Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Jacked Internet/AV program(hijack log)

Started by Moeror , Jun 14 2007 01:42 PM

  • Please log in to reply

#1
Moeror
Posted 14 June 2007 - 01:42 PM

Moeror

    Member

  • Member
  • PipPipPip
  • 111 posts
I was told to post here by ruthandtroy after i did a few things listed on the other page. I couldn't scan with AVg because that was my AV program when this happened and it [bleep]ed itup royally. When i would try to scan it would say it can't read the C: drive. THe Harddrive works fine, it's just AVG can't get into it for some reason and scan. I was able to download Avast and Bitdefender and get updated on my laptop and transfer it so I scanned with those. One interesting thing that happens, I totally uninstalled AVg and got a new install thinking it would be untainted and work. However when I dothis, I get an installation failure message and it says it can't find "avgtdi.sys". The problem started two days ago, I was on the computