Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpvfeed


  • This topic is locked This topic is locked
11 replies to this topic

#1 Jmetcalf

Jmetcalf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 19 June 2007 - 10:36 PM

I well...used to have cpvfeed. Im actually not 100% sure that i still have it, but im not going to look past it. I read a topic here of someone with the same problem so i tried to follow as much of the advice on that forum as i could, but i still saw a couple cpvfeed pop-ups even after trying to clean it up. I am currently deployed which means my internet speed is almost non-existant. I have tried to prepare by downloading as many tools as i could to aid in the speed. I appreciate any help you have. Below are a couple logs.


Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


ComboFix 07-06-17 - C:\Documents and Settings\Josh\Desktop\ComboFix.exe
"Josh" - 2007-06-18 15:58:29 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_OREANS32
-------\core
-------\OREANS32


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 13:20 9,013 --a------ C:\dnsbak.reg
2007-06-18 11:47 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-06-18 11:47 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-06-18 09:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 07:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-18 07:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-18 07:47 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\MailFrontier
2007-06-18 07:35 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-18 07:35 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-18 07:35 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-18 07:35 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-18 07:34 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-18 02:19 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 01:41 <DIR> d-------- C:\VundoFix Backups
2007-06-17 22:31 <DIR> d-------- C:\Program Files\The Sir. Community
2007-06-17 07:49 <DIR> d-------- C:\WINDOWS\rmiw
2007-06-17 07:49 <DIR> d-------- C:\Program Files\Common Files\rmiw
2007-06-17 07:28 <DIR> d--hs---- C:\WINDOWS\Sm9zaCBNZXRjYWxm
2007-06-16 17:58 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-16 17:58 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-16 17:58 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-16 17:56 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-06-16 17:56 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-06-16 17:56 16,930 --a------ C:\WINDOWS\DIIUnin.dat
2007-06-16 17:45 <DIR> d-------- C:\Program Files\Diablo II
2007-06-16 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-16 15:47 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-06-16 15:47 35,382 --a------ C:\WINDOWS\scunin.dat
2007-06-16 15:47 <DIR> d-------- C:\Program Files\Starcraft
2007-06-16 14:05 <DIR> d-------- C:\Program Files\CCleaner
2007-06-16 13:57 53,327 ---hs---- C:\WINDOWS\system32\hjkmp.ini2
2007-06-16 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-16 13:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-16 13:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-16 13:30 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\SUPERAntiSpyware.com
2007-06-16 11:11 531 --a------ C:\WINDOWS\eReg.dat
2007-06-16 08:30 7,337 ---hs---- C:\WINDOWS\system32\hjkmp.bak1
2007-06-16 01:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-06-16 01:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-06-16 01:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-14 22:44 <DIR> d-------- C:\Program Files\THQ
2007-06-14 20:54 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-14 19:44 <DIR> d-------- C:\Program Files\Sierra
2007-06-14 18:58 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\U3
2007-06-14 10:52 78,848 --a------ C:\WINDOWS\system32\inloader.dll
2007-06-14 10:52 <DIR> d-------- C:\Program Files\PCFriendly
2007-06-14 10:51 298,496 --a------ C:\WINDOWS\uninst.exe
2007-06-14 10:51 <DIR> d-------- C:\DOCUME~1\Josh\WINDOWS
2007-06-14 10:31 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\CyberLink
2007-06-14 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-14 06:44 <DIR> d-------- C:\Program Files\WinPop
2007-06-14 03:55 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\uTorrent
2007-06-14 03:04 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Google
2007-06-14 02:14 <DIR> d-------- C:\Program Files\MySpace
2007-06-14 02:14 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\MySpace
2007-06-14 01:07 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Thunderbird
2007-06-14 00:50 1,467 --a------ C:\WINDOWS\mozver.dat
2007-06-13 23:03 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll
2007-06-13 23:03 65,784 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys
2007-06-13 22:59 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Skype
2007-06-13 22:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-13 22:42 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-13 22:42 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 22:42 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-13 22:42 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-13 22:42 <DIR> d-------- C:\Program Files\Winamp
2007-06-13 22:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-13 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-13 22:24 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\vlc
2007-06-13 22:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-13 22:14 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Talkback
2007-06-13 22:10 8,946 --a------ C:\WINDOWS\system32\drivers\TMIMO3.bin
2007-06-13 22:10 781,824 --a------ C:\WINDOWS\system32\drivers\TMIMO31P.sys
2007-06-13 22:10 184,320 --a------ C:\WINDOWS\system32\Set_ABG.exe
2007-06-13 22:10 110,592 --a------ C:\WINDOWS\system32\RM_ABG.exe
2007-06-13 22:10 <DIR> d-------- C:\WINDOWS\Drivers
2007-06-13 22:10 <DIR> d-------- C:\Program Files\Airgo Networks AGN300
2007-06-13 22:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-13 22:08 <DIR> d-------- C:\Program Files\Skype
2007-06-13 22:08 <DIR> d-------- C:\Program Files\Google
2007-06-13 22:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-13 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-13 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-13 22:07 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-13 22:07 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-13 22:07 <DIR> d-------- C:\Program Files\Xvid
2007-06-13 22:07 <DIR> d-------- C:\Program Files\VideoLAN
2007-06-13 22:07 <DIR> d-------- C:\Program Files\uTorrent
2007-06-13 22:05 <DIR> d-------- C:\Program Files\iTunes
2007-06-13 22:05 <DIR> d-------- C:\Program Files\iPod
2007-06-13 22:05 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Apple Computer
2007-06-13 22:04 <DIR> d-------- C:\Program Files\QuickTime
2007-06-13 22:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-13 22:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-13 18:19 <DIR> d--hs---- C:\RECYCLER
2007-06-13 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-06-13 17:28 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-06-13 17:27 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-06-13 17:27 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-13 17:26 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-13 01:59:19 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2007-05-13 01:59:19 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2007-05-13 01:59:19 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2007-05-13 01:59:19 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
2007-05-13 01:59:19 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-05-13 01:59:19 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-05-13 01:59:19 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe
2007-05-13 01:59:19 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2007-05-13 01:59:19 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2007-05-13 01:59:19 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2007-05-13 01:59:19 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2007-05-13 01:59:19 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2007-05-13 01:59:19 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2007-05-13 01:59:19 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2007-05-13 01:59:19 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2007-05-13 01:59:19 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2007-05-13 01:59:19 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2007-05-13 01:59:19 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2007-05-13 01:59:19 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-05-13 01:59:19 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2007-05-13 01:59:19 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-05-13 01:59:19 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2007-05-13 01:59:19 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-13 01:59:19 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-05-13 01:59:19 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2007-05-13 01:59:19 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2007-05-13 01:59:19 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2007-05-13 01:59:19 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2007-05-13 01:59:19 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-13 01:59:19 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-05-13 01:59:19 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-05-13 01:59:19 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-13 01:59:19 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2007-05-13 01:57:41 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-05-13 01:57:40 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-05-13 01:57:40 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-05-13 01:57:06 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
2007-05-12 20:57:42 143,488 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2007-04-15 23:25:34 316,416 ----a-w C:\WINDOWS\system32\wudfx.dll
2007-04-15 23:25:33 95,344 ----a-w C:\WINDOWS\system32\wudfcoinstaller.dll
2007-04-15 23:25:33 55,808 ----a-w C:\WINDOWS\system32\wudfsvc.dll
2007-04-15 23:25:33 165,376 ----a-w C:\WINDOWS\system32\wudfplatform.dll
2007-04-15 23:25:33 146,432 ----a-w C:\WINDOWS\system32\wudfhost.exe
2007-04-15 23:25:32 2,603,008 ----a-w C:\WINDOWS\system32\wpdshext.dll
2007-04-15 23:25:32 17,408 ----a-w C:\WINDOWS\system32\wpdshextautoplay.exe
2007-04-15 23:25:32 133,632 ----a-w C:\WINDOWS\system32\wpdshserviceobj.dll
2007-04-15 23:25:28 767,488 ----a-w C:\WINDOWS\system32\wmvsencd.dll
2007-04-15 23:25:28 656,896 ----a-w C:\WINDOWS\system32\wmvxencd.dll
2007-04-15 23:25:27 1,382,912 ----a-w C:\WINDOWS\system32\wmvsdecd.dll
2007-04-15 23:25:26 1,574,912 ----a-w C:\WINDOWS\system32\wmvencod.dll
2007-04-15 23:25:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-15 23:25:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
2007-04-15 23:25:25 1,543,680 ----a-w C:\WINDOWS\system32\wmvdecod.dll
2007-04-15 23:25:22 4,096 ----a-w C:\WINDOWS\system32\wmvadve.dll
2007-04-15 23:25:22 4,096 ----a-w C:\WINDOWS\system32\wmvadvd.dll
2007-04-15 23:25:21 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
2007-04-15 23:25:21 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
2007-04-15 23:25:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
2007-04-15 23:25:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
2007-04-15 23:25:13 1,661,440 ----a-w C:\WINDOWS\system32\WMPEncEn.dll
2007-04-15 23:25:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2007-04-15 23:24:58 534,528 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
2007-04-15 23:24:57 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-04-15 23:24:56 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2007-04-15 23:24:56 8,704 ----a-w C:\WINDOWS\system32\uWDF.exe
2007-04-15 23:24:56 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
2007-04-15 23:24:54 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
2007-04-15 23:24:54 199,168 ----a-w C:\WINDOWS\system32\portabledevicewmdrm.dll
2007-04-15 23:24:54 166,912 ----a-w C:\WINDOWS\system32\portabledevicetypes.dll
2007-04-15 23:24:54 101,888 ----a-w C:\WINDOWS\system32\portabledeviceclassextension.dll
2007-04-15 23:24:53 284,160 ----a-w C:\WINDOWS\system32\portabledeviceapi.dll
2007-04-15 23:24:53 132,096 ----a-w C:\WINDOWS\system32\portabledevicewiacompat.dll
2007-04-15 23:24:52 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
2007-04-15 23:24:51 317,440 ----a-w C:\WINDOWS\system32\mp4sdecd.dll
2007-04-15 23:24:51 259,072 ----a-w C:\WINDOWS\system32\mpg4decd.dll
2007-04-15 23:24:51 259,072 ----a-w C:\WINDOWS\system32\mp43decd.dll
2007-04-15 23:24:50 212,992 ----a-w C:\WINDOWS\system32\mfplat.dll
2007-04-15 23:24:50 11,264 ----a-w C:\WINDOWS\system32\laprxy.dll
2007-04-15 23:24:50 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
2007-04-15 23:24:49 249,856 ----a-w C:\WINDOWS\system32\drmupgds.exe
2007-04-15 23:24:48 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
2007-04-15 23:24:45 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-04-15 23:24:45 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2007-04-15 23:24:45 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-04-15 23:24:45 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-04-15 23:24:43 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-04-15 23:24:43 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-04-15 23:24:38 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-04-15 23:24:37 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-04-15 23:24:32 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-04-15 23:24:28 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2007-04-15 23:24:28 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-04-15 23:24:27 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-15 23:24:27 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-04-15 23:24:27 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
2007-04-15 23:24:27 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-15 23:24:26 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
2007-04-15 23:24:26 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
2007-04-15 23:24:26 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
2007-04-15 23:24:26 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-13 22:08]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-16 11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-05-09 04:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-05-09 04:21 C:\WINDOWS\system32\nvmctray.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-08-25 12:17]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-16 01:51 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-04 00:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-18 11:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 04:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 11:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"McAfee Online Virus Scanner"=avp.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"HideRunAsVerb"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2742cc0c-1a42-11dc-ad8f-000b6bc8c843}]
AutoRun\command- E:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 18:59:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 19:00:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 19:00

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 2:02:27 AM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\rmiw\rmiwm.exe
C:\WINDOWS\WNSXS~1\wuauclt.exe
C:\PROGRA~1\COMMON~1\rmiw\rmiwa.exe
C:\WINDOWS\Sm9zaCBNZXRjYWxm\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\zMUD\Zmud.exe
C:\Program Files\zMUD\Zmud.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\The Sir. Community\ModJive\ModJive.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Josh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aimsrdl.atsc.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1878B0BB-4094-4FAF-BC0E-56DF7FA99550} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfee Online Virus Scanner] avp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu173.exe 61A847B5BBF728133598284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\RunServices: [McAfee Online Virus Scanner] avp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [rmiw] C:\PROGRA~1\COMMON~1\rmiw\rmiwm.exe
O4 - HKCU\..\Run: [Luwa] "C:\WINDOWS\WNSXS~1\wuauclt.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC70A72C-5B5E-490F-B62F-C7F740BEEF54}: NameServer = 66.150.105.14 66.150.105.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zaCBNZXRjYWxm\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Again, Thanks.

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 27 June 2007 - 09:04 PM

Hi Jmetcalf,

Apologies for the delay, this forum is really swamped right now.

I'm sorry to tell you that despite your efforts at cleaning your computer, it is still terribly infected.

Frankly this is not a great surprise, as I see no signs of an Antivirus program in your log. It looks like you tried to install AVG a few days ago, but it doesn't appear to be running now.

There are several different malwares active, and one of them is a Bot Worm. :thumbsup:

A bot worm is a program that is installed without your knowledge and enables a hacker, sitting at another computer perhaps thousands of miles away, to control your computer so that it does what he wants -- it becomes his "bot."

Bots can be used to launch denial-of-service attacks (This is where hundreds of bots simultaneously bombard a website with requests for information, overwhelming its capacity to respond and, thereby, shutting it down) and for other sorts of mischief. The bot can also do mass spam mailing, download files to the computer, or upload files and data, including passwords and other private information.

Frankly, with your slow connection, the danger of having your machine be used as part of a bot net is negligible. However, data theft is still a serious threat, as this sort of activity does not depend on connection speed.

For this reason it is very important that, starting immediately, this machine be kept off the internet and physically disconnected from any network it may be part of.

If you use or have used this computer for online banking or shopping or for accessing or storing personal information such as school records, then you need to take steps to protect your information that may have been compromised. I recommend these steps for action:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

This is something i don't like to recommend normally, but with a computer this badly infected, the best solution for your safety would be to reformat the hard drive and reinstall Windows.

Please read the following link very carefully:

When Should I Format, How Should I Reinstall

Here are some more links to help you decide:


Security Management - May 2004
Help: I Got Hacked. Now What Do I Do?
http://www.microsoft.com/technet/community...gmt/sm0504.mspx

Security Management - July 2004
Help: I Got Hacked. Now What Do I Do? Part II
http://www.microsoft.com/technet/community...gmt/sm0704.mspx

For an analysis of your particular bot worm, go here:

http://www.sophos.com/security/analyses/w32rbotgqq.html


Only you can make this decision, you know the uses this computer has been put to. But please consider carefully before deciding against a reformat. If you do make that decision I will do my best to help you disinfect it, but you must understand that it will be practically impossible to undo all the damage that has been done.

That is why, if you have the resources, I believe that a reformat and reinstall of Windows is your best option.

Please let me know what you decide to do, ask any questions you have, and again, I'm sorry I don't have better news for you.

Dave

#3 Jmetcalf

Jmetcalf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 30 June 2007 - 10:45 AM

You have got to be kidding me...My computer is really sreiously infected...? I just reformated like...last month. That is WIERD. Ok, so how do you propose i fix it, because all the things i have done on this computer i can not reformat and lose all my work. I am just now getting it back to where it was before the first string of reformats. (I had to reformat from Vista to the Windows XP i have installed now) I am reading the bot worm thing now. Any tips would be appreciated.

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 30 June 2007 - 01:08 PM

Hi again,

Sorry, I wish I were kidding you.

I have little time today, Have some work (as in my job) this afternoon and then a wedding this evening, so I'll just give you a couple of things to get started.

First, reinstall AVG antivirus free or install another free antivirus, update it and run a full system scan. Here are three I recommend:

AVG Free is available at this site.

Avast Home Edition is available here.

Avira AntiVir can be downloaded here.


Then, let's at least try to knock out that bot worm.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
There will be more to do, but those instructions will have to wait until I have an hour or so to give you --

Dave

#5 Jmetcalf

Jmetcalf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 July 2007 - 01:58 AM

Ok, here are the new logs. By the way, the Kelly Clarkson -- NOT MINE. Thats just for the record..."The Coxdrive" was a backup of a buddies external. Ok, now im secure so you can get the logs :thumbsup:
SDFIX:

SDFix: Version 1.88

Run by Josh on Sun 07/01/2007 at 09:38 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\AlbumArtSmall.jpg
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\AlbumArt_{1BD7FA5F-4B6D-4D33-B16D-01B0AF72510A}_Large.jpg
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\AlbumArt_{1BD7FA5F-4B6D-4D33-B16D-01B0AF72510A}_Small.jpg
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\desktop.ini
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\Folder.jpg
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Kelly Clarkson\Live @ Vh1.com\Thumbs.db
C:\Documents and Settings\Josh\My Documents\My Music\The Coxdrive\Michael Jackson\Michael Jackson - The Ultimate Collection (2004) - Pop

[www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Josh\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:


Administrator Guest HelpAssistant
Josh


Finished


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:47 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MUSHclient\mushclient.exe
C:\Documents and Settings\Josh\Desktop\Software\Computer Health\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aimsrdl.atsc.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1878B0BB-4094-4FAF-BC0E-56DF7FA99550} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again,
Josh

#6 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 01 July 2007 - 09:20 AM

Hi Josh,

Better results than I expected -- all the bad stuff is gone from this new log!

However, considering what a mess your previous log was, I'd like to run a couple more scans before we say you're clean.

Also, there's a line to clean up and another one I need to ask about.

O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

Is that (file missing) for real? In other words, is your UPS service working? HJT is unreliable, it often reports missing files when in fact the files exist and the service is running.

Open HijackThis and run a scan. Place a check next to the following line:

O2 - BHO: (no name) - {1878B0BB-4094-4FAF-BC0E-56DF7FA99550} - (no file)

Make sure all other windows are closed, especially your browser, and there are no programs running minimized in your taskbar. Then click Fix Checked. Click Yes, then OK to confirm, and reboot if prompted.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Also if possible I want you to run an online scan. You will need to use Internet Explorer for this one.

Go to the Kaspersky online scanner. Accept the terms, let it install an ActiveX program (since you have XP SP2 this is blocked by default, you must allow it), then accept the terms again, let it download the files (about 8 MB total). Click Next, and select "My Computer" as the scan area. Kaspersky takes a long time but it is very thorough. When it is finished, save the report as a text file (easier to work with than an HTML file) to your desktop.

I would like to see the Kaspersky log, as well as the Combofix log and a fresh HJT scan in your next reply. Let me know if you have any trouble running the scans and how your computer is behaving.

Dave

off the subject -- who is Kelly Clarkson?

#7 Jmetcalf

Jmetcalf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 July 2007 - 09:47 AM

You dont know who Kelly Clarkson is...? Its this chick singer, she is pretty hot but her music isnt my style.
The UPS thing is NOT being used, i installed it for a UPS i had a while ago but it didnt like not having a group (i was using a plug converter from EU plug to US)
I think i may have

COMBOFIX:

ComboFix 07-06-17 - C:\Documents and Settings\Josh\Desktop\Software\Computer Health\ComboFix.exe
"Josh" - 2007-07-01 17:31:29 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 10:11 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-01 09:41 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-07-01 09:41 <DIR> d-------- C:\WINDOWS\system32\npp
2007-07-01 09:41 <DIR> d-------- C:\WINDOWS\system32\ime
2007-07-01 09:41 <DIR> d-------- C:\WINDOWS\srchasst
2007-07-01 09:41 <DIR> d-------- C:\Program Files\msn gaming zone
2007-07-01 09:41 <DIR> d-------- C:\Program Files\movie maker
2007-07-01 09:41 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-07-01 09:41 <DIR> d-------- C:\Program Files\Common Files\speechengines
2007-06-24 15:09 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\AdobeUM
2007-06-20 15:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-20 15:10 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-20 15:10 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-20 15:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-20 15:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-20 15:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-20 15:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-20 15:09 90,112 --a------ C:\WINDOWS\system\BisonVfw.dll
2007-06-20 15:09 788,224 --a------ C:\WINDOWS\system32\drivers\BisonCam.sys
2007-06-20 15:09 73,846 --a------ C:\WINDOWS\system32\BisonRem.dll
2007-06-20 15:09 180,224 --a------ C:\WINDOWS\system\StillDrv.dll
2007-06-20 15:09 126,976 --a------ C:\WINDOWS\system\BisonCam.dll
2007-06-20 15:09 <DIR> d-------- C:\WINDOWS\BisonCam
2007-06-20 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-20 10:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-19 15:05 <DIR> d-------- C:\Program Files\BearShare Applications
2007-06-19 15:05 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\BearShare
2007-06-18 19:53 <DIR> d-------- C:\Program Files\SoftJock
2007-06-18 19:06 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Help
2007-06-18 19:04 <DIR> d-------- C:\Program Files\MUSHclient
2007-06-18 13:20 9,013 --a------ C:\dnsbak.reg
2007-06-18 11:47 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-06-18 11:47 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-06-18 09:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 07:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-18 07:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-18 07:47 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\MailFrontier
2007-06-18 07:35 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-18 07:35 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-18 07:35 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-18 07:35 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-18 07:34 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-18 02:19 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 01:41 <DIR> d-------- C:\VundoFix Backups
2007-06-17 22:31 <DIR> d-------- C:\Program Files\The Sir. Community
2007-06-17 07:49 <DIR> d-------- C:\WINDOWS\rmiw
2007-06-17 07:49 <DIR> d-------- C:\Program Files\Common Files\rmiw
2007-06-17 07:28 <DIR> d--hs---- C:\WINDOWS\Sm9zaCBNZXRjYWxm
2007-06-16 17:58 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-16 17:58 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-16 17:58 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-16 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-16 15:47 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-06-16 15:47 35,382 --a------ C:\WINDOWS\scunin.dat
2007-06-16 15:47 <DIR> d-------- C:\Program Files\Starcraft
2007-06-16 14:05 <DIR> d-------- C:\Program Files\CCleaner
2007-06-16 13:57 53,327 ---hs---- C:\WINDOWS\system32\hjkmp.ini2
2007-06-16 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-16 13:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-16 13:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-16 13:30 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\SUPERAntiSpyware.com
2007-06-16 11:11 531 --a------ C:\WINDOWS\eReg.dat
2007-06-16 08:30 7,337 ---hs---- C:\WINDOWS\system32\hjkmp.bak1
2007-06-16 01:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-06-16 01:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-06-16 01:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-14 22:44 <DIR> d-------- C:\Program Files\THQ
2007-06-14 20:54 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-14 19:44 <DIR> d-------- C:\Program Files\Sierra
2007-06-14 18:58 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\U3
2007-06-14 10:52 78,848 --a------ C:\WINDOWS\system32\inloader.dll
2007-06-14 10:51 298,496 --a------ C:\WINDOWS\uninst.exe
2007-06-14 10:51 <DIR> d-------- C:\DOCUME~1\Josh\WINDOWS
2007-06-14 10:31 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\CyberLink
2007-06-14 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-14 06:44 <DIR> d-------- C:\Program Files\WinPop
2007-06-14 03:55 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\uTorrent
2007-06-14 03:04 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Google
2007-06-14 02:14 <DIR> d-------- C:\Program Files\MySpace
2007-06-14 02:14 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\MySpace
2007-06-14 01:07 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Thunderbird
2007-06-14 00:50 1,467 --a------ C:\WINDOWS\mozver.dat
2007-06-13 23:03 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll
2007-06-13 23:03 65,784 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys
2007-06-13 22:59 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Skype
2007-06-13 22:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-13 22:42 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-13 22:42 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 22:42 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-13 22:42 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-13 22:42 <DIR> d-------- C:\Program Files\Winamp
2007-06-13 22:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-13 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-13 22:24 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\vlc
2007-06-13 22:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-13 22:14 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Talkback
2007-06-13 22:10 8,946 --a------ C:\WINDOWS\system32\drivers\TMIMO3.bin
2007-06-13 22:10 781,824 --a------ C:\WINDOWS\system32\drivers\TMIMO31P.sys
2007-06-13 22:10 184,320 --a------ C:\WINDOWS\system32\Set_ABG.exe
2007-06-13 22:10 110,592 --a------ C:\WINDOWS\system32\RM_ABG.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-13 01:59:19 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2007-05-13 01:59:19 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2007-05-13 01:59:19 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2007-05-13 01:59:19 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
2007-05-13 01:59:19 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-05-13 01:59:19 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-05-13 01:59:19 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe
2007-05-13 01:59:19 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2007-05-13 01:59:19 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2007-05-13 01:59:19 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2007-05-13 01:59:19 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2007-05-13 01:59:19 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2007-05-13 01:59:19 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2007-05-13 01:59:19 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2007-05-13 01:59:19 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2007-05-13 01:59:19 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2007-05-13 01:59:19 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2007-05-13 01:59:19 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2007-05-13 01:59:19 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-05-13 01:59:19 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2007-05-13 01:59:19 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-05-13 01:59:19 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2007-05-13 01:59:19 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-13 01:59:19 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-05-13 01:59:19 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2007-05-13 01:59:19 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2007-05-13 01:59:19 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2007-05-13 01:59:19 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2007-05-13 01:59:19 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-13 01:59:19 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-05-13 01:59:19 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-05-13 01:59:19 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-13 01:59:19 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2007-05-13 01:57:41 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-05-13 01:57:40 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-05-13 01:57:40 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-05-13 01:57:06 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
2007-05-12 20:57:42 143,488 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2007-04-15 23:25:34 316,416 ----a-w C:\WINDOWS\system32\wudfx.dll
2007-04-15 23:25:33 95,344 ----a-w C:\WINDOWS\system32\wudfcoinstaller.dll
2007-04-15 23:25:33 55,808 ----a-w C:\WINDOWS\system32\wudfsvc.dll
2007-04-15 23:25:33 165,376 ----a-w C:\WINDOWS\system32\wudfplatform.dll
2007-04-15 23:25:33 146,432 ----a-w C:\WINDOWS\system32\wudfhost.exe
2007-04-15 23:25:32 2,603,008 ----a-w C:\WINDOWS\system32\wpdshext.dll
2007-04-15 23:25:32 17,408 ----a-w C:\WINDOWS\system32\wpdshextautoplay.exe
2007-04-15 23:25:32 133,632 ----a-w C:\WINDOWS\system32\wpdshserviceobj.dll
2007-04-15 23:25:28 767,488 ----a-w C:\WINDOWS\system32\wmvsencd.dll
2007-04-15 23:25:28 656,896 ----a-w C:\WINDOWS\system32\wmvxencd.dll
2007-04-15 23:25:27 1,382,912 ----a-w C:\WINDOWS\system32\wmvsdecd.dll
2007-04-15 23:25:26 1,574,912 ----a-w C:\WINDOWS\system32\wmvencod.dll
2007-04-15 23:25:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-15 23:25:25 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
2007-04-15 23:25:25 1,543,680 ----a-w C:\WINDOWS\system32\wmvdecod.dll
2007-04-15 23:25:22 4,096 ----a-w C:\WINDOWS\system32\wmvadve.dll
2007-04-15 23:25:22 4,096 ----a-w C:\WINDOWS\system32\wmvadvd.dll
2007-04-15 23:25:21 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
2007-04-15 23:25:21 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
2007-04-15 23:25:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
2007-04-15 23:25:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
2007-04-15 23:25:13 1,661,440 ----a-w C:\WINDOWS\system32\WMPEncEn.dll
2007-04-15 23:25:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2007-04-15 23:24:58 534,528 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
2007-04-15 23:24:57 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-04-15 23:24:56 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2007-04-15 23:24:56 8,704 ----a-w C:\WINDOWS\system32\uWDF.exe
2007-04-15 23:24:56 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
2007-04-15 23:24:54 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
2007-04-15 23:24:54 199,168 ----a-w C:\WINDOWS\system32\portabledevicewmdrm.dll
2007-04-15 23:24:54 166,912 ----a-w C:\WINDOWS\system32\portabledevicetypes.dll
2007-04-15 23:24:54 101,888 ----a-w C:\WINDOWS\system32\portabledeviceclassextension.dll
2007-04-15 23:24:53 284,160 ----a-w C:\WINDOWS\system32\portabledeviceapi.dll
2007-04-15 23:24:53 132,096 ----a-w C:\WINDOWS\system32\portabledevicewiacompat.dll
2007-04-15 23:24:52 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
2007-04-15 23:24:51 317,440 ----a-w C:\WINDOWS\system32\mp4sdecd.dll
2007-04-15 23:24:51 259,072 ----a-w C:\WINDOWS\system32\mpg4decd.dll
2007-04-15 23:24:51 259,072 ----a-w C:\WINDOWS\system32\mp43decd.dll
2007-04-15 23:24:50 212,992 ----a-w C:\WINDOWS\system32\mfplat.dll
2007-04-15 23:24:50 11,264 ----a-w C:\WINDOWS\system32\laprxy.dll
2007-04-15 23:24:50 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
2007-04-15 23:24:49 249,856 ----a-w C:\WINDOWS\system32\drmupgds.exe
2007-04-15 23:24:48 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
2007-04-15 23:24:45 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-04-15 23:24:45 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2007-04-15 23:24:45 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-04-15 23:24:45 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-04-15 23:24:43 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-04-15 23:24:43 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-04-15 23:24:38 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-04-15 23:24:37 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-04-15 23:24:32 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-04-15 23:24:28 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2007-04-15 23:24:28 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-04-15 23:24:27 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-15 23:24:27 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-04-15 23:24:27 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
2007-04-15 23:24:27 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-15 23:24:26 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
2007-04-15 23:24:26 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
2007-04-15 23:24:26 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
2007-04-15 23:24:26 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-13 22:08]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-16 11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-05-09 04:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-05-09 04:21 C:\WINDOWS\system32\nvmctray.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-08-25 12:17]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-16 01:51 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-04 00:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-18 11:47]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 04:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 11:12]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"HideRunAsVerb"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2742cc0c-1a42-11dc-ad8f-000b6bc8c843}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901b8629-1db5-11dc-ad9a-000b6bc8c843}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{993a5f2f-2249-11dc-ada2-000b6bc8c843}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afe29466-19b7-11dc-ad8c-df1d776a4549}]
AutoRun\command- E:\WD_Windows_Tools\setup.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 17:32:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 17:32:35
C:\ComboFix-quarantined-files.txt ... 2007-07-01 17:32
C:\ComboFix2.txt ... 2007-06-18 19:00

--- E O F ---


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:38:47 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MUSHclient\mushclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Josh\Desktop\Software\Computer Health\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aimsrdl.atsc.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I will see if i can get you the Kaspersky one later - 9MB is a hell of a download on this connection. Figured i would submit this now and see if there is anything else.
Josh

#8 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 01 July 2007 - 08:31 PM

Hi Josh,

Based on you Combofix log there are some deletions and a few other things to do.

First, Unhide files and folders:

1. Close all programs so that you are at your desktop.
2. Click Start, My Computer.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and close out My Computer.
9. Now your computer is configured to show all hidden files.
Then, navigate to this folder:

C:\Program Files\Common Files\rmiw

Open the folder and look for the files rmiwm.exe and/or rmiwa.exe.

Submit both files for analysis.

To submit, go to this webpage:

Virustotal

Near the top of the webpage there is a white text box with a Browse button, just click it and navigate to the file, select it, click Open, then back on the web page, click Send.

Virustotal puts the file in a queue and will estimate how long it should take before your file is analyzed. During the analysis you will see the report grow as the file is scanned by each of the programs.

To save the report, highlight the relevant block of text on the web page, then press <Ctrl> - C. Open Notepad and press <Ctrl> - V. Give the file a catchy name like Virustotal.txt and save it to your desktop. I need to see it.

If you find both files, you will have to give the report files different names. I need to see both.

If you only find one of these files, submit it. If you cannot find either, let me know.

Now, I need you to delete a couple of leftover vundo files. Navigate to and delete:

C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2


Let me know if they cannot be deleted.

I'm sorry to ask for the Kaspersky scan, but it's the most thorough one I know of and if you can run it, it would be a big help in assessing the state of your computer. If it's impossible, let me know and we'll come up with an alternative.

There will be more to do, but I would like to see the Virustotal reports before going further.

Also, please post a fresh HJT log and tell me about any problems you have with doing these steps. How is the computer running?

Dave

#9 Jmetcalf

Jmetcalf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 July 2007 - 09:10 PM

The computer is running fine, i have never really had any issues with the stability or operation of the computer since i got rid of cpvfeed. There are no .exes in the rmiw folder, just rmiwl.lck, rmiwa.lck, and rmiwm.lck.



HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:07:01 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MUSHclient\mushclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Josh\Desktop\Software\Computer Health\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aimsrdl.atsc.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 02 July 2007 - 05:30 AM

Hi again Josh,

Okay, submit those .lck files in your rmiw folder to virustotal.

More to follow but I have to get ready for work now --

Dave

#11 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 10 July 2007 - 08:29 PM

Hi again Josh,

Anything to report?

#12 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:06 PM

Posted 09 August 2007 - 07:53 PM

Due to lack of feedback, this topic is now closed. If you want it re-opened, please PM me and put the url in your request.

This applies to the original poster only. Everyone else please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users