Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gzmrotate


  • This topic is locked This topic is locked
2 replies to this topic

#1 rogervaneenoo

rogervaneenoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 13 December 2008 - 11:54 AM

On starting up my computer I repeatedly get an error message saying the it cannot locate the gzmrotate.dll

I have run scans with AVG, Super Anti-Spyware, and Malwarebytes AntiMalware.
I have also repeatedly removed the reference to it in msconfig on the Startup tab.
It keeps coming back.
I have also removed references to it in the registry.
It keeps coming back.
Below is my "Hijack this" log from the downloaded RSIT program that you suggested in your preparation guide.

Can you help??

Logfile of random's system information tool 1.04 (written by random/random)
Run by Roger at 2008-12-13 11:48:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 123 GB (80%) free of 153 GB
Total RAM: 447 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXCZPSWX.EXE
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXCZJSWX.EXE
C:\Documents and Settings\Roger\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Roger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pbctbc.bc.motive.com
O15 - Trusted Zone: http://pbctbcivr.bc.motive.com
O15 - Trusted Zone: http://fix.sympatico.ca
O15 - Trusted Zone: http://rc.sympatico.ca
O15 - Trusted Zone: http://rcfr.sympatico.ca
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 10: (no name) - http://www.europebyphoto.com/images/brugge/canal7lge.jpg
O24 - Desktop Component 11: (no name) - http://www.flowerpictures.net/Flowerpictur...a_onconee-5.jpg
O24 - Desktop Component 12: (no name) - http://www.fotosearch.com/rotatingimages/ks16136.jpg
O24 - Desktop Component 13: (no name) - http://www.freefoto.com/images/9907/11/990...=Common+Buzzard
O24 - Desktop Component 14: (no name) - http://www.ubcbotanicalgarden.org/potd/man...park2-thumb.jpg
O24 - Desktop Component 15: (no name) - http://farm3.static.flickr.com/2106/193712...abfd732f4_m.jpg
O24 - Desktop Component 16: (no name) - http://flowerscanada.org/image/3.jpg
O24 - Desktop Component 17: (no name) - http://static4.bareka.com/photos/medium/57823/maria.jpg
O24 - Desktop Component 18: (no name) - http://static3.bareka.com/photos/medium/196086/albufera.jpg
O24 - Desktop Component 19: (no name) - http://wallpaperoriginals.com/banners/1024-pets1.jpg
O24 - Desktop Component 20: (no name) - http://www.freefoto.com/images/12/13/12_13...a+Garden+Border
O24 - Desktop Component 21: (no name) - http://www.freefoto.com/images/90/09/90_09...+Northumberland
O24 - Desktop Component 22: (no name) - http://www.quantumsoft.co.uk/files/clipart...dscape_0026.jpg
O24 - Desktop Component 23: (no name) - http://www.freefoto.com/images/15/05/15_05...jpg?&k=Rose
O24 - Desktop Component 24: (no name) - http://backgroundsarchive.com/images/pub/7...3clc2uevps5.jpg
O24 - Desktop Component 25: (no name) - http://static-p.arttoday.com/thw/thw8/PH/t...65_060222_75615
O24 - Desktop Component 26: (no name) - http://www.freefoto.com/images/12/01/12_01...jpg?&k=Rose
O24 - Desktop Component 27: (no name) - http://www.desktoppictures.com/images/pict...rida-mimosa.jpg
O24 - Desktop Component 28: (no name) - http://freakymartin.com/nitro/webpark/47d1...mi_pilota_0.jpg
O24 - Desktop Component 30: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9389 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\ErrorFix Scan.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\WSSHelper.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-26 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-07 77824]
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [2000-08-14 36864]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-07-01 28672]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"hid_start"=C:\WINDOWS\system32\gzmrotate.dll DllVerify []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-09 1809648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2005-05-12 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\25AVUVMB\incredimail_install[1].exe"="C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\25AVUVMB\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7e7be3-28c6-11dd-ace2-000fea415be3}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5985e95-2841-11dd-8df2-000fea415be3}]
shell\AutoRun\command - I:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2008-12-13 11:48:32 ----D---- C:\rsit
2008-12-13 07:28:53 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-12-09 17:50:43 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 17:46:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:28:04 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-09 17:23:31 ----A---- C:\Boot.bak
2008-12-09 17:23:08 ----D---- C:\cmdcons
2008-12-09 17:20:28 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\zip.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\sed.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\grep.exe
2008-12-09 17:20:27 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 17:20:18 ----D---- C:\ComboFix
2008-12-09 17:20:17 ----A---- C:\WINDOWS\system32\CF10564.exe
2008-12-09 17:18:55 ----D---- C:\Qoobox
2008-12-09 17:18:54 ----A---- C:\WINDOWS\system32\CF10283.exe
2008-12-09 16:32:04 ----D---- C:\Program Files\BHODemon 2
2008-12-09 16:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 16:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 16:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 16:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 11:46:15 ----A---- C:\zaSetup_en.exe
2008-12-04 09:26:30 ----D---- C:\Documents and Settings\Roger\Application Data\Uniblue
2008-12-03 10:43:28 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-03 10:43:14 ----D---- C:\Program Files\Security Task Manager
2008-11-29 08:43:56 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-29 08:43:50 ----D---- C:\Program Files\Common Files\Designer
2008-11-29 08:42:21 ----D---- C:\WINDOWS\ShellNew
2008-11-25 18:29:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-23 15:36:00 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-23 11:49:40 ----D---- C:\Documents and Settings\Roger\Application Data\ErrorFix
2008-11-23 11:48:43 ----D---- C:\Program Files\ErrorFix
2008-11-22 13:25:04 ----D---- C:\Documents and Settings\Roger\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-19 12:21:11 ----D---- C:\Documents and Settings\Roger\Application Data\aAvgApi
2008-11-18 07:53:05 ----D---- C:\Program Files\NOS
2008-11-18 07:52:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 07:52:09 ----D---- C:\Program Files\MSXML 4.0

