04-16 15:50 . 2008-04-16 17:29 134 --a------ C:\WINDOWS\rootkitno.ini
2008-04-16 15:49 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-04-16 15:37 . 2008-04-16 15:38 258 --a------ C:\WINDOWS\wininit.ini


2:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:52, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} (CLaunchRBO10 Object) - http://www.playrealbaseball.com/include/la...BO_v1.1.0.0.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196541759781
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ???ail,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 1: (no name) - http://www.google.co.uk/

--
End of file - 6921 bytes




I hope this will help us to get a bit further into this problem.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 30 April 2008 - 04:42 PM

Hello,

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Every time I boot up or restart my laptop I receive a dialog box as soon as windows starts saying yuovjwr.dll cannot be found and so it will not be executed, I have re-scanned the whole HDD for virii and also spyware with spy bot and both come back saying the system is clean!.

Is this still happening?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 05:46 PM

This problem seemed to disappear when I did a full Virus and spyware scan and removal although the other problems still seem to be there, and also every now and then AVG alerts me to a threat from Vundo Trojan. I keep asking it to heal or remove it and it seems to do it ok, but this only seems to show up now after i do either of these scans so it is obviously hidden somewhere else on the computer or not beong removed correctly by AVG or superSpyware Scanner!

Any help removing this owuld be great, I have downloaded FixVundo.exe from the symantec site but was waiting for instructions from you first before procedding, if you think this would be a good move please let me know ASAP.

Also could you tell me why we needed all of those log files just to say about what you mentioned above, as this was mentioned at hte start of my original post.???

Thanks again for all your help


steve

#15 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:04:02 PM

Posted 30 April 2008 - 05:48 PM

I have also changed the desktop things that you asked me too, although I only had to uncheck the lock desktop thing/.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users