Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
2 Pages V   1 2 >  
 Reply to this topicStart new topic
need help with log, one more malware to clean up
dementievafan
post Jan 21 2008, 07:41 PM
Post #1


Member
**
Posts: 11
OS: xp
ok ive been getting rid of malware all day but can't seem to finish one off, i think it may be line 20 but whats happeneing is that windows installer keeps popping up every 1 min or so saying it wants to install microsoft office xp frontpage, and a IE popup will follow immediately after, please help thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 6:44:54 PM, on 01/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Winamp\winamp.exe
E:\PROGRA~1\AIM\aim.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Philip\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] E:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kabum.pl (HKLM)
O20 - Winlogon Notify: wvuvvtq - wvuvvtq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
Go to the top of the page
 
+Quote Post
dementievafan
post Jan 22 2008, 03:14 PM
Post #2


Member
**
Posts: 11
OS: xp
help!
Go to the top of the page
 
+Quote Post
kahdah
post Jan 22 2008, 04:35 PM
Post #3


GeekU Teacher
Group Icon
Posts: 9,420
From: Somewhere
OS: Windows xp home



Hello dementievafan


Welcome to G2Go. smile.gif
===================
The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
Avast
Because I do not see any antivirus installed on your computer.


After that please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
dementievafan
post Jan 22 2008, 05:12 PM
Post #4


Member
**
Posts: 11
OS: xp
posted the extra.txt first then the main.txt to follow, if its confusing i can post seperately in 2 posts, thanks again in advance




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 1023.48 MiB / 735.84 MiB
Pagefile Memory (total/avail): 1600.62 MiB / 1398.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 64.7 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 74.52 GiB total, 23.3 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD1600JB-00REA0 - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD800BB-50FRA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Philip\Application Data
CLASSPATH=E:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=PY
ComSpec=E:\WINDOWS\system32\cmd.exe
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Philip
LOGONSERVER=\\PY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\system32\wbem;E:\Program Files\Common Files\Adobe\AGL;E:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\Philip\LOCALS~1\Temp
TMP=E:\DOCUME~1\Philip\LOCALS~1\Temp
USERDOMAIN=PY
USERNAME=Philip
USERPROFILE=E:\Documents and Settings\Philip
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Philip (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
a-squared personal 1.5.1 --> "E:\Program Files\a2\unins000.exe"
ACDSee 32 --> E:\PROGRA~1\ACDSee32\UNWISE.EXE E:\PROGRA~1\ACDSee32\INSTALL.LOG
ACE Mega CoDecS Pack --> "E:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Ad-Aware SE Professional --> E:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE E:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 --> E:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player Plugin --> E:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Instant Messenger --> E:\Program Files\AIM\uninstll.exe -LOG= E:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.23.01 --> E:\WINDOWS\uninst.exe -f"E:\Program Files\ASUS\Probe\DeIsL1.isu" -c"E:\Program Files\ASUS\Probe\probunis.dll"
Athlon 64 Processor Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Auction Client --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetupML -ether"E:\Program Files\InstallShield Installation Information\{22D9B90E-5975-4C44-B0B2-F02A97BE030D}" -l0009 -l0x9
AVG Anti-Spyware 7.5 --> E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.7 --> E:\Program Files\BitTornado\uninst.exe
Brother MFL-Pro Suite --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Calc98 --> E:\Program Files\Calc98\setup.exe
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
CDCopy --> "E:\Program Files\CDCopy\Uninstal.exe"
Command & Conquer Generals --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Data Lifeguard Tools --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
dBpowerAMP Music Converter --> "E:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>E:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
DeadAIM --> MsiExec.exe /I{25AF0BD1-DF07-4447-8E91-28E99617C556}
DivX Content Uploader --> E:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "E:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "E:\Program Files\DVD Shrink\unins000.exe"
Easy Video Joiner 5.21 --> "E:\Program Files\Easy Video Joiner\unins000.exe"
Easy Video Splitter 1.28 --> "E:\Program Files\Easy Video Splitter\unins000.exe"
GetDiz 3.0 --> E:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE E:\PROGRA~1\GetDiz\UNINST~1\install.log
GiPo@FileUtilities 2.9 --> MsiExec.exe /I{D3F0A3BB-782E-4762-8AA7-713DE6151492}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "e:\program files\google\googletoolbar1.dll"
Guitar Pro 5.2 --> "E:\Program Files\Guitar Pro 5\unins000.exe"
Hauppauge WinTV2000 --> E:\PROGRA~1\WinTV\UNTV32.EXE E:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 1.99.1 --> E:\Documents and Settings\Philip\Desktop\HijackThis.exe /uninstall
HP DeskJet 710C Series (Remove only) --> E:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> E:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla (1.8a3) --> E:\WINDOWS\MozillaUninstall.exe /ua "1.8a3 (en)"
Mozilla Firefox (0.8.) --> E:\WINDOWS\UninstallFirefox.exe /ua "0.8. (en)"
Mozilla Firefox (2.0.0.11) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NVIDIA Drivers --> E:\WINDOWS\System32\nvudisp.exe UninstallGUI
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PowerDVD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RamBooster --> E:\WINDOWS\uninst.exe -f"E:\Program Files\RamBooster\DeIsL1.isu" -c"E:\Program Files\RamBooster\_ISREG32.DLL"
Realtek AC'97 Audio --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegScrubXP 3.25 --> "E:\Program Files\RegScrubXP\unins000.exe"
Security Task Manager 1.6 --> E:\Program Files\Security Task Manager\Uninstal.exe "E:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SiSoftware Sandra Standard 2004.SP2b (Win32 x86) --> "E:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2b (Win32 x86)\unins000.exe"
Spybot - Search & Destroy 1.3 --> "E:\Program Files\Spybot - Search & Destroy\unins000.exe"
SurfBuddy --> rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",uninstall
VideoLAN VLC media player 0.8.6d --> E:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> E:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "E:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
WinZip --> "E:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type3019 / Warning
Event Submitted/Written: 01/22/2008 05:03:55 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Event Record #/Type3018 / Warning
Event Submitted/Written: 01/22/2008 05:03:55 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'CiceroFiles', component '{D3146E44-B39F-4D61-93CD-07241D982881}' failed. The resource 'E:\WINDOWS\System32\CTFMON.EXE' does not exist.