======List of files/folders modified in the last 1 months======

2008-12-13 11:48:42 ----D---- C:\WINDOWS\Prefetch
2008-12-13 11:48:40 ----D---- C:\WINDOWS\Temp
2008-12-13 11:47:00 ----A---- C:\WINDOWS\lexstat.ini
2008-12-13 11:40:52 ----D---- C:\WINDOWS\Internet Logs
2008-12-13 07:36:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 07:31:38 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-13 07:31:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 07:31:38 ----D---- C:\WINDOWS\system32
2008-12-13 07:27:34 ----SHD---- C:\WINDOWS\Installer
2008-12-13 07:27:34 ----D---- C:\Config.Msi
2008-12-13 07:27:33 ----D---- C:\WINDOWS\WinSxS
2008-12-10 12:45:23 ----D---- C:\WINDOWS
2008-12-10 12:43:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 17:51:56 ----AD---- C:\Program Files
2008-12-09 17:45:04 ----RASH---- C:\boot.ini
2008-12-09 17:45:04 ----A---- C:\WINDOWS\win.ini
2008-12-09 17:45:04 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:45:03 ----D---- C:\WINDOWS\pss
2008-12-09 17:24:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 17:24:31 ----D---- C:\WINDOWS\Debug
2008-12-09 17:18:56 ----D---- C:\WINDOWS\ERDNT
2008-12-09 17:05:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 16:20:04 ----HD---- C:\WINDOWS\inf
2008-12-09 16:19:40 ----D---- C:\Program Files\Internet Explorer
2008-12-09 16:19:30 ----D---- C:\WINDOWS\ie7updates
2008-12-09 16:19:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 10:28:15 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-07 07:29:47 ----SD---- C:\WINDOWS\Tasks
2008-12-06 12:17:49 ----D---- C:\temp
2008-12-06 10:21:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 17:11:14 ----D---- C:\Program Files\Google
2008-12-03 11:33:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-03 11:15:25 ----D---- C:\Program Files\Common Files
2008-12-02 16:26:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-29 16:20:33 ----D---- C:\Program Files\Coupons
2008-11-29 09:41:11 ----D---- C:\Program Files\Microsoft Office
2008-11-29 08:49:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 08:45:41 ----AC---- C:\WINDOWS\ODBC.INI
2008-11-29 08:45:22 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-29 08:43:36 ----D---- C:\WINDOWS\Media
2008-11-29 08:39:37 ----D---- C:\WINDOWS\system
2008-11-29 08:39:37 ----D---- C:\WINDOWS\msapps
2008-11-29 08:39:37 ----D---- C:\Program Files\microsoft frontpage
2008-11-28 09:36:09 ----A---- C:\WINDOWS\dellstat.ini
2008-11-23 15:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-23 11:25:47 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 11:22:47 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-23 09:54:13 ----SD---- C:\Documents and Settings\Roger\Application Data\Microsoft
2008-11-22 13:25:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-22 13:25:03 ----D---- C:\Documents and Settings\Roger\Application Data\Adobe
2008-11-19 16:36:58 ----D---- C:\WINDOWS\Help
2008-11-18 07:56:07 ----D---- C:\WINDOWS\system32\config
2008-11-18 07:55:52 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 07:55:51 ----D---- C:\WINDOWS\Registration
2008-11-18 07:53:28 ----D---- C:\Program Files\Advanced Registry Optimizer
2008-11-18 07:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-18 07:53:08 ----D---- C:\Program Files\Common Files\Adobe
2008-11-18 07:53:04 ----D---- C:\Program Files\Adobe
2008-11-18 07:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-18 07:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-18 07:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-18 07:52:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-18 07:51:52 ----D---- C:\Program Files\Windows Installer Clean Up

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-23 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-23 76040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-07 2319680]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys [2002-07-02 6030]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys [2002-07-02 70382]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-02-21 6144]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-05-13 172544]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys [2002-07-02 23854]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2002-07-02 40508]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50.sys []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50.sys []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50a64.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; C:\WINDOWS\system32\drivers\SDDMI2.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 231704]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:00 PM

Posted 20 December 2008 - 07:13 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:00 PM

Posted 27 December 2008 - 01:16 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users