hijackthis log [CLOSED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
  |
 Oct 17 2008, 12:14 PM
Post
#1
|
|
|
New Member  Posts: 9 OS: xp media  |
i think one of the BHO's is bad, the one that starts with Vt... cant get rid of it.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:28 PM, on 10/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\SYSTEM32\Rpcnet.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wodUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrator.JIMMY\Application Data\U3\00001628C374DCEB\LaunchPad.exe F:\Documents\Spyware\HijackThis.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {3f5da053-8e91-b4eb-7e04-1f0661bc6348} - {8436cb16-60f1-40e7-be4b-19e8350ad5f3} - C:\WINDOWS\system32\ykdrft.dll O2 - BHO: (no name) - {E07D22E1-CE3A-487F-B754-8044DBEDB049} - C:\WINDOWS\system32\vtUnMFWQ.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIE5C.exe] C:\Windows\System32\VIE5C.exe O4 - HKLM\..\Run: [\VIE5D.exe] C:\Windows\System32\VIE5D.exe O4 - HKLM\..\Run: [\VIEB.exe] C:\Windows\System32\VIEB.exe O4 - HKLM\..\Run: [\VIEA.exe] C:\Windows\System32\VIEA.exe O4 - HKLM\..\Run: [\VIEC.exe] C:\Windows\System32\VIEC.exe O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167341516937 O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab O20 - AppInit_DLLs: ykdrft.dll O20 - Winlogon Notify: vtUnMFWQ - C:\WINDOWS\SYSTEM32\vtUnMFWQ.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSNLService (MSNLogService) - Unknown owner - C:\Program Files\SKR\MSNLogService.exe (file missing) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo! COM - C:\WINDOWS\system32\wodUpdSv.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9162 bytes This post has been edited by andrewhuffman: Oct 17 2008, 12:15 PM |
 |
 
|
|
Oct 17 2008, 12:23 PM
Post
#2
|
|
 GeekU Teacher  Posts: 21,845 From: Dublin OS: XP |
Hello
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Please download SmitfraudFix (by S!Ri) to your Desktop. Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background. Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) |
|
|
|
|
Oct 18 2008, 12:17 AM
Post
#3
|
|
|
New Member Posts: 9 OS: xp media |
smit scan
SmitFraudFix v2.363 Scan done at 1:45:56.10, Sat 10/18/2008 Run from C:\Documents and Settings\Administrator.JIMMY\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files Problem while deleting C:\WINDOWS\privacy_danger »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{161D6935-AC90-4127-99A2-11808B847306}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{161D6935-AC90-4127-99A2-11808B847306}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{161D6935-AC90-4127-99A2-11808B847306}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{1C776754-EDE7-401C-B813-A13B7B84F342}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Lop scan --------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2050 @ 1.60GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08 USER : Administrator ( Administrator ) BOOT : Normal boot Antivirus : PC-cillin Internet Security - Virus Protection 14.60.1206 (Not Activated) Firewall : PC-cillin Internet Security - Firewall 14 (Activated) C:\ (Local Disk) - NTFS - Total : 67 Go Free : 57 Go D:\ (CD or DVD) E:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go F:\ (USB) - FAT - Total : 1950 Mo Free : 0 Go "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [1] ( Sat 10/18/2008| 1:59 ) --------------------\\ Listing folders in APPLIC~1 [01/05/2007|19:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [10/16/2008|16:22] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\.clamwin [10/16/2008|16:20] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\Grisoft [04/21/2007|04:18] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\Gtek [08/16/2005|06:50] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\Identities [12/11/2006|02:58] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\InstallShield [10/17/2008|13:59] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\Microsoft [10/16/2008|22:34] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\Mozilla [10/17/2008|14:43] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\U3 [10/17/2008|03:08] C:\DOCUME~1\ADMINI~1.JIM\APPLIC~1\WinRAR [12/11/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [03/11/2008|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [03/11/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads [12/28/2006|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP [04/25/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [04/25/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [10/17/2008|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [12/11/2006|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel [01/14/2007|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative Labs [12/11/2006|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [12/11/2006|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell [08/16/2005|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DIGStream [12/25/2006|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [10/16/2008|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [12/11/2006|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [11/17/2007|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak [12/25/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [01/08/2007|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [10/16/2008|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree [10/03/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon [10/16/2008|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [10/03/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer [05/07/2008|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [12/11/2006|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro [03/11/2008|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [12/29/2006|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [12/11/2006|02:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO [04/21/2007|04:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek [08/16/2005|06:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [12/11/2006|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield [12/11/2006|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [01/05/2007|23:32] C:\DOCUME~1\Guest\APPLIC~1\acccore [10/03/2008|14:15] C:\DOCUME~1\Guest\APPLIC~1\Adobe [10/03/2008|14:45] C:\DOCUME~1\Guest\APPLIC~1\Apple Computer [04/21/2007|04:18] C:\DOCUME~1\Guest\APPLIC~1\Gtek [08/16/2005|06:50] C:\DOCUME~1\Guest\APPLIC~1\Identities [12/11/2006|02:58] C:\DOCUME~1\Guest\APPLIC~1\InstallShield [01/05/2007|21:33] C:\DOCUME~1\Guest\APPLIC~1\Macromedia [10/17/2008|13:59] C:\DOCUME~1\Guest\APPLIC~1\Microsoft [07/27/2007|20:53] C:\DOCUME~1\Guest\APPLIC~1\Viewpoint [10/17/2008|13:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [10/17/2008|13:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [09/04/2008 23:36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [10/18/2008 01:56][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 07:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [12/11/2006|02:59] C:\Program Files\Adobe [03/11/2008|21:26] C:\Program Files\AIM6 [12/30/2006|16:34] C:\Program Files\AOL [09/04/2008|23:39] C:\Program Files\Apple Software Update [01/08/2008|10:57] C:\Program Files\ASIO4ALL v2 [10/16/2008|15:34] C:\Program Files\AVG [12/11/2006|02:56] C:\Program Files\BAE [04/25/2008|20:14] C:\Program Files\Bonjour [12/11/2006|02:43] C:\Program Files\Broadcom [10/16/2008|16:21] C:\Program Files\ClamWin [10/03/2008|13:44] C:\Program Files\Common Files [08/16/2005|06:38] C:\Program Files\ComPlus Applications [12/11/2006|02:45] C:\Program Files\CONEXANT [12/11/2006|02:49] C:\Program Files\Corel [12/11/2006|02:47] C:\Program Files\Creative [12/11/2006|03:02] C:\Program Files\CyberLink [12/11/2006|03:07] C:\Program Files\Dell [12/11/2006|02:52] C:\Program Files\Dell Network Assistant [12/11/2006|02:47] C:\Program Files\Digital Line Detect [08/16/2005|22:54] C:\Program Files\DIGStream [08/16/2005|22:51] C:\Program Files\EnglishOtto [08/16/2005|22:54] C:\Program Files\ESPNMotion [12/29/2006|00:38] C:\Program Files\Funk Software [08/16/2005|22:54] C:\Program Files\GemMaster [04/30/2007|18:34] C:\Program Files\Google [12/11/2006|02:58] C:\Program Files\illiminable [05/27/2008|10:56] C:\Program Files\Image-Line [02/09/2008|15:33] C:\Program Files\InstallShield Installation Information [08/13/2008|19:50] C:\Program Files\Internet Explorer [09/04/2008|23:34] C:\Program Files\iPod [09/04/2008|23:34] C:\Program Files\iTunes [04/25/2008|21:45] C:\Program Files\Java [12/11/2006|02:54] C:\Program Files\Learn2.com [02/24/2008|20:48] C:\Program Files\LimeWire [08/13/2008|19:52] C:\Program Files\Messenger [12/11/2006|03:00] C:\Program Files\Microsoft ActiveSync [08/16/2005|06:43] C:\Program Files\microsoft frontpage [12/11/2006|03:00] C:\Program Files\Microsoft Office [12/11/2006|02:53] C:\Program Files\Microsoft Plus! Digital Media Edition [12/11/2006|02:53] C:\Program Files\Microsoft Plus! Photo Story 2 LE [12/11/2006|03:05] C:\Program Files\Microsoft Small Business [12/11/2006|03:06] C:\Program Files\Microsoft SQL Server [12/11/2006|02:59] C:\Program Files\Microsoft Visual Studio [12/11/2006|03:06] C:\Program Files\Microsoft Visual Studio .NET 2003 [12/11/2006|02:57] C:\Program Files\Microsoft Works [12/11/2006|02:59] C:\Program Files\Microsoft.NET [08/16/2005|06:37] C:\Program Files\Movie Maker [10/18/2008|01:39] C:\Program Files\Mozilla Firefox [08/16/2005|06:37] C:\Program Files\MSN Gaming Zone [12/29/2006|02:40] C:\Program Files\MSXML 4.0 [12/11/2006|02:52] C:\Program Files\MUSICMATCH [08/16/2005|06:40] C:\Program Files\NetMeeting [12/25/2006|09:09] C:\Program Files\Online Services [06/13/2007|10:16] C:\Program Files\Outlook Express [09/04/2008|23:32] C:\Program Files\QuickTime [12/11/2006|02:54] C:\Program Files\Real [08/16/2005|22:58] C:\Program Files\RGB [12/11/2006|02:56] C:\Program Files\Roxio [09/04/2008|23:18] C:\Program Files\Safari [12/11/2006|02:44] C:\Program Files\Sigmatel [12/11/2006|02:56] C:\Program Files\Sonic [10/16/2008|15:59] C:\Program Files\Spybot - Search & Destroy [12/11/2006|02:43] C:\Program Files\Synaptics [10/16/2008|15:17] C:\Program Files\SystemErrorFixer [02/08/2007|01:08] C:\Program Files\thriXXX [12/11/2006|02:49] C:\Program Files\Trend Micro [08/16/2005|06:50] C:\Program Files\Uninstall Information [10/26/2007|07:53] C:\Program Files\Viewpoint [01/08/2008|10:58] C:\Program Files\VstPlugins [12/25/2006|20:15] C:\Program Files\WildTangent [01/07/2007|18:55] C:\Program Files\Windows Media Connect 2 [01/07/2007|18:56] C:\Program Files\Windows Media Player [08/16/2005|06:37] C:\Program Files\Windows NT [08/16/2005|06:37] C:\Program Files\Windows Plus [08/16/2005|06:40] C:\Program Files\WindowsUpdate [01/08/2008|10:53] C:\Program Files\WinRAR [08/16/2005|06:43] C:\Program Files\xerox [12/11/2006|02:57] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [12/11/2006|02:59] C:\Program Files\Common Files\Adobe [12/30/2006|16:34] C:\Program Files\Common Files\AOL [04/25/2008|20:09] C:\Program Files\Common Files\Apple [12/11/2006|02:49] C:\Program Files\Common Files\Corel [01/01/2007|05:03] C:\Program Files\Common Files\Creative Labs Shared [12/11/2006|03:05] C:\Program Files\Common Files\Crystal Decisions [12/11/2006|03:00] C:\Program Files\Common Files\DESIGNER [12/29/2006|00:38] C:\Program Files\Common Files\Funk Software [12/11/2006|02:56] C:\Program Files\Common Files\InstallShield [04/21/2007|13:31] C:\Program Files\Common Files\Java [12/11/2006|03:00] C:\Program Files\Common Files\L&H [12/11/2006|03:04] C:\Program Files\Common Files\Microsoft Shared [08/16/2005|06:40] C:\Program Files\Common Files\MSSoap [12/11/2006|02:54] C:\Program Files\Common Files\Nullsoft [08/16/2005|06:33] C:\Program Files\Common Files\ODBC [12/11/2006|02:54] C:\Program Files\Common Files\Real [08/16/2005|06:40] C:\Program Files\Common Files\Services [12/11/2006|02:56] C:\Program Files\Common Files\Sonic Shared [08/16/2005|06:33] C:\Program Files\Common Files\SpeechEngines [12/11/2006|02:58] C:\Program Files\Common Files\SureThing Shared [06/13/2007|22:10] C:\Program Files\Common Files\System [10/03/2008|13:44] C:\Program Files\Common Files\SystemErrorFixer [05/30/2007|23:22] C:\Program Files\Common Files\Viewpoint --------------------\\ Process ( 63 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 02:08:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections C:\WINDOWS\system32\GhRsCJjl.ini C:\WINDOWS\system32\GhRsCJjl.ini2 C:\WINDOWS\system32\kmprsvut.ini C:\WINDOWS\system32\kmprsvut.ini2 ==> VUNDO <== [F:32][D:5]-> C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\Temp [F:14][D:0]-> C:\DOCUME~1\ADMINI~1.JIM\Cookies [F:11][D:4]-> C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008| 2:14 - Option : [1] --------------------\\ Scan completed at 2:14:39 This post has been edited by andrewhuffman: Oct 18 2008, 12:19 AM |
|
|
|
|
Oct 18 2008, 12:44 AM
Post
#4
|
|
|
New Member Posts: 9 OS: xp media |
spybot finds
wildtangent - 3 revealerkeylogger - 2 smitfraud-c - 1 virtumonde.prx - 2 virtumonde.sci - 5 but cant remove them This post has been edited by andrewhuffman: Oct 18 2008, 12:48 AM |
|
|
|
|
Oct 18 2008, 05:03 PM
Post
#5
|
|
|
GeekU Teacher Posts: 21,845 From: Dublin OS: XP |
Hello
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :
Please download the OTMoveIt3 by OldTimer.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Also post a new HJT log |
|
|
|
|
Oct 19 2008, 12:46 PM
Post
#6
|
|
|
New Member Posts: 9 OS: xp media |
in safe mode,
sdfix "cannot load vdm ipx/spx support sdfix report : Rebooting Checking Files : No Trojan Files Found Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 14:30:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] "Last Counter"=dword:00000f2c "Last Help"=dword:00000f2d scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Disabled:Dell Network Assistant" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer" "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\\games\\RedFaction\\rf.exe"="C:\\games\\RedFaction\\rf.exe:*:Disabled:Red Faction" "C:\\games\\RedFaction\\RedFaction.exe"="C:\\games\\RedFaction\\RedFaction.exe:*:Disabled:Red Faction Launcher" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Disabled:Yahoo! Music Jukebox" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\WINDOWS\\SYSTEM32\\ctmweb.exe"="C:\\WINDOWS\\SYSTEM32\\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Fri 3 Oct 2008 88 ..SHR --- "C:\WINDOWS\system32\4E63D4DE7F.sys" Fri 3 Oct 2008 2,672 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll" Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Administrator.JIMMY\Application Data\U3\temp\Launchpad Removal.exe" Finished! otmoveit3 report: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer\Data moved successfully. C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer moved successfully. C:\Program Files\Common Files\SystemErrorFixer moved successfully. C:\WINDOWS\system32\GhRsCJjl.ini moved successfully. C:\WINDOWS\system32\GhRsCJjl.ini2 moved successfully. C:\WINDOWS\system32\kmprsvut.ini moved successfully. C:\WINDOWS\system32\kmprsvut.ini2 moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\Temp\ClamWin1.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\Temp\etilqs_thooSQIrvhHnV5yPx3Er scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10192008_143756 Files moved on Reboot... C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\Temp\ClamWin1.log moved successfully. File C:\DOCUME~1\ADMINI~1.JIM\LOCALS~1\Temp\etilqs_thooSQIrvhHnV5yPx3Er not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_b0.dat not found! C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Administrator.JIMMY\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w4we6e8.default\XUL.mfl moved successfully. |
|
|
|
|
Oct 19 2008, 01:48 PM
Post
#7
|
|
|
GeekU Teacher Posts: 21,845 From: Dublin OS: XP |
Hello
Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. |
|
|
|
|
Oct 20 2008, 07:32 PM
Post
#8
|
|
|
New Member Posts: 9 OS: xp media |
ComboFix 08-10-19.04 - Administrator 2008-10-20 21:12:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.306 [GMT -4:00] Running from: C:\Documents and Settings\Administrator.JIMMY\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\etfm.exe C:\WINDOWS\system32\amjxnkpo.dll C:\WINDOWS\system32\aqaxsnvp.ini C:\WINDOWS\system32\cjweoq.dll C:\WINDOWS\system32\fsjvymgt.dll C:\WINDOWS\system32\hqhandyf.dll C:\WINDOWS\system32\jmwwoqen.dll C:\WINDOWS\system32\kjdqji.dll C:\WINDOWS\system32\kmprsvut.ini C:\WINDOWS\system32\kmprsvut.ini2 C:\WINDOWS\system32\kvkiylqx.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\msgnrrlt.dll C:\WINDOWS\system32\neqowwmj.ini C:\WINDOWS\system32\nngjxmxr.ini C:\WINDOWS\system32\opknxjma.ini C:\WINDOWS\system32\pbctbj.dll C:\WINDOWS\system32\pntrygyj.dll C:\WINDOWS\system32\pvnsxaqa.dll C:\WINDOWS\system32\rwmdgvwq.ini C:\WINDOWS\system32\tuvsrpmk.dll C:\WINDOWS\system32\vckwlbix.ini C:\WINDOWS\system32\vkahjfnx.ini C:\WINDOWS\system32\wtlzqv.dll C:\WINDOWS\system32\xcvnfdit.dll C:\WINDOWS\system32\xnfjhakv.dll C:\WINDOWS\system32\ykdrft.dll C:\WINDOWS\privacy_danger . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_PACKET -------\Service_Packet ((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))))) . 2008-10-19 14:37 . 2008-10-19 14:37 <DIR> d-------- C:\_OTMoveIt 2008-10-19 14:12 . 2008-10-19 14:12 <DIR> d-------- C:\WINDOWS\ERUNT 2008-10-19 14:07 . 2008-10-19 14:31 <DIR> d-------- C:\SDFix 2008-10-18 01:46 . 2008-10-18 01:46 4,204 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-18 01:38 . 2008-10-18 02:14 <DIR> d-------- C:\Lop SD 2008-10-16 23:03 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-10-16 16:21 . 2008-10-16 16:21 <DIR> d-------- C:\Program Files\ClamWin 2008-10-16 16:21 . 2008-10-16 16:21 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2008-10-16 16:21 . 2008-10-16 16:22 <DIR> d-------- C:\Documents and Settings\Administrator.JIMMY\Application Data\.clamwin 2008-10-16 16:20 . 2008-10-16 16:20 <DIR> d-------- C:\Documents and Settings\Administrator.JIMMY\Application Data\Grisoft 2008-10-16 16:19 . 2008-10-16 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-16 15:50 . 2008-10-16 15:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-16 15:50 . 2008-10-16 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-16 15:35 . 2008-10-17 14:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-16 15:35 . 2008-10-16 15:35 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-16 15:35 . 2008-10-16 15:35 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-16 15:34 . 2008-10-16 15:34 <DIR> d-------- C:\Program Files\AVG 2008-10-16 15:34 . 2008-10-18 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-10-16 15:32 . 2008-10-17 14:43 <DIR> d-------- C:\Documents and Settings\Administrator.JIMMY\Application Data\U3 2008-10-16 15:15 . 2006-12-11 02:58 <DIR> d-------- C:\Documents and Settings\Administrator.JIMMY\Application Data\InstallShield 2008-10-16 15:15 . 2007-04-21 04:18 <DIR> d--h----- C:\Documents and Settings\Administrator.JIMMY\Application Data\Gtek 2008-10-16 15:15 . 2008-10-16 15:15 <DIR> d-------- C:\Documents and Settings\Administrator.JIMMY 2008-10-03 14:21 . 2008-10-03 14:45 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer 2008-10-03 13:44 . 2008-10-16 15:17 <DIR> d-------- C:\Program Files\SystemErrorFixer 2008-10-02 21:55 . 2008-10-02 21:55 121 --ahs---- C:\WINDOWS\system32\fydnahqh.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 01:20 47,104 ----a-w C:\WINDOWS\system32\Rpcnet.dll 2008-10-21 01:20 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe 2008-10-19 18:25 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll 2008-10-18 05:59 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe 2008-10-16 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\rkfree 2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe 2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-10-03 18:03 2,672 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-10-01 19:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-09-09 03:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-07 01:50 133,248 ----a-w C:\WINDOWS\system32\lbecvvlg.dll 2008-09-07 01:50 133,248 ----a-w C:\WINDOWS\system32\dglmas.dll 2008-09-05 06:23 38,272 ----a-w C:\WINDOWS\system32\vtUnMFWQ.dll 2008-09-05 03:39 --------- d-----w C:\Program Files\Apple Software Update 2008-09-05 03:34 --------- d-----w C:\Program Files\iTunes 2008-09-05 03:34 --------- d-----w C:\Program Files\iPod 2008-09-05 03:32 --------- d-----w C:\Program Files\QuickTime 2008-09-05 03:18 --------- d-----w C:\Program Files\Safari 2008-08-18 16:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe . ------- Sigcheck ------- 2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2005-10-11 20:18 2136064 c5290e302241594b668a378d89fd903e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 05:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe 2004-08-10 07:00 295424 b60c877d16d9c880b952fda04adf16e6 C:\WINDOWS\$NtUninstallKB895961$\termsrv.dll 2005-03-09 21:49 295424 c29a5286e64d97385178452d5f307b98 C:\WINDOWS\system32\termsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88FFA623-20AF-4122-A5E5-DFC8F5CA6A94}] 2008-10-20 21:26 322432 --a------ C:\WINDOWS\system32\khfeDTkj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07D22E1-CE3A-487F-B754-8044DBEDB049}] 2008-09-05 02:23 38272 --a------ C:\WINDOWS\system32\vtUnMFWQ.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-23 1392640] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-06-14 77824] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 C:\WINDOWS\stsystra.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-11 24576] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E07D22E1-CE3A-487F-B754-8044DBEDB049}"= "C:\WINDOWS\system32\vtUnMFWQ.dll" [2008-09-05 38272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnMFWQ] 2008-09-05 02:23 38272 C:\WINDOWS\system32\vtUnMFWQ.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cjweoq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\khfeDTkj [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "C:\\StubInstaller.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10 |