Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Removing Virtumondo, Lop And A Few Others...


  • Please log in to reply
15 replies to this topic

#1 Clubaseal

Clubaseal

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 03 May 2007 - 04:38 PM

After scanning 100 times with all the suggested scanners in the pinned topic and a few more I apparently removed all or most spyware/malware. The problem now is that my computer is now slower than it was with all the spyware and malware in it. I might also add that my firefox browser won't start at all sometimes.

Posting a log is one of the few things I haven't done yet. So here it is...

Logfile of HijackThis v1.99.1
Scan saved at 2:35:14 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\biflbvev.dll",setvm
O4 - HKLM\..\Run: [BatBiasGreyThe] C:\Documents and Settings\All Users\Application Data\New win bat bias\grey audio.exe
O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [4STOP] C:\DOCUME~1\Owner\APPLIC~1\AUDIOO~1\KNOB JOY.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Znhwhx] "C:\Program Files\Common Files\??mbols\r?gsvr32.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by Clubaseal, 03 May 2007 - 05:13 PM.


BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 04 May 2007 - 05:25 PM

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Greets Jürgenv

Donation: Click me.

#3 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 06 May 2007 - 08:47 PM

Thanks for the reply.

I tried VundoFix a while before you replied actually and it was the last thing I used before my computer slowed down. I'll give it another shot because I don't think I scanned on start up.

Also I just realized that the only thing that actually runs slow are my browsers. I initially had the idea that it was every program I ran.


Edit: I ran the fix and there were no infected files.

Edited by Clubaseal, 06 May 2007 - 09:05 PM.


#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 07 May 2007 - 09:42 AM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Greets Jürgenv

Donation: Click me.

#5 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 07 May 2007 - 02:56 PM

Took an hour to get this done which I don't think is normal.

Here it is...

"Owner" - 2007-05-07 11:42:04 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\wintcc.exe
C:\WINDOWS\system32\wintsvcc.exe
C:\Program Files\Common Files\{38EB8~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Owner
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\FNTS~2
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\ICROSO~1.NET
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\MANTEC~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\PPATCH~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\SSTEM3~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\YMANTE~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\YSTEM~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\WNSXS~1\l?gonui.exe
C:\qoobox\purity\C\Program Files\CROSOF~1
C:\qoobox\purity\C\Program Files\CURITY~1
C:\qoobox\purity\C\Program Files\DOBE~1
C:\qoobox\purity\C\Program Files\ECURIT~1
C:\qoobox\purity\C\Program Files\PPPATC~1
C:\qoobox\purity\C\Program Files\SSTEM~1
C:\qoobox\purity\C\Program Files\WNSXS~1
C:\qoobox\purity\C\Program Files\Common Files\ASEMBL~1
C:\qoobox\purity\C\Program Files\Common Files\MBOLS~1
C:\qoobox\purity\C\WINDOWS\APPATC~1
C:\qoobox\purity\C\WINDOWS\CROSOF~1
C:\qoobox\purity\C\WINDOWS\ICROSO~1
C:\qoobox\purity\C\WINDOWS\ICROSO~2
C:\qoobox\purity\C\WINDOWS\SKS~1
C:\qoobox\purity\C\WINDOWS\system32\CURITY~1
C:\qoobox\purity\C\WINDOWS\system32\FNTS~1
C:\qoobox\purity\C\WINDOWS\system32\ICROSO~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\C\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))


