Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojans


  • Please log in to reply

#1
barbs2

barbs2

    Member

  • Member
  • PipPip
  • 39 posts
First off all i want to say im not a cpu beginner i have 25 yars and cpu since 10 so im no fool.

Whoever im needing of some pro help, i didnt had problem with trojans before the ones i had i could get rid off them always with an adware program and some manual cleaning help in regedit.

Unfortunetely my nephew use my cpu some times is only 9 so i does some crappy stuff and some times when i arrive i've some spywares.

this time i cant get rid of them ive made the scan with spydoctor and i get rid of some, ewido as get rid of others, but i still have pop ups and advestementise all the time and they say im clean of spyware, i know that isnt true because i'm expericing some cpu instability slow downs and the pop ups.

Ive search my tasks and the regestry and i cant see nothing strange but maybe some of you pro's can.

Help :blink:

Thanks in advance :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 23:33:25, on 16-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Joo Barradas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {13AEC861-5CF8-4FE8-8035-DBF4ECB0487E} - C:\WINDOWS\system32\wvusp.dll (file missing)
O2 - BHO: (no name) - {1E604CBE-DECE-B4F5-443B-00036B6D3E3A} - C:\WINDOWS\system32\rxoqxbe.dll
O2 - BHO: (no name) - {2686055E-D24F-8EC5-D3A3-06D84F9DD169} - C:\WINDOWS\system32\zqrtxgb.dll
O2 - BHO: (no name) - {270C366C-FEB9-8563-67A8-0A72232784D2} - C:\WINDOWS\system32\bbxjru.dll
O2 - BHO: (no name) - {2F8DE6FC-28A5-1F62-8E95-00CA4747FD72} - C:\WINDOWS\system32\lcthjsd.dll
O2 - BHO: (no name) - {4F45B6F5-D630-40D4-348C-0387239F1A96} - C:\WINDOWS\system32\jbelfmf.dll
O2 - BHO: (no name) - {534377A1-DF1B-ADAA-6162-02CADC497EC5} - C:\WINDOWS\system32\ilbphqi.dll
O2 - BHO: (no name) - {560CF0D1-CFFE-5A05-9558-08BC7858A25F} - C:\WINDOWS\system32\rdfjhne.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mgqmefk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mgqmefk.dll,cdwfcsc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\JOOBAR~1\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.gom-team.com
O15 - Trusted Zone: http://www.lavasoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110214985414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124141135979
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB1C2F-B9D9-47DD-8132-D464E9B8C611}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C73810-D4F3-413C-8668-3372B8E52B42}: NameServer = 195.23.129.126,194.79.69.222
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Edited by barbs2, 16 October 2006 - 04:43 PM.

  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Barbs2 and Welcome to GeekstoGo!


Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#3
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry for taking so long but im only avalaible between 5 PM to 1 AM

Here it is:

Joo Barradas - 06-10-17 17:36:10,62 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Joo Barradas\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{1001B677-07CF-2070-0905-02011306015f}
C:\Program Files\Common Files\{1001B677-07D0-2070-0905-02011306015f}
C:\Program Files\Common Files\{3001B677-07CF-2070-0905-02011306015f}
C:\Program Files\Common Files\{3001B677-07D0-2070-0905-02011306015f}


((((((((((((((((((((((((((((((( Files Created from 2006-09-17 to 2006-10-17 ))))))))))))))))))))))))))))))))))