Event Record #/Type3016 / Error
Event Submitted/Written: 01/22/2008 05:03:55 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Event Record #/Type3015 / Warning
Event Submitted/Written: 01/22/2008 05:03:48 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Event Record #/Type3014 / Warning
Event Submitted/Written: 01/22/2008 05:03:48 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'CiceroFiles', component '{D3146E44-B39F-4D61-93CD-07241D982881}' failed. The resource 'E:\WINDOWS\System32\CTFMON.EXE' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43396 / Error
Event Submitted/Written: 01/22/2008 03:31:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type43395 / Error
Event Submitted/Written: 01/22/2008 03:31:06 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126

Event Record #/Type43392 / Error
Event Submitted/Written: 01/22/2008 03:31:06 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type43391 / Error
Event Submitted/Written: 01/22/2008 03:30:36 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126

Event Record #/Type43388 / Error
Event Submitted/Written: 01/22/2008 03:30:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-01-22 17:09:28 ------------

Deckard's System Scanner v20071014.68
Run by Philip on 2008-01-22 17:08:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-01-22 23:08:44 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2008-01-22 00:17:15 UTC - RP14 - Removed Adobe Bridge 1.0
13: 2008-01-21 21:25:20 UTC - RP13 - Spybot-S&D Spyware removal
12: 2008-01-21 20:32:20 UTC - RP12 - Last known good configuration
11: 2008-01-21 20:32:12 UTC - RP11 - ComboFix created restore point


-- First Restore Point --
1: 2008-01-21 20:32:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Philip.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:09:07 PM, on 01/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\alg.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\msiexec.exe
E:\Documents and Settings\Philip\Desktop\dss.exe
E:\DOCUME~1\Philip\Desktop\Philip.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kabum.pl (HKLM)
O20 - Winlogon Notify: wvuvvtq - wvuvvtq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - sdfgerhtfdgbgswe5t.exe %1
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini - GetDiz.Document - DefaultIcon - unable to read value
.ini - GetDiz.Document - shell\open\command - notepad.exe %1
.reg - regfile - shell\edit\command - sdfgerhtfdgbgswe5t.exe %1
.txt - txtfile - DefaultIcon - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - e:\windows\system32\drivers\aslm75.sys
R1 ftdiskk - e:\windows\system32\drivers\ftdiskk.sys
R2 HPFECP13 - e:\windows\system32\drivers\hpfecp13.sys
R2 SVKP - e:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 HCWBT8XX (Hauppauge WinTV 848/9 WDM Video Driver) - e:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver>

S1 InCDPass - e:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - e:\windows\system32\drivers\incdrm.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - e:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - e:\windows\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - e:\windows\system32\drivers\btwusb.sys (file missing)
S3 catchme - e:\docume~1\philip\locals~1\temp\catchme.sys (file missing)
S3 cdspacex - e:\windows\system32\drivers\cdspacex.sys (file missing)
S3 dtscsi - e:\windows\system32\drivers\dtscsi.sys (file missing)
S3 LMImirr - e:\windows\system32\drivers\lmimirr.sys (file missing)
S3 TwoRabts (Two Rabbits Live Bus) - e:\windows\system32\drivers\tworabts.sys (file missing)
S4 InCDFs (InCD File System) - e:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MDM (Machine Debug Manager) - "e:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-21 19:03:36 0 d-------- E:\WINDOWS\System32\SoftwareDistribution
2008-01-21 19:02:20 0 d-------- E:\WINDOWS\SoftwareDistribution
2008-01-21 18:39:55 0 d-------- E:\Program Files\AOD
2008-01-21 15:58:00 1238674 --a------ E:\MGtools.exe
2008-01-21 15:53:10 11254 --a------ E:\WINDOWS\System32\locate.com
2008-01-21 15:52:51 0 d-------- E:\MGtools
2008-01-21 15:29:32 0 d-------- E:\Documents and Settings\Philip\Application Data\Grisoft
2008-01-21 15:29:09 0 d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 14:16:36 0 dr-h----- E:\Documents and Settings\Philip\Recent
2008-01-21 14:15:43 0 d-------- E:\Program Files\CCleaner
2008-01-21 14:13:18 0 d-------- E:\WINDOWS\System32\siwp
2008-01-21 00:39:53 0 d-------- E:\VundoFix Backups
2008-01-16 00:51:36 328192 --a------ E:\WINDOWS\System32\ddccc.exe
2008-01-15 23:08:30 489984 --a------ E:\installer.exe
2008-01-15 14:32:01 36864 --a------ E:\WINDOWS\System32\hjjtgyg.exe <Not Verified; Microsoft; sdfgh54dfbgvcbxcz>
2008-01-15 14:31:40 20480 --a------ E:\WINDOWS\quit.exe <Not Verified; Microsoft; dasd hywrt aswedasdfghdfhfdsfgvasdascfas>
2008-01-15 13:21:34 0 d-------- E:\Program Files\Dot1XCfg
2008-01-15 13:05:09 0 d-------- E:\WINDOWS\System32\edcA01
2008-01-13 22:24:13 131072 --a------ E:\WINDOWS\System32\datestamp.dll <Not Verified; FBMSoftware; FBMSoftware TimeStamp>
2008-01-13 22:21:15 0 d-------- E:\Program Files\FBM Software
2008-01-07 16:09:28 484864 --a------ E:\WINDOWS\System32\NeroCheck .exe
2008-01-07 14:57:13 0 d--hs---- E:\WINDOWS\UFk
2008-01-07 14:56:40 86016 --a------ E:\WINDOWS\System32\drivers\ftdiskk.sys
2008-01-07 14:56:39 0 d-------- E:\WINDOWS\System32\usmvt3
2008-01-07 14:56:39 0 d-------- E:\WINDOWS\System32\drivez4
2008-01-07 14:56:39 0 d-------- E:\WINDOWS\System32\comp2
2008-01-07 14:56:39 0 d-------- E:\WINDOWS\System32\cache3
2008-01-07 14:56:21 0 d-------- E:\WINDOWS\System32\ardCo01
2007-12-28 18:07:06 0 d-------- E:\Program Files\Absolute Poker
2007-12-28 18:07:05 0 d-------- E:\Program Files\_uninstallation_info


