Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

coolwebsearch- file gfmnaaa.dll [RESOLVED]

Started by boboo1985 , Jun 20 2008 04:10 PM

  • This topic is locked This topic is locked

#16
boboo1985
Posted 23 June 2008 - 05:40 PM

boboo1985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-06-20.4 - Andrew 2008-06-24 1:29:07.12 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.286 [GMT 2:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Visitor\Desktop\My Music\world of our own new seekers.mp3
C:\WINDOWS\system32\s41uubb5.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Visitor\Desktop\My Music\world of our own new seekers.mp3
C:\Program Files\SurfingEnhancer
C:\Program Files\SurfingEnhancer\pcre3.dll
C:\Program Files\SurfingEnhancer\uninstall.exe
C:\WINDOWS\system32\s41uubb5.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-23 17:37 . 2008-06-23 19:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 17:37 . 2008-06-23 17:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 05:30 . 2008-06-23 05:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-23 05:30 . 2008-06-23 05:33 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-23 05:30 . 2008-06-23 05:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-23 05:30 . 2008-06-23 05:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-23 05:30 . 2008-06-23 05:45 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-23 05:30 . 2008-06-23 05:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-23 05:29 . 2008-06-23 05:45 <DIR> d-------- C:\Program Files\Symantec
2008-06-23 05:29 . 2008-06-23 05:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-23 05:18 . 2008-06-23 20:21 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 02:58 . 2008-06-23 02:59 83,267,824 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 00:36 . 2008-06-23 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 15:56 . 2008-06-21 15:56 <DIR> d-------- C:\%systemdrive%
2008-06-20 23:42 . 2008-06-23 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 20:15 . 2008-06-20 20:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-20 20:01 . 2008-06-20 20:05 <DIR> d-------- C:\Program Files\Incomplete
2008-06-20 19:36 . 2008-06-20 19:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 13:56 . 2008-06-01 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-01 13:55 . 2008-06-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2008-06-01 13:28 . 2008-06-01 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7(3)
2008-05-27 00:33 . 2008-05-27 00:33 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\vlc
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-05-26 20:49 . 2008-05-26 20:49 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Yahoo!
2008-05-23 09:10 . 2008-05-23 09:10 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-23 08:40 . 2008-05-23 08:40 <DIR> d-------- C:\Documents and Settings\Visitor\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 18:23 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Skype
2008-06-23 18:20 --------- d-----w C:\Documents and Settings\Visitor\Application Data\skypePM
2008-06-23 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-21 13:53 --------- d-----w C:\Documents and Settings\Andrew\Application Data\LimeWire
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\uTorrent
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\LimeWire
2008-06-20 21:14 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 18:05 --------- d-----w C:\Program Files\LimeWire
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free Lite
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-06-01 11:55 --------- d-----w C:\Documents and Settings\Andrew\Application Data\uTorrent
2008-05-26 23:42 --------- d-----w C:\Program Files\Windows Live
2008-05-26 23:36 --------- d-----w C:\Program Files\mIRC
2008-05-26 23:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 06:52 --------- d-----w C:\Program Files\CA
2008-05-23 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-05-23 06:46 --------- d-----w C:\Program Files\Steam
2008-05-22 20:42 --------- d-----w C:\Documents and Settings\Visitor\Application Data\CallingID
2008-05-22 10:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 04:51 --------- d-----w C:\Program Files\Skype
2008-05-20 04:51 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-20 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-17 07:44 --------- d-----w C:\Program Files\Soulseek
2008-05-15 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:38 --------- d-----w C:\Program Files\MediaMonkey
2008-05-02 16:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-12-23 22:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_ 0.50.25.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 22:43:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 23:28:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-09-03 07:14:10 578,848 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
- 2007-08-13 17:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 16:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2008-06-23 03:29:40 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2007-02-07 22:27:22 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2007-04-11 18:11:20 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2008-03-06 19:32:09 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-11-30 21:57:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-11-30 21:57:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-11-30 21:57:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-06-22 21:03:16 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 21:03:26 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-22 21:03:16 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 21:03:26 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-09-06 16:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 15:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-23 05:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 09:44 344064]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 11:47 65536]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-19 19:28 180269]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-27 13:58 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-07-27 05:49 713072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDXGhost]
C:\Program Files\DVD X Ghost\DVDXGhost.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSERMOUSE]
--a--c--- 2005-02-13 20:21 356352 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICEKEYBOARD]
--a--c--- 2005-02-13 20:32 215040 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\OFFICEKB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 17:50 4620288 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2004-10-29 17:50 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMixerTray]
--a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Steam\\steamapps\\girve\\day of defeat\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SpinXpress2\\SpinXpress2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2005-02-13 20:32]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 nhksrv;Netropa NHK Server;C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe [2005-02-13 20:32]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-24 06:31]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 05:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 03:34:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Andrew.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 01:31:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-06-24 1:32:21
ComboFix-quarantined-files.txt 2008-06-23 23:32:08
ComboFix2.txt 2008-06-22 23:43:13
ComboFix3.txt 2008-06-22 22:50:58

Pre-Run: 76,915,519,488 bytes free
Post-Run: 77,364,514,816 bytes free


THis one is the Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:55 PM, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {524AC3A3-025A-4E00-A2C7-48E8D2E44996} - (no file)
O2 - BHO: SurfingEnhancer - {57636FBF-8C24-0D22-E203-3D4DFA59E2A4} - C:\Program Files\SurfingEnhancer\SurfingEnhancer-1.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file)
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F9D263B-AC0B-4089-A97F-6B21DDD84F81}: NameServer = 85.115.130.3 85.115.130.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F9D263B-AC0B-4089-A97F-6B21DDD84F81}: NameServer = 85.115.130.3 85.115.130.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10388 bytes

241 --- E O F --- 2008-06-23 19:45:51
  • 0

Advertisements

#17
boboo1985
Posted 23 June 2008 - 06:49 PM

boboo1985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
P.S my computer , especially the internet is taking really long to load. Is that normal ?

Thank you so much.
  • 0

#18
Rorschach112
Posted 24 June 2008 - 07:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You aren't renaming HijackThis.exe to Boo.exe

Please do this
  • 0

#19
boboo1985
Posted 24 June 2008 - 09:11 AM

boboo1985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok I really hope that I did It right this time...

here are the logs :

ComboFix 08-06-20.4 - Andrew 2008-06-24 16:51:11.13 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.287 [GMT 2:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Visitor\Desktop\My Music\world of our own new seekers.mp3
C:\WINDOWS\system32\s41uubb5.ini
.