2006-10-16 15:26 373,898 ---hs---- C:\WINDOWS\system32\psuvw.ini2
2006-10-14 23:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-14 23:10 94,720 --a------ C:\WINDOWS\system32\mgqmefk.dll
2006-10-14 23:10 72,704 --a------ C:\WINDOWS\system32\bbxjru.dll
2006-10-14 22:32 50,944 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-14 22:32 30,560 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-13 19:38 93,696 --a------ C:\WINDOWS\system32\rpbludj.dll
2006-10-13 19:38 72,704 --a------ C:\WINDOWS\system32\lcthjsd.dll
2006-10-12 21:19 93,696 --a------ C:\WINDOWS\system32\yaxappk.dll
2006-10-12 21:19 72,192 --a------ C:\WINDOWS\system32\rdfjhne.dll
2006-10-11 20:01 94,208 --a------ C:\WINDOWS\system32\ahnhvye.dll
2006-10-11 20:01 72,704 --a------ C:\WINDOWS\system32\zqrtxgb.dll
2006-10-11 18:25 94,208 --a------ C:\WINDOWS\system32\zgevcqb.dll
2006-10-11 18:25 72,704 --a------ C:\WINDOWS\system32\rxoqxbe.dll
2006-10-11 17:57 93,696 --a------ C:\WINDOWS\system32\hnlfzul.dll
2006-10-11 17:57 72,704 --a------ C:\WINDOWS\system32\ilbphqi.dll
2006-10-09 19:23 366,923 ---hs---- C:\WINDOWS\system32\psuvw.bak2
2006-10-08 19:23 378,907 ---hs---- C:\WINDOWS\system32\psuvw.bak1
2006-10-08 19:12 94,208 --a------ C:\WINDOWS\system32\dyuifqh.dll
2006-10-08 19:12 72,704 --a------ C:\WINDOWS\system32\jbelfmf.dll
2006-09-30 14:10 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2006-09-30 14:10 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-17 17:38 -------- d-------- C:\Program Files\Common Files
2006-10-17 17:35 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Azureus
2006-10-17 17:27 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-16 23:19 -------- d-------- C:\Program Files\STOPzilla!
2006-10-16 22:38 -------- d-------- C:\Program Files\Common Files\iS3
2006-10-16 22:27 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-16 22:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 22:18 -------- d-------- C:\Program Files\SoftwareDoctor
2006-10-14 23:39 -------- d-------- C:\Program Files\Grisoft
2006-10-14 23:03 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-13 20:58 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Real
2006-10-13 20:52 -------- d-------- C:\Program Files\Common Files\Real
2006-10-10 19:23 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\PC Tools
2006-10-09 21:48 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Lavasoft
2006-10-07 18:54 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Adobe
2006-10-07 16:38 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Apple Computer
2006-10-07 16:10 -------- d-------- C:\Program Files\QuickTime
2006-10-07 16:07 -------- d-------- C:\Program Files\Apple Software Update
2006-10-06 19:49 -------- d-------- C:\Program Files\eMule
2006-10-04 17:38 -------- d-------- C:\Program Files\Gabest
2006-09-30 14:10 -------- d-------- C:\Program Files\Cucusoft
2006-09-28 18:48 -------- d-------- C:\Program Files\Pcsx2
2006-09-27 22:00 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Rock Manager
2006-09-23 22:57 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Skype
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-30 19:19 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-27 01:11 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-26 23:24 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\.BTuga
2006-08-26 22:59 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-26 22:58 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-26 22:58 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-26 22:52 96256 --a------ C:\WINDOWS\system32\drivers\sptd4765.sys
2006-08-26 22:52 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 20:16 -------- d-------- C:\Program Files\Azureus
2006-08-21 19:52 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-15 19:57 247866 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_8256.exe
2006-08-02 20:43 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-06 16:28 45716 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-06 16:26 2176 --a------ C:\Documents and Settings\Joao Barradas\Application Data\HPSU_48BitScanUpdate.log
2006-07-06 16:19 2517 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-07-06 16:17 2965 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_InstantShareJPG.log
2006-07-06 16:15 3796 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_IZClosingDiscError.log
2006-07-06 16:12 5868 --a------ C:\Documents and Settings\Joao Barradas\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-06 16:08 49424 --a------ C:\Documents and Settings\Joao Barradas\Application Data\Update_HP_RedboxHprblog_HPSU.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"FastUser"="C:\\WINDOWS\\System32\\fast.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mgqmefk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mgqmefk.dll,cdwfcsc"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AF907913913BEFEF.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-17 17:38:56.61
C:\ComboFix.txt ... 06-10-17 17:38


Attached File  ComboFix.txt   12.46KB   128 downloads

Edited by Cretemonster, 17 October 2006 - 01:16 PM.