2007-05-07 11:09 1,034 --a------ C:\DOCUME~1\Owner\Start.bat
2007-05-03 17:07 28,672 --a------ C:\WINDOWS\system32\SmartMenuXP.dll
2007-05-03 17:07 221,184 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-05-03 17:07 20,480 --a------ C:\WINDOWS\system32\VBUTILLight.dll
2007-05-03 17:07 172,032 --a------ C:\WINDOWS\system32\MP2enc.dll
2007-05-03 17:07 <DIR> d-------- C:\WINDOWS\system32\ac
2007-05-03 17:07 <DIR> d-------- C:\Program Files\AudioConvert
2007-04-25 05:36 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-04-25 05:36 16 --a------ C:\WINDOWS\msocreg32.dat
2007-04-24 23:34 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-04-24 23:32 <DIR> d-------- C:\Program Files\CCleaner
2007-04-24 23:25 <DIR> d-------- C:\Program Files\IObit
2007-04-24 22:42 <DIR> d-------- C:\Program Files\iLok
2007-04-24 21:53 <DIR> d-------- C:\Program Files\IK Multimedia
2007-04-24 21:51 3 --a------ C:\WINDOWS\system32\ceme11.dll
2007-04-24 21:51 3 --a------ C:\WINDOWS\ceme11.dat
2007-04-24 21:51 <DIR> d-------- C:\Program Files\Celemony
2007-04-24 21:50 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-24 21:22 <DIR> d-------- C:\Program Files\Propellerhead
2007-04-24 20:51 212,992 --a------ C:\WINDOWS\system32\ReWire.dll
2007-04-24 20:49 <DIR> d-------- C:\Program Files\Ableton
2007-04-24 19:37 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-04-24 19:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-04-24 17:22 <DIR> d-------- C:\Program Files\eMulePlus
2007-04-24 16:40 <DIR> d-------- C:\VundoFix Backups
2007-04-24 14:12 <DIR> d-------- C:\Program Files\FairStars Audio Converter
2007-04-24 03:00 409,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-24 03:00 2,385,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-24 03:00 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-04-23 20:43 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-04-23 19:32 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-04-23 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-04-20 16:29 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-20 16:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2007-04-20 15:08 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-04-20 15:08 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-04-20 11:29 77,312 --a------ C:\WINDOWS\ua2.dll
2007-04-19 17:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-04-18 10:59 <DIR> d-------- C:\Program Files\ARAR
2007-04-18 10:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-14 11:48 <DIR> d-------- C:\Program Files\pasystem
2007-04-13 11:50 <DIR> d-------- C:\Program Files\EA GAMES
2007-04-13 11:42 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-13 11:42 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-04-13 11:31 <DIR> d-------- C:\Program Files\HP DVD
2007-04-13 01:36 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-04-12 21:38 5,242,880 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-04-12 08:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-11 13:00 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-07 01:44:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\Digidesign
2007-05-04 00:54:13 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-04 00:51:43 -------- d-----w C:\Program Files\Quicken
2007-05-04 00:41:43 -------- d-----w C:\Program Files\MUSICMATCH
2007-05-04 00:41:11 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-04 00:40:52 -------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-05-03 20:31:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\PACE Anti-Piracy
2007-05-02 20:47:32 -------- d-----w C:\Program Files\Audible
2007-04-25 21:49:54 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-04-25 08:18:56 -------- d-----w C:\Program Files\eMule
2007-04-25 08:05:07 -------- d-----w C:\Program Files\psquery
2007-04-25 04:54:41 -------- d-----w C:\Program Files\Digidesign
2007-04-24 10:43:45 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\Audiooozedelete
2007-04-24 01:43:36 -------- d-----w C:\Program Files\Lavasoft
2007-04-24 01:23:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\Xfire
2007-04-23 22:38:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\uTorrent
2007-04-23 07:08:24 -------- d-s---w C:\Program Files\Xfire
2007-04-21 00:10:35 -------- d-----w C:\Program Files\Google
2007-04-21 00:03:36 -------- d-----w C:\Program Files\InterActual
2007-04-20 23:53:40 -------- d-----w C:\Program Files\The Weather Channel FW
2007-04-20 23:49:12 -------- d-----w C:\Program Files\Yahoo!
2007-04-20 10:13:36 -------- d-----w C:\Program Files\MSN Messenger
2007-04-20 10:13:36 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-04-20 08:07:46 -------- d-----w C:\Program Files\Multimedia Card Reader
2007-04-20 01:27:52 -------- d-----w C:\Program Files\Common Files\wwwm
2007-04-20 00:04:06 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\Uniblue
2007-04-15 22:44:13 -------- d-----w C:\Program Files\Microsoft LifeCam
2007-04-06 07:15:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\MySpace
2007-04-06 07:15:35 -------- d-----w C:\Program Files\MySpace
2007-04-04 20:28:58 1,183 ----a-w C:\WINDOWS\mozver.dat
2007-04-03 11:18:58 -------- d-----w C:\Program Files\Lionhead Studios Ltd
2007-04-02 03:34:00 -------- d-----w C:\Program Files\Messenger
2007-04-02 03:33:13 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-01 22:00:15 -------- d-----w C:\Program Files\Audiooozedelete
2007-04-01 01:34:42 -------- d-----w C:\Program Files\Movie Maker
2007-04-01 01:33:06 -------- d-----w C:\Program Files\Windows NT
2007-03-30 19:41:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\AdobeUM
2007-03-28 23:42:01 -------- d-----w C:\Program Files\LucasArts
2007-03-21 01:12:48 -------- d-----w C:\Program Files\Easy Internet signup
2007-03-21 00:54:58 -------- d-----w C:\Program Files\Norton AntiVirus
2007-03-21 00:09:58 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\TuneUp Software
2007-03-21 00:09:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-18 13:05:05 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\teamspeak2
2007-03-18 13:05:04 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 05:31:14 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\Lavasoft
2007-03-17 04:01:16 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-17 00:35:24 -------- d-----w C:\Program Files\utorrent
2007-03-16 23:20:26 -------- d-----w C:\Program Files\Postal2
2007-03-14 06:45:31 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\BSplayer
2007-03-13 10:44:00 -------- d-----w C:\Program Files\Webteh
2007-03-13 10:44:00 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1.\BSplayer Pro
2007-03-10 10:09:05 -------- d-----w C:\Program Files\Project64 1.6
2007-03-09 05:53:24 -------- d-----w C:\Program Files\PBP Unpacker
2007-03-08 21:53:22 -------- d-----w C:\Program Files\psx emulation cheater
2007-03-08 21:21:32 -------- d-----w C:\Program Files\PowerISO
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 11:41:03 -------- d-----w C:\Program Files\Delta
2007-03-06 19:47:01 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-02-08 09:15:20 335 ----a-w C:\WINDOWS\nsreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DigidesignMMERefresh"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"VX3000"="C:\\WINDOWS\\vVX3000.exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"AlcxMonitor"="ALCXMNTR.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AIMPro"="\"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"VX3000"="C:\\WINDOWS\\vVX3000.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
Usnsvc usnsvc\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\RunGame.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-07 12:44:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-07 12:45:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-07 12:45

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 07 May 2007 - 03:00 PM

Ok, can I see a new hijackthis log please?
Greets Jürgenv

Donation: Click me.

#7 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 07 May 2007 - 03:46 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:43:05 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\vVX3000.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wz0b7e\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edit: Some interesting new info is that after getting firefox to work again and using for a few days till now I noticed that in add/remove programs that it says the last time I used it was in April.

Edited by Clubaseal, 07 May 2007 - 03:53 PM.


#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 08 May 2007 - 10:15 AM

Go to http://www.bleepingcomputer.com/submit-malware.php?channel=3 and enter the following:

link: http://www.bleepingcomputer.com/forums/ind...amp;hl=pasystem
File: C:\Program Files\pasystem\pasystem.exe

And click 'Send file'
Greets Jürgenv

Donation: Click me.

#9 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 08 May 2007 - 10:35 AM

Ok, I sent it.

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 08 May 2007 - 10:39 AM

Ok, post me a new hijackthis log.
Greets Jürgenv

Donation: Click me.

#11 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 08 May 2007 - 10:48 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:45:59 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\vVX3000.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wz0b7e\HijackThis.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#12 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 08 May 2007 - 11:21 AM

* Please open hijackthis and put a check next to the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

Go to http://www.virustotal.com/en/indexf.html and upload the following file:

C:\WINDOWS\system32\ceme11.dll

Post the report of it here with a new hijackthis log
Greets Jürgenv

Donation: Click me.

#13 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 08 May 2007 - 12:33 PM

AhnLab-V3 2007.5.9.0 05.08.2007 no virus found
AntiVir 7.4.0.15 05.08.2007 no virus found
Authentium 4.93.8 05.07.2007 no virus found
Avast 4.7.997.0 05.07.2007 no virus found
AVG 7.5.0.467 05.08.2007 no virus found
BitDefender 7.2 05.08.2007 no virus found
CAT-QuickHeal 9.00 05.08.2007 no virus found
ClamAV devel-20070416 05.08.2007 no virus found
DrWeb 4.33 05.08.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3618 05.08.2007 no virus found
Ewido 4.0 05.08.2007 no virus found
FileAdvisor 1 05.08.2007 Not analyzed yet
Fortinet 2.85.0.0 05.08.2007 no virus found
F-Prot 4.3.2.48 05.07.2007 no virus found
F-Secure 6.70.13030.0 05.08.2007 no virus found
Ikarus T3.1.1.7 05.08.2007 no virus found
Kaspersky 4.0.2.24 05.08.2007 no virus found
McAfee 5025 05.07.2007 no virus found
Microsoft 1.2503 05.07.2007 no virus found
NOD32v2 2249 05.08.2007 no virus found
Norman 5.80.02 05.08.2007 no virus found
Panda 9.0.0.4 05.08.2007 no virus found
Prevx1 V2 05.08.2007 no virus found
Sophos 4.17.0 05.07.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.08.2007 no virus found
TheHacker 6.1.6.109 05.08.2007 no virus found
VBA32 3.12.0 05.08.2007 no virus found
VirusBuster 4.3.7:9 05.08.2007 no virus found
Webwasher-Gateway 6.0.1 05.08.2007 no virus found




Logfile of HijackThis v1.99.1
Scan saved at 10:30:05 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\vVX3000.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wz0b7e\HijackThis.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Guitar Pro 5\GP5.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#14 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 AM

Posted 08 May 2007 - 12:34 PM

Looking good, how is everything working?
Greets Jürgenv

Donation: Click me.

#15 Clubaseal

Clubaseal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 08 May 2007 - 12:45 PM

Everything is working a lot faster but it still does those random slow downs and freezes. Just not as much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users