-- Find3M Report ---------------------------------------------------------------

2008-01-21 19:02:20 0 d--h----- E:\Program Files\WindowsUpdate
2008-01-21 18:41:39 0 d-------- E:\Program Files\RegScrubXP
2008-01-21 18:40:10 0 d-------- E:\Program Files\AIM
2008-01-21 18:18:59 0 d-------- E:\Documents and Settings\Philip\Application Data\Aim
2008-01-21 14:34:54 0 d-a------ E:\Program Files\Common Files
2008-01-21 14:34:52 0 d-------- E:\Program Files\Messenger
2008-01-21 14:34:52 0 d-------- E:\Program Files\DAEMON Tools
2008-01-21 00:43:24 0 d-------- E:\Documents and Settings\Philip\Application Data\Azureus
2008-01-15 12:51:35 0 d-------- E:\Program Files\PowerISO
2008-01-15 12:49:12 0 d-------- E:\Program Files\SRN Micro
2008-01-13 22:40:49 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-01-07 15:02:07 0 d-------- E:\Program Files\Online Services
2008-01-02 22:10:51 0 d-------- E:\Program Files\Radical Games
2007-12-25 19:09:37 0 d-------- E:\Program Files\Starcraft
2007-12-20 13:00:04 0 d-------- E:\Program Files\VideoLAN
2007-12-17 12:18:26 0 d-------- E:\Program Files\DivX
2007-12-17 12:17:35 0 d-------- E:\Documents and Settings\Philip\Application Data\DivX
2007-12-17 12:12:20 0 d-------- E:\Documents and Settings\Philip\Application Data\Media Player Classic
2007-12-11 16:39:23 0 d-------- E:\Program Files\HP DeskJet 710C Series
2007-12-11 16:34:56 3596288 --a------ E:\WINDOWS\System32\qt-dx331.dll
2007-12-11 16:33:14 196608 --a------ E:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 16:33:14 81920 --a------ E:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-08 15:21:50 0 d-------- E:\Program Files\ACE Mega CoDecS Pack
2007-11-08 12:21:28 43520 --a------ E:\WINDOWS\System32\CmdLineExt03.dll
2007-11-02 23:00:42 21840 --a-----t E:\WINDOWS\System32\SIntfNT.dll
2007-11-02 23:00:42 17212 --a-----t E:\WINDOWS\System32\SIntf32.dll
2007-11-02 23:00:42 12067 --a-----t E:\WINDOWS\System32\SIntf16.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\System32\NvCpl.dll" [04/19/2007 12:26 PM]
"nwiz"="nwiz.exe" [04/19/2007 12:26 PM E:\WINDOWS\system32\nwiz.exe]
"DeadAIM"="E:\Program Files\AIM\\DeadAIM.ocm" [02/24/2003 04:11 PM]
"PaperPort PTD"="E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/21/2008 02:13 PM]
"NvMediaCenter"="E:\WINDOWS\System32\NvMcTray.dll" [04/19/2007 12:26 PM]
"!AVG Anti-Spyware"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="E:\Program Files\AIM\aim.exe" [04/27/2004 04:18 PM]

E:\Documents and Settings\Philip\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 6:16:50 PM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [02/12/2001 7:01:04 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvtq]
wvuvvtq.dll




-- End of Deckard's System Scanner: finished at 2008-01-22 17:09:28 ------------

This post has been edited by dementievafan: Jan 22 2008, 05:13 PM
Go to the top of the page
 
+Quote Post
kahdah
post Jan 22 2008, 05:53 PM
Post #5


GeekU Teacher
Group Icon
Posts: 9,420
From: Somewhere
OS: Windows xp home



Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
  3. Double click on combofix.exe & follow the prompts.
  4. When finished, it will produce a report for you.
  5. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Go to the top of the page
 
+Quote Post
dementievafan
post Jan 22 2008, 08:30 PM
Post #6


Member
**
Posts: 11
OS: xp
i attached the combofix log and here is the HJT log


Logfile of HijackThis v1.99.1
Scan saved at 8:29:03 PM, on 01/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Documents and Settings\Philip\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kabum.pl (HKLM)
O20 - Winlogon Notify: wvuvvtq - wvuvvtq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe



This post has been edited by dementievafan: Jan 22 2008, 08:31 PM
Attached File(s)
Attached File  log.txt ( 11.7K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
kahdah
post Jan 22 2008, 08:57 PM
Post #7


GeekU Teacher
Group Icon
Posts: 9,420
From: Somewhere
OS: Windows xp home



PLease post the next logs instead of attaching them thanks smile.gif
=======================================
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
File::
E:\WINDOWS\system32\drivers\core.cache.dsk
E:\WINDOWS\system32\hjjtgyg.exe
E:\WINDOWS\system32\drivers\ftdiskk.sys

Folder::
E:\VundoFix Backups
E:\WINDOWS\system32\usmvt3
E:\WINDOWS\system32\siwp
E:\WINDOWS\system32\drivez4
E:\WINDOWS\system32\comp2
E:\WINDOWS\system32\cache3
E:\WINDOWS\system32\ardCo01

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvtq]

Driver::
ftdiskk



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Go to the top of the page
 
+Quote Post
dementievafan
post Jan 22 2008, 11:35 PM
Post #8


Member
**
Posts: 11
OS: xp
as you requested

ComboFix 08-01-23.1 - Philip 2008-01-22 23:28:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.736 [GMT -6:00]
Running from: E:\Documents and Settings\Philip\Desktop\ComboFix(2).exe
Command switches used :: E:\Documents and Settings\Philip\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
E:\WINDOWS\system32\drivers\core.cache.dsk
E:\WINDOWS\system32\drivers\ftdiskk.sys
E:\WINDOWS\system32\hjjtgyg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\VundoFix Backups
E:\VundoFix Backups\cccdd.ini.bad
E:\VundoFix Backups\cccdd.ini2.bad
E:\VundoFix Backups\ddccc.dll.bad
E:\WINDOWS\system32\ardCo01
E:\WINDOWS\system32\cache3
E:\WINDOWS\system32\cache3\vumpedll23.exe
E:\WINDOWS\system32\comp2
E:\WINDOWS\system32\drivers\core.cache.dsk
E:\WINDOWS\system32\drivers\ftdiskk.sys
E:\WINDOWS\system32\drivez4
E:\WINDOWS\system32\hjjtgyg.exe
E:\WINDOWS\system32\siwp
E:\WINDOWS\system32\usmvt3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FTDISKK
-------\ftdiskk


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 17:08 . 2008-01-22 17:08 <DIR> d-------- E:\Deckard
2008-01-21 19:01 . 2007-07-30 19:19 549,720 --a------ E:\WINDOWS\system32\wuapi.dll
2008-01-21 19:01 . 2007-07-30 19:19 325,976 --a------ E:\WINDOWS\system32\wucltui.dll
2008-01-21 19:01 . 2007-07-30 19:19 216,408 --a------ E:\WINDOWS\system32\wuaucpl.cpl
2008-01-21 19:01 . 2007-07-30 19:19 203,096 --a------ E:\WINDOWS\system32\wuweb.dll
2008-01-21 19:01 . 2004-08-03 14:03 186,136 --a------ E:\WINDOWS\system32\wuaueng1.dll
2008-01-21 19:01 . 2004-08-03 14:01 167,704 --a------ E:\WINDOWS\system32\wuauclt1.exe
2008-01-21 19:01 . 2007-07-30 19:18 33,624 --a------ E:\WINDOWS\system32\wups.dll
2008-01-21 18:39 . 2008-01-21 18:39 <DIR> d-------- E:\Program Files\AOD
2008-01-21 15:58 . 2008-01-21 15:57 1,238,674 --a------ E:\MGtools.exe
2008-01-21 15:53 . 2005-01-13 21:41 11,254 --a------ E:\WINDOWS\system32\locate.com
2008-01-21 15:52 . 2008-01-21 16:03 <DIR> d-------- E:\MGtools
2008-01-21 15:52 . 2008-01-21 16:03 29,554 --a------ E:\MGlogs.zip
2008-01-21 15:29 . 2007-05-30 06:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-21 14:31 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-21 14:30 . 2008-01-21 15:58 24,295 --a------ E:\WINDOWS\attachment.php
2008-01-21 14:15 . 2008-01-21 14:15 <DIR> d-------- E:\Program Files\CCleaner
2008-01-16 00:51 . 2008-01-18 14:51 328,192 --a------ E:\WINDOWS\system32\ddccc.exe
2008-01-15 23:08 . 2008-01-15 23:08 489,984 --a------ E:\installer.exe
2008-01-15 14:31 . 2008-01-15 14:31 20,480 --a------ E:\WINDOWS\quit.exe
2008-01-15 13:21 . 2008-01-15 23:36 <DIR> d-------- E:\Program Files\Dot1XCfg
2008-01-15 13:05 . 2008-01-21 15:49 <DIR> d-------- E:\WINDOWS\system32\edcA01
2008-01-14 00:22 . 2008-01-14 00:22 22,528 --ahs---- E:\WINDOWS\Thumbs.db
2008-01-13 22:24 . 2008-01-13 22:27 131,072 --a------ E:\WINDOWS\system32\datestamp.dll
2008-01-13 22:21 . 2008-01-13 22:40 <DIR> d-------- E:\Program Files\FBM Software
2008-01-07 17:32 . 2008-01-21 15:51 8,192 --ahs---- E:\WINDOWS\system32\Thumbs.db
2008-01-07 16:09 . 2008-01-21 00:53 484,864 --a------ E:\WINDOWS\system32\NeroCheck .exe
2008-01-07 15:11 . 2008-01-21 00:53 13,312 --a------ E:\WINDOWS\system32\ctfmon .exe
2008-01-07 14:57 . 2008-01-21 15:49 <DIR> d--hs---- E:\WINDOWS\UFk
2007-12-28 18:07 . 2008-01-16 00:39 <DIR> d-------- E:\Program Files\Absolute Poker
2007-12-28 18:07 . 2007-12-28 18:07 <DIR> d-------- E:\Program Files\_uninstallation_info

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 00:41 --------- d-----w E:\Program Files\RegScrubXP
2008-01-22 00:40 --------- d-----w E:\Program Files\AIM
2008-01-21 20:34 --------- d-----w E:\Program Files\DAEMON Tools
2008-01-15 18:51 --------- d-----w E:\Program Files\PowerISO
2008-01-15 18:49 --------- d-----w E:\Program Files\SRN Micro
2008-01-14 04:40 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-01-03 04:10 --------- d-----w E:\Program Files\Radical Games
2007-12-26 01:09 --------- d-----w E:\Program Files\Starcraft
2007-12-20 19:00 --------- d-----w E:\Program Files\VideoLAN
2007-12-17 18:18 --------- d-----w E:\Program Files\DivX
2007-12-11 22:39 --------- d-----w E:\Program Files\HP DeskJet 710C Series
2007-12-11 22:34 9,464 ------w E:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w E:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w E:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w E:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w E:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w E:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-08 21:21 --------- d-----w E:\Program Files\ACE Mega CoDecS Pack
2007-11-08 18:21 43,520 ----a-w E:\WINDOWS\system32\CmdLineExt03.dll
2007-11-03 05:00 21,840 ----atw E:\WINDOWS\system32\SIntfNT.dll
2007-11-03 05:00 17,212 ----atw E:\WINDOWS\system32\SIntf32.dll
2007-11-03 05:00 12,067 ----atw E:\WINDOWS\system32\SIntf16.dll
2004-06-23 18:55 20,480 ----a-w E:\Program Files\ProcManager.exe
2005-05-13 23:12 217,073 --sha-r E:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r E:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r E:\WINDOWS\x2.64.exe
2005-10-08 01:14 308,224 --sha-r E:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r E:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r E:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r E:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r E:\WINDOWS\system32\i420vfw.dll
2005-12-23 02:23 816,640 --sha-r E:\WINDOWS\system32\smab.dll
2005-02-28 19:16 240,128 --sha-r E:\WINDOWS\system32\x.264.exe
.
CODE
<pre>
----a-w           155,648 2008-01-19 23:04:42  E:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate  .exe
----a-w           200,704 2008-01-15 18:50:28  E:\Program Files\PowerISO\PWRISOVM .EXE
----a-w            13,312 2008-01-21 06:53:33  E:\WINDOWS\system32\ctfmon .exe
----a-w           484,864 2008-01-21 06:53:28  E:\WINDOWS\system32\NeroCheck .exe
</pre>



((((((((((((((((((((((((((((( snapshot_2008-01-21_23.51.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 20:31:29 229,376 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 05:28:32 229,376 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 20:31:29 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 05:28:32 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 20:31:29 5,206,016 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 05:28:32 229,376 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 20:31:29 16,384 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 05:28:32 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 20:31:29 229,376 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 05:28:32 5,206,016 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 20:31:29 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 05:28:32 16,384 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 05:30:05 5,848 ----a-w E:\WINDOWS\SoftwareDistribution\EventCache\{6EC6499F-613C-482B-8F80-311FEFC6FBEC}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="E:\Program Files\AIM\aim.exe" [2004-04-27 16:18 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\System32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 E:\WINDOWS\system32\nwiz.exe]
"DeadAIM"="E:\Program Files\AIM\\DeadAIM.ocm" [2003-02-24 16:11 266313]
"PaperPort PTD"="E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-21 14:13 1042944]
"NvMediaCenter"="E:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 12:26 86016]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 19:01:04 83360]

R2 HPFECP13;HPFECP13;E:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-07-30 15:40]
R2 Pctspk;PCTEL Speaker Phone;E:\WINDOWS\system32\pctspk.exe [2001-08-17 21:36]
R2 SVKP;SVKP;E:\WINDOWS\System32\SVKP.sys [2004-11-06 03:18]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;E:\WINDOWS\System32\drivers\HCWBT8XX.sys [2006-01-25 15:14]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;E:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 21:59]
S3 BrScnUsb;Brother USB Still Image driver;E:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;E:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 02:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;E:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 cdspacex;cdspacex;E:\WINDOWS\System32\DRIVERS\CDSPACEX.sys []
S3 PCnetHL;AMD PCnet-Home Adapter Driver;E:\WINDOWS\System32\DRIVERS\pcntn5hl.sys [2001-08-17 11:11]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;E:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 12:28]
S3 TwoRabts;Two Rabbits Live Bus;E:\WINDOWS\System32\DRIVERS\TwoRabts.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:31:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 23:34:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-23 05:34:44
ComboFix2.txt 2008-01-23 02:28:34
ComboFix3.txt 2008-01-22 05:51:55
ComboFix4.txt 2008-01-21 20:39:15
Go to the top of the page
 
+Quote Post
dementievafan
post Jan 22 2008, 11:36 PM
Post #9


Member
**
Posts: 11
OS: xp
Logfile of HijackThis v1.99.1
Scan saved at 11:35:13 PM, on 01/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\AIM\aim.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\MsiExec.exe
E:\WINDOWS\system32\MsiExec.exe
E:\WINDOWS\system32\notepad.exe
E:\Documents and Settings\Philip\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\Googl