  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


After posting those 2 logs,restart in Safe Mode and Scan fresh with Combo Fix.

Restart normal and post that log,please.
  • 0

#5
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Logfile of HijackThis v1.99.1
Scan saved at 21:15:45, on 17-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joo Barradas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {13AEC861-5CF8-4FE8-8035-DBF4ECB0487E} - C:\WINDOWS\system32\wvusp.dll (file missing)
O2 - BHO: (no name) - {1E604CBE-DECE-B4F5-443B-00036B6D3E3A} - C:\WINDOWS\system32\rxoqxbe.dll (file missing)
O2 - BHO: (no name) - {2686055E-D24F-8EC5-D3A3-06D84F9DD169} - C:\WINDOWS\system32\zqrtxgb.dll (file missing)
O2 - BHO: (no name) - {270C366C-FEB9-8563-67A8-0A72232784D2} - C:\WINDOWS\system32\bbxjru.dll (file missing)
O2 - BHO: (no name) - {2F8DE6FC-28A5-1F62-8E95-00CA4747FD72} - C:\WINDOWS\system32\lcthjsd.dll (file missing)
O2 - BHO: (no name) - {4F45B6F5-D630-40D4-348C-0387239F1A96} - C:\WINDOWS\system32\jbelfmf.dll (file missing)
O2 - BHO: (no name) - {534377A1-DF1B-ADAA-6162-02CADC497EC5} - C:\WINDOWS\system32\ilbphqi.dll (file missing)
O2 - BHO: (no name) - {560CF0D1-CFFE-5A05-9558-08BC7858A25F} - C:\WINDOWS\system32\rdfjhne.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mgqmefk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mgqmefk.dll,cdwfcsc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.gom-team.com
O15 - Trusted Zone: http://www.lavasoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110214985414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124141135979
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB1C2F-B9D9-47DD-8132-D464E9B8C611}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C73810-D4F3-413C-8668-3372B8E52B42}: NameServer = 195.23.129.126,194.79.69.222
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

wait for my combo fix please :whistling:

Attached Files


  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
No problem,let me get a better view of this log.


VundoFix V6.2.5

Checking Java version...

Java version is 1.4.2.1

Scan started at 20:35:15 17-10-2006

Listing files found while scanning....

C:\WINDOWS\system32\ahnhvye.dll
C:\WINDOWS\system32\bbxjru.dll
C:\WINDOWS\system32\dyuifqh.dll
C:\WINDOWS\system32\ilbphqi.dll
C:\WINDOWS\system32\jbelfmf.dll
C:\WINDOWS\system32\lcthjsd.dll
C:\WINDOWS\system32\rdfjhne.dll
C:\WINDOWS\system32\rxoqxbe.dll
C:\WINDOWS\system32\zgevcqb.dll
C:\WINDOWS\system32\zqrtxgb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ahnhvye.dll
C:\WINDOWS\system32\ahnhvye.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbxjru.dll
C:\WINDOWS\system32\bbxjru.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dyuifqh.dll
C:\WINDOWS\system32\dyuifqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilbphqi.dll
C:\WINDOWS\system32\ilbphqi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jbelfmf.dll
C:\WINDOWS\system32\jbelfmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lcthjsd.dll
C:\WINDOWS\system32\lcthjsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rdfjhne.dll
C:\WINDOWS\system32\rdfjhne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rxoqxbe.dll
C:\WINDOWS\system32\rxoqxbe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\zgevcqb.dll
C:\WINDOWS\system32\zgevcqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\zqrtxgb.dll
C:\WINDOWS\system32\zqrtxgb.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#7
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here it is hope you got some good news :whistling:


Joo Barradas - 06-10-17 21:29:03,92 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Joo Barradas\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-17 to 2006-10-17 ))))))))))))))))))))))))))))))))))


2006-10-16 15:26 373,898 ---hs---- C:\WINDOWS\system32\psuvw.ini2
2006-10-14 23:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-14 23:10 94,720 --a------ C:\WINDOWS\system32\mgqmefk.dll
2006-10-14 22:32 50,944 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-14 22:32 30,560 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-13 19:38 93,696 --a------ C:\WINDOWS\system32\rpbludj.dll
2006-10-12 21:19 93,696 --a------ C:\WINDOWS\system32\yaxappk.dll
2006-10-11 17:57 93,696 --a------ C:\WINDOWS\system32\hnlfzul.dll
2006-10-09 19:23 366,923 ---hs---- C:\WINDOWS\system32\psuvw.bak2
2006-10-08 19:23 378,907 ---hs---- C:\WINDOWS\system32\psuvw.bak1
2006-09-30 14:10 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2006-09-30 14:10 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-17 21:19 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-17 20:28 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Azureus
2006-10-17 17:38 -------- d-------- C:\Program Files\Common Files
2006-10-16 23:19 -------- d-------- C:\Program Files\STOPzilla!
2006-10-16 22:38 -------- d-------- C:\Program Files\Common Files\iS3
2006-10-16 22:27 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-16 22:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 22:18 -------- d-------- C:\Program Files\SoftwareDoctor
2006-10-14 23:39 -------- d-------- C:\Program Files\Grisoft
2006-10-14 23:03 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-13 20:58 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Real
2006-10-13 20:52 -------- d-------- C:\Program Files\Common Files\Real
2006-10-10 19:23 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\PC Tools
2006-10-09 21:48 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Lavasoft
2006-10-07 18:54 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Adobe
2006-10-07 16:38 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Apple Computer
2006-10-07 16:10 -------- d-------- C:\Program Files\QuickTime
2006-10-07 16:07 -------- d-------- C:\Program Files\Apple Software Update
2006-10-06 19:49 -------- d-------- C:\Program Files\eMule
2006-10-04 17:38 -------- d-------- C:\Program Files\Gabest
2006-09-30 14:10 -------- d-------- C:\Program Files\Cucusoft
2006-09-28 18:48 -------- d-------- C:\Program Files\Pcsx2
2006-09-27 22:00 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Rock Manager
2006-09-23 22:57 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Skype
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-30 19:19 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-27 01:11 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-26 23:24 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\.BTuga
2006-08-26 22:59 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-26 22:58 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-26 22:58 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-26 22:52 96256 --a------ C:\WINDOWS\system32\drivers\sptd4765.sys
2006-08-26 22:52 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 20:16 -------- d-------- C:\Program Files\Azureus
2006-08-21 19:52 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-15 19:57 247866 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_8256.exe
2006-08-02 20:43 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-06 16:28 45716 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-06 16:26 2176 --a------ C:\Documents and Settings\Joao Barradas\Application Data\HPSU_48BitScanUpdate.log
2006-07-06 16:19 2517 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-07-06 16:17 2965 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_InstantShareJPG.log
2006-07-06 16:15 3796 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_IZClosingDiscError.log
2006-07-06 16:12 5868 --a------ C:\Documents and Settings\Joao Barradas\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-06 16:08 49424 --a------ C:\Documents and Settings\Joao Barradas\Application Data\Update_HP_RedboxHprblog_HPSU.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"FastUser"="C:\\WINDOWS\\System32\\fast.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mgqmefk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mgqmefk.dll,cdwfcsc"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AF907913913BEFEF.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-17 21:31:33.54
C:\ComboFix.txt ... 06-10-17 21:31
C:\ComboFix2.txt ... 06-10-17 17:38

Attached Files


Edited by Cretemonster, 17 October 2006 - 02:47 PM.

  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\mgqmefk.dll
    C:\WINDOWS\system32\rpbludj.dll
    C:\WINDOWS\system32\yaxappk.dll
    C:\WINDOWS\system32\hnlfzul.dll
    C:\WINDOWS\system32\psuvw.ini2
    C:\WINDOWS\system32\psuvw.bak2
    C:\WINDOWS\system32\psuvw.bak1


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#9
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry for the very late answer but unfortunately besides the scan taking very long it crashed 3 times, 2 times in the scan and other in the cleaning.