((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-23 17:37 . 2008-06-24 01:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 17:37 . 2008-06-23 17:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 05:30 . 2008-06-23 05:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-23 05:30 . 2008-06-23 05:33 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-23 05:30 . 2008-06-23 05:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-23 05:30 . 2008-06-23 05:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-23 05:30 . 2008-06-23 05:45 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-23 05:30 . 2008-06-23 05:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-23 05:29 . 2008-06-23 05:45 <DIR> d-------- C:\Program Files\Symantec
2008-06-23 05:29 . 2008-06-23 05:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-23 05:18 . 2008-06-24 12:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 02:58 . 2008-06-23 02:59 83,267,824 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 00:36 . 2008-06-23 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 15:56 . 2008-06-21 15:56 <DIR> d-------- C:\%systemdrive%
2008-06-20 23:42 . 2008-06-24 16:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 20:15 . 2008-06-20 20:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-20 20:01 . 2008-06-20 20:05 <DIR> d-------- C:\Program Files\Incomplete
2008-06-20 19:36 . 2008-06-20 19:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 13:56 . 2008-06-01 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-01 13:55 . 2008-06-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2008-06-01 13:28 . 2008-06-01 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7(3)
2008-05-27 00:33 . 2008-05-27 00:33 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\vlc
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-05-26 20:49 . 2008-05-26 20:49 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 18:23 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Skype
2008-06-23 18:20 --------- d-----w C:\Documents and Settings\Visitor\Application Data\skypePM
2008-06-23 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-21 13:53 --------- d-----w C:\Documents and Settings\Andrew\Application Data\LimeWire
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\uTorrent
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\LimeWire
2008-06-20 21:14 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 18:05 --------- d-----w C:\Program Files\LimeWire
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free Lite
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-06-01 11:55 --------- d-----w C:\Documents and Settings\Andrew\Application Data\uTorrent
2008-05-26 23:42 --------- d-----w C:\Program Files\Windows Live
2008-05-26 23:36 --------- d-----w C:\Program Files\mIRC
2008-05-26 23:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 07:10 --------- d-----w C:\Program Files\VS Revo Group
2008-05-23 06:52 --------- d-----w C:\Program Files\CA
2008-05-23 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-05-23 06:46 --------- d-----w C:\Program Files\Steam
2008-05-23 06:40 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Yahoo!
2008-05-22 20:42 --------- d-----w C:\Documents and Settings\Visitor\Application Data\CallingID
2008-05-22 10:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 04:51 --------- d-----w C:\Program Files\Skype
2008-05-20 04:51 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-20 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-17 07:44 --------- d-----w C:\Program Files\Soulseek
2008-05-15 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:38 --------- d-----w C:\Program Files\MediaMonkey
2008-05-02 16:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-12-23 22:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_ 0.50.25.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 22:43:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 14:49:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-09-03 07:14:10 578,848 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
- 2007-08-13 17:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 16:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2008-06-23 03:29:40 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
+ 2008-06-24 10:59:16 2,268 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{8A7ACAEB-F3F1-4E04-B584-322CBEECE141}.bin
- 2007-02-07 22:27:22 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2007-04-11 18:11:20 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2008-03-06 19:32:09 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-11-30 21:57:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-11-30 21:57:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-11-30 21:57:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-06-22 21:03:16 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-24 10:39:35 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-22 21:03:16 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-24 10:39:35 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-09-06 16:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 15:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-23 05:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 09:44 344064]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 11:47 65536]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-19 19:28 180269]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-27 13:58 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-07-27 05:49 713072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDXGhost]
C:\Program Files\DVD X Ghost\DVDXGhost.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSERMOUSE]
--a--c--- 2005-02-13 20:21 356352 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICEKEYBOARD]
--a--c--- 2005-02-13 20:32 215040 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\OFFICEKB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 17:50 4620288 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2004-10-29 17:50 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMixerTray]
--a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Steam\\steamapps\\girve\\day of defeat\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SpinXpress2\\SpinXpress2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2005-02-13 20:32]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 nhksrv;Netropa NHK Server;C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe [2005-02-13 20:32]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-24 06:31]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 05:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 03:34:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Andrew.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 16:53:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-06-24 16:54:25
ComboFix-quarantined-files.txt 2008-06-24 14:54:10
ComboFix2.txt 2008-06-23 23:32:22
ComboFix3.txt 2008-06-22 23:43:13
ComboFix4.txt 2008-06-22 22:50:58

Pre-Run: 76,794,122,240 bytes free
Post-Run: 76,937,236,480 bytes free

232 --- E O F --- 2008-06-24 10:59:15


********************************************************************************
**********************************



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Boo.exe\Boo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9635 bytes
  • 0

#20
Rorschach112
Posted 24 June 2008 - 10:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#21
boboo1985
Posted 24 June 2008 - 04:22 PM

boboo1985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

thanks again sooo much for the help. Its really appreciated. I have a couple of questions though. I still have the DSS, SDFix and the Console on my computer, what should I do with these programmes ?

Also my computer is very slow in opening/loading internet windows. Much slower than before I got infected. Is there anything you recommend I do for that ?

Thanks again!
  • 0

#22
Rorschach112
Posted 24 June 2008 - 04:24 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
This will get rid of those

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • Click the CleanUp! button and let the program run



Read this about the slowness problem

http://users.telenet...owcomputer.html


Tell me how that goes
  • 0

#23
boboo1985
Posted 25 June 2008 - 06:22 AM

boboo1985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Well I read the tutorial on the slowness and also installed firefox and some of the spyware programmes. I run a system defrag but for some reason it sill take quite a while to load my pages. Any ideas ?

Thanks so much. :)
  • 0

#24
Rorschach112
Posted 25 June 2008 - 06:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Nope there is nothing I can do

Maybe one of your security programs is responsible

This happens to PCs after a while

Anything else ?
  • 0

#25
Rorschach112
Posted 29 June 2008 - 04:24 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP