Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nt System Authority Shutdown..help!


  • Please log in to reply
18 replies to this topic

#1 jordivision

jordivision

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 03 October 2006 - 10:22 PM

so im getting this automatic shutdown prompt that shuts my system down under the name of NT SYSTEM AUTHORITY SHUTDOWN. Also, it is affecting my typing and missing every third or fourth letter if i dont type like myfather!..

here is my hijack this log. ( i have already run ewido, spybot, adaware, and norton)


Logfile of HijackThis v1.99.1
Scan saved at 11:19:55 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1155771547\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\testing\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155771547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [dakcb260] RUNDLL32.EXE w548593b.dll,n 003cb25d00000002548593b
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O20 - Winlogon Notify: h618 - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe




any help would be muchappreciated!!

BC AdBot (Login to Remove)

 


m

#2 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 04 October 2006 - 08:32 PM

Please help me! i have done everything i know how!

#3 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 05 October 2006 - 11:41 PM

i already deleted the stonedrv.exe entries. I really need help. My computer takes foreverto boot up now. And the internet connection is very tenuous. I will be very appreciative to any and all who help!

#4 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 06 October 2006 - 07:22 PM

here is a combofix log. please. i need help
:-(





testing - 06-10-06 18:35:38.03
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\testing\Desktop\spyware

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\testing\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\testing\Application Data\SKS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-04 10:58 0 -rahs---- C:\MSDOS.SYS
2006-10-04 10:58 0 -rahs---- C:\IO.SYS
2006-09-30 19:29 228,788 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2140.exe
2006-09-14 21:22 2,199 --a------ C:\WINDOWS\system32\sdbackup.reg
2006-09-12 01:49 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-12 01:49 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-09-06 18:51 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-09-06 18:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 18:32 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 18:31 -------- d-------- C:\Program Files\Common Files
2006-10-06 02:46 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-06 01:44 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-06 01:00 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-10-02 05:08 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-30 20:17 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-30 19:29 -------- d-------- C:\Program Files\Alcohol Toolbar
2006-09-30 19:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-30 19:22 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 18:52 -------- d-------- C:\Program Files\Activision
2006-09-22 04:57 -------- d-------- C:\Program Files\THQ
2006-09-22 04:52 -------- d-------- C:\Program Files\Adobe
2006-09-21 16:42 618328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-09-20 14:42 -------- d-------- C:\Program Files\Soulseek
2006-09-19 03:18 -------- d-------- C:\Program Files\BitComet
2006-09-18 20:35 -------- d-------- C:\Program Files\Symantec
2006-09-17 04:28 -------- d-------- C:\Program Files\BitTorrent
2006-09-17 04:15 -------- d-------- C:\Program Files\ABC
2006-09-16 21:04 -------- d-------- C:\Documents and Settings\testing\Application Data\BitTorrent
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 21:08 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-14 13:30 -------- d-------- C:\Program Files\ASCII
2006-09-13 19:02 -------- d-------- C:\Program Files\Windows Media Player
2006-09-12 19:19 -------- d-------- C:\Program Files\LimeWire
2006-09-12 01:49 -------- d-------- C:\Program Files\XviD
2006-09-12 01:39 -------- d-------- C:\Program Files\DivX
2006-09-11 20:55 -------- d-------- C:\Program Files\Valve
2006-09-08 11:19 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-09-06 04:51 -------- d-------- C:\Program Files\Windows Defender
2006-09-06 04:50 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-06 04:46 -------- d-------- C:\Program Files\Internet Explorer
2006-09-06 03:32 -------- d-------- C:\Program Files\EA GAMES
2006-09-04 01:33 98 --------- C:\WINDOWS\taskmen32.pif
2006-09-03 22:09 980 --a------ C:\Documents and Settings\testing\Application Data\wklnhst.dat
2006-09-02 03:48 -------- d-------- C:\Program Files\The Weather Channel FW
2006-09-02 02:26 -------- d-------- C:\Program Files\iPod
2006-08-31 02:56 -------- d-------- C:\Documents and Settings\testing\Application Data\Lavasoft
2006-08-31 02:55 -------- d-------- C:\Program Files\Lavasoft
2006-08-31 02:39 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-31 00:37 -------- d-------- C:\Program Files\SymNetDrv
2006-08-29 20:37 -------- d---s---- C:\Documents and Settings\testing\Application Data\Microsoft
2006-08-29 20:37 -------- d-------- C:\Documents and Settings\testing\Application Data\Template
2006-08-29 20:32 -------- d-------- C:\Program Files\PConPoint
2006-08-29 02:22 -------- d-------- C:\Documents and Settings\testing\Application Data\TextPad
2006-08-29 02:21 -------- d-------- C:\Program Files\TextPad 4
2006-08-21 19:32 -------- d-------- C:\Program Files\Audio MP3 Converter
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 21:21 -------- d-------- C:\Documents and Settings\testing\Application Data\Ventrilo
2006-08-20 21:20 -------- d-------- C:\Program Files\Ventrilo
2006-08-20 21:19 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-16 19:40 -------- d-------- C:\Program Files\AOL
2006-08-16 19:40 -------- d-------- C:\Documents and Settings\testing\Application Data\acccore
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\aolshare
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-16 19:38 -------- d-------- C:\Documents and Settings\testing\Application Data\Mozilla
2006-08-11 15:46 -------- d-------- C:\Documents and Settings\testing\Application Data\Real
2006-08-11 15:45 -------- d-------- C:\Program Files\Real
2006-08-11 15:45 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-11 15:45 -------- d-------- C:\Program Files\Common Files\Real
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-08-11 13:31 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-08-11 13:31 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-08-10 21:26 -------- d-------- C:\Program Files\Viewpoint
2006-08-09 19:04 66 --a------ C:\Documents and Settings\testing\Application Data\SQSDMTST.SYS
2006-08-09 18:54 -------- d-------- C:\Program Files\Xilisoft
2006-08-09 18:49 71 --a------ C:\Documents and Settings\testing\Application Data\RipEditBurnPLUS.ini
2006-08-09 18:47 36 --a------ C:\WINDOWS\system32\drvlock.sys
2006-08-09 18:47 30 --a------ C:\WINDOWS\system32\symbios.sys
2006-08-09 18:47 -------- d-------- C:\Program Files\Blaze Audio
2006-08-09 05:15 -------- d-------- C:\Program Files\Vodei
2006-08-08 21:09 247866 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1218.exe
2006-08-08 21:08 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-07 02:11 -------- d-------- C:\Program Files\PowerISO
2006-08-03 11:50 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-26 22:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1155771547\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"dakcb260"="RUNDLL32.EXE w548593b.dll,n 003cb25d00000002548593b"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="C:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"Steam"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,62,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h618


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - testing.job

Completion time: Fri 10/06/2006 18:37:24.57
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#5 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 07 October 2006 - 03:55 AM

PLEASE. SOME ONE HELP. IF I YOU CAN FIX MY COMPUTER WITHOUT A REINSTALL I WILL SEND YOU 20$. WTF. i cant believe no one will help/

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 October 2006 - 07:38 AM

Easy there Jordivision!

We are all volunteers here and cant get to every log thats posted.

Post a fresh HijackThis log and summarize what you have done to the PC to this point.

#7 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 07 October 2006 - 04:48 PM

sorry for being a bit, well - drunk -, when i posted last. I do appreciate all of the work you guys do. I apoloize.


Logfile of HijackThis v1.99.1
Scan saved at 5:44:22 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1155771547\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
c:\program files\common files\aol\1155771547\ee\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\testing\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155771547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [dakcb260] RUNDLL32.EXE w548593b.dll,n 003cb25d00000002548593b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O20 - Winlogon Notify: h618 - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 October 2006 - 06:45 PM

Can you generate a fresh ComboFix log please?


Also,I need you to run an Online Scan.


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#9 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 08 October 2006 - 12:05 PM

f-secure scanner didnt find anything. here is the combofix:

testing - 06-10-08 12:58:56.62
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\testing\Desktop\spyware

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\testing\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\testing\Application Data\SKS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-07 21:02 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-07 17:55 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-10-07 17:55 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-10-07 17:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-06 22:39 95,760 --a------ C:\WINDOWS\system32\isafeif.dll
2006-10-06 22:39 75,280 --a------ C:\WINDOWS\system32\vetredir.dll
2006-10-06 22:39 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2006-10-04 10:58 0 -rahs---- C:\MSDOS.SYS
2006-10-04 10:58 0 -rahs---- C:\IO.SYS
2006-09-30 19:29 228,788 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2140.exe
2006-09-14 21:22 2,199 --a------ C:\WINDOWS\system32\sdbackup.reg
2006-09-12 01:49 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-12 01:49 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-08 12:57 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 21:31 -------- d-------- C:\Program Files\Internet Explorer
2006-10-07 20:01 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-10-07 05:17 -------- d-------- C:\Program Files\Electronic Arts
2006-10-06 22:39 -------- d-------- C:\Program Files\CA
2006-10-06 22:24 -------- d-------- C:\Program Files\Symantec
2006-10-06 22:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-06 22:24 -------- d-------- C:\Program Files\Common Files
2006-10-06 22:16 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-06 21:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-03 12:34 629216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2006-10-03 12:34 32528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-03 12:34 26640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-03 12:34 21648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-03 12:34 21392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-03 12:34 108544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2006-10-02 05:08 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-30 19:29 -------- d-------- C:\Program Files\Alcohol Toolbar
2006-09-30 19:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-30 19:22 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 18:52 -------- d-------- C:\Program Files\Activision
2006-09-22 04:57 -------- d-------- C:\Program Files\THQ
2006-09-22 04:52 -------- d-------- C:\Program Files\Adobe
2006-09-21 16:42 618328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-09-20 14:42 -------- d-------- C:\Program Files\Soulseek
2006-09-19 03:18 -------- d-------- C:\Program Files\BitComet
2006-09-17 04:28 -------- d-------- C:\Program Files\BitTorrent
2006-09-17 04:15 -------- d-------- C:\Program Files\ABC
2006-09-16 21:04 -------- d-------- C:\Documents and Settings\testing\Application Data\BitTorrent
2006-09-14 21:08 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-14 13:30 -------- d-------- C:\Program Files\ASCII
2006-09-13 19:02 -------- d-------- C:\Program Files\Windows Media Player
2006-09-12 19:19 -------- d-------- C:\Program Files\LimeWire
2006-09-12 01:49 -------- d-------- C:\Program Files\XviD
2006-09-12 01:39 -------- d-------- C:\Program Files\DivX
2006-09-11 20:55 -------- d-------- C:\Program Files\Valve
2006-09-08 11:19 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-09-06 04:51 -------- d-------- C:\Program Files\Windows Defender
2006-09-06 04:50 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-06 03:32 -------- d-------- C:\Program Files\EA GAMES
2006-09-04 01:33 98 --------- C:\WINDOWS\taskmen32.pif
2006-09-03 22:09 980 --a------ C:\Documents and Settings\testing\Application Data\wklnhst.dat
2006-09-02 03:48 -------- d-------- C:\Program Files\The Weather Channel FW
2006-09-02 02:26 -------- d-------- C:\Program Files\iPod
2006-08-31 02:56 -------- d-------- C:\Documents and Settings\testing\Application Data\Lavasoft
2006-08-31 02:55 -------- d-------- C:\Program Files\Lavasoft
2006-08-31 02:39 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-29 20:37 -------- d---s---- C:\Documents and Settings\testing\Application Data\Microsoft
2006-08-29 20:37 -------- d-------- C:\Documents and Settings\testing\Application Data\Template
2006-08-29 20:32 -------- d-------- C:\Program Files\PConPoint
2006-08-29 02:22 -------- d-------- C:\Documents and Settings\testing\Application Data\TextPad
2006-08-29 02:21 -------- d-------- C:\Program Files\TextPad 4
2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-21 19:32 -------- d-------- C:\Program Files\Audio MP3 Converter
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 21:21 -------- d-------- C:\Documents and Settings\testing\Application Data\Ventrilo
2006-08-20 21:20 -------- d-------- C:\Program Files\Ventrilo
2006-08-20 21:19 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-16 19:40 -------- d-------- C:\Program Files\AOL
2006-08-16 19:40 -------- d-------- C:\Documents and Settings\testing\Application Data\acccore
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\aolshare
2006-08-16 19:39 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-16 19:38 -------- d-------- C:\Documents and Settings\testing\Application Data\Mozilla
2006-08-11 15:46 -------- d-------- C:\Documents and Settings\testing\Application Data\Real
2006-08-11 15:45 -------- d-------- C:\Program Files\Real
2006-08-11 15:45 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-11 15:45 -------- d-------- C:\Program Files\Common Files\Real
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-08-11 13:31 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-08-11 13:31 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-08-10 21:26 -------- d-------- C:\Program Files\Viewpoint
2006-08-10 19:46 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-09 19:04 66 --a------ C:\Documents and Settings\testing\Application Data\SQSDMTST.SYS
2006-08-09 18:54 -------- d-------- C:\Program Files\Xilisoft
2006-08-09 18:49 71 --a------ C:\Documents and Settings\testing\Application Data\RipEditBurnPLUS.ini
2006-08-09 18:47 36 --a------ C:\WINDOWS\system32\drvlock.sys
2006-08-09 18:47 30 --a------ C:\WINDOWS\system32\symbios.sys
2006-08-09 18:47 -------- d-------- C:\Program Files\Blaze Audio
2006-08-09 05:15 -------- d-------- C:\Program Files\Vodei
2006-08-08 21:09 247866 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1218.exe
2006-08-08 21:08 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-03 11:50 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-26 22:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1155771547\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"dakcb260"="RUNDLL32.EXE w548593b.dll,n 003cb25d00000002548593b"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="C:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"Steam"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,62,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h618


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sun 10/08/2006 13:00:47.45
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2006 - 02:47 PM

When you post the F-Secure results,let me know if you can find these files?

Be sure Windows is showing hidden files
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

C:\WINDOWS\taskmen32.pif<--- Needs to be scanned Here

C:\WINDOWS\System32\dakcb260.sys<-- Delete if found

C:\WINDOWS\System32\dakcb260.dll<-- Delete if found

C:\WINDOWS\System32\w548593b.dll<-- Delete if found

#11 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 09 October 2006 - 10:15 AM

hey buddy, I used f-secure and it removed ONLY a tracking cookie. so i dont have the log. but otherwise the combo fix log is up to date

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2006 - 02:10 PM

Did you get the file scanned I asked about and did you delete the others?

I can see where a HacDef fix has been run on the machine,wanna give me some background on whats occured in the last week or 2?

What fixes have you run and such?

#13 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 10 October 2006 - 01:11 AM

got taskman.pif scanned and its clean. i ran norton, ewido, spybpt, fsecure, computer associates. in addition i ran combo fix and hijack this. i removed stondrv.exe with hijack this

#14 jordivision

jordivision
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 10 October 2006 - 01:38 AM

ALSO, when i try to access my WINDOWS firewall through the control panel its says i cannot "due to an unidentified reason"

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2006 - 03:30 AM

Upload a copy of taskman.pif at the upload site below please
http://www.uploadmalware.com/


Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users