Here it is:

Scanning Report
Thursday, October 19, 2006 17:40:11 - 19:53:27
Computer name: JB
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ G:\


--------------------------------------------------------------------------------

Result: 2 malware found
Tracking Cookie (spyware)
System (Disinfected)
W32/Malware (virus)
C:\WINDOWS\SYSTEM32\MACROMED\SHOCKWAVE 10\POSTUPDATE.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 37641
System: 5309
Not scanned: 11
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\JOO BARRADAS\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{591A7A40-BF22-4792-B8BE-866A17948E6C}

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-19
F-Secure Libra: 2.4.1, 2006-10-19
F-Secure Orion: 1.2.37, 2006-10-19
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 2006-10-06
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Restart in Safe Mode and Scan fresh with Combo Fix.


Restart normal and post that log please.
  • 0

Advertisements


#11
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I forgot to tell you now when my cpu restarts windows gets an run dll error message saying a file is missing is one of those i told me to erase with kill box but i click ok in the message and the cpu work fine i dont get it.


Joo Barradas - 06-10-19 23:12:17,81 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Joo Barradas\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


2006-10-14 23:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-14 22:32 50,944 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-14 22:32 30,560 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-09-30 14:10 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2006-09-30 14:10 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-19 23:06 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-19 20:40 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Azureus
2006-10-17 17:38 -------- d-------- C:\Program Files\Common Files
2006-10-16 23:19 -------- d-------- C:\Program Files\STOPzilla!
2006-10-16 22:38 -------- d-------- C:\Program Files\Common Files\iS3
2006-10-16 22:27 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-16 22:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 22:18 -------- d-------- C:\Program Files\SoftwareDoctor
2006-10-14 23:39 -------- d-------- C:\Program Files\Grisoft
2006-10-14 23:03 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-13 20:58 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Real
2006-10-13 20:52 -------- d-------- C:\Program Files\Common Files\Real
2006-10-10 19:23 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\PC Tools
2006-10-09 21:48 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Lavasoft
2006-10-07 18:54 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Adobe
2006-10-07 16:38 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Apple Computer
2006-10-07 16:10 -------- d-------- C:\Program Files\QuickTime
2006-10-07 16:07 -------- d-------- C:\Program Files\Apple Software Update
2006-10-06 19:49 -------- d-------- C:\Program Files\eMule
2006-10-04 17:38 -------- d-------- C:\Program Files\Gabest
2006-09-30 14:10 -------- d-------- C:\Program Files\Cucusoft
2006-09-28 18:48 -------- d-------- C:\Program Files\Pcsx2
2006-09-27 22:00 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Rock Manager
2006-09-23 22:57 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\Skype
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-30 19:19 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-27 01:11 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-26 23:24 -------- d-------- C:\Documents and Settings\Joao Barradas\Application Data\.BTuga
2006-08-26 22:59 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-26 22:58 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-26 22:58 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-26 22:52 96256 --a------ C:\WINDOWS\system32\drivers\sptd4765.sys
2006-08-26 22:52 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 20:16 -------- d-------- C:\Program Files\Azureus
2006-08-21 19:52 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-15 19:57 247866 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_8256.exe
2006-08-02 20:43 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-06 16:28 45716 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-06 16:26 2176 --a------ C:\Documents and Settings\Joao Barradas\Application Data\HPSU_48BitScanUpdate.log
2006-07-06 16:19 2517 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-07-06 16:17 2965 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_InstantShareJPG.log
2006-07-06 16:15 3796 --a------ C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_IZClosingDiscError.log
2006-07-06 16:12 5868 --a------ C:\Documents and Settings\Joao Barradas\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-06 16:08 49424 --a------ C:\Documents and Settings\Joao Barradas\Application Data\Update_HP_RedboxHprblog_HPSU.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"FastUser"="C:\\WINDOWS\\System32\\fast.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mgqmefk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mgqmefk.dll,cdwfcsc"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AF907913913BEFEF.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-19 23:15:02.64
C:\ComboFix.txt ... 06-10-19 23:15
C:\ComboFix2.txt ... 06-10-17 21:31
C:\ComboFix3.txt ... 06-10-17 17:38

Attached Files


Edited by Cretemonster, 20 October 2006 - 12:12 AM.

  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I am attaching a zip folder,please download to the desktop and unzip.

Locate and double click Clr.reg and allow it to merge into the registry.


Restart and see if the same error message appears?


Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here along with a fresh HijackThis log.

Attached Files

  • Attached File  Clr.zip   314bytes   154 downloads

  • 0

#13
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
The error message dsent apear anymore thanks.

Phew, that scan has taken a lot of time :whistling:

here it is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 18:40:43, on 21-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Joo Barradas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {13AEC861-5CF8-4FE8-8035-DBF4ECB0487E} - C:\WINDOWS\system32\wvusp.dll (file missing)
O2 - BHO: (no name) - {1E604CBE-DECE-B4F5-443B-00036B6D3E3A} - C:\WINDOWS\system32\rxoqxbe.dll (file missing)
O2 - BHO: (no name) - {2686055E-D24F-8EC5-D3A3-06D84F9DD169} - C:\WINDOWS\system32\zqrtxgb.dll (file missing)
O2 - BHO: (no name) - {270C366C-FEB9-8563-67A8-0A72232784D2} - C:\WINDOWS\system32\bbxjru.dll (file missing)
O2 - BHO: (no name) - {2F8DE6FC-28A5-1F62-8E95-00CA4747FD72} - C:\WINDOWS\system32\lcthjsd.dll (file missing)
O2 - BHO: (no name) - {4F45B6F5-D630-40D4-348C-0387239F1A96} - C:\WINDOWS\system32\jbelfmf.dll (file missing)
O2 - BHO: (no name) - {534377A1-DF1B-ADAA-6162-02CADC497EC5} - C:\WINDOWS\system32\ilbphqi.dll (file missing)
O2 - BHO: (no name) - {560CF0D1-CFFE-5A05-9558-08BC7858A25F} - C:\WINDOWS\system32\rdfjhne.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.gom-team.com
O15 - Trusted Zone: http://www.lavasoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110214985414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124141135979
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB1C2F-B9D9-47DD-8132-D464E9B8C611}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C73810-D4F3-413C-8668-3372B8E52B42}: NameServer = 195.23.129.126,194.79.69.222
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#14
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Do you have the Bit Defender Report?


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {13AEC861-5CF8-4FE8-8035-DBF4ECB0487E} - C:\WINDOWS\system32\wvusp.dll (file missing)

O2 - BHO: (no name) - {1E604CBE-DECE-B4F5-443B-00036B6D3E3A} - C:\WINDOWS\system32\rxoqxbe.dll (file missing)

O2 - BHO: (no name) - {2686055E-D24F-8EC5-D3A3-06D84F9DD169} - C:\WINDOWS\system32\zqrtxgb.dll (file missing)

O2 - BHO: (no name) - {270C366C-FEB9-8563-67A8-0A72232784D2} - C:\WINDOWS\system32\bbxjru.dll (file missing)

O2 - BHO: (no name) - {2F8DE6FC-28A5-1F62-8E95-00CA4747FD72} - C:\WINDOWS\system32\lcthjsd.dll (file missing)

O2 - BHO: (no name) - {4F45B6F5-D630-40D4-348C-0387239F1A96} - C:\WINDOWS\system32\jbelfmf.dll (file missing)

O2 - BHO: (no name) - {534377A1-DF1B-ADAA-6162-02CADC497EC5} - C:\WINDOWS\system32\ilbphqi.dll (file missing)

O2 - BHO: (no name) - {560CF0D1-CFFE-5A05-9558-08BC7858A25F} - C:\WINDOWS\system32\rdfjhne.dll (file missing)

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Post a fresh HijackThis log and the Bit Defender results in the next reply please.
  • 0

#15
barbs2

barbs2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Done,

Logfile of HijackThis v1.99.1
Scan saved at 17:29:33, on 23-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Joo Barradas\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.gom-team.com
O15 - Trusted Zone: http://www.lavasoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110214985414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124141135979
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB1C2F-B9D9-47DD-8132-D464E9B8C611}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C73810-D4F3-413C-8668-3372B8E52B42}: NameServer = 195.23.129.126,194.79.69.222
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Sorry but ive erased the bit defender file i dont have it anymore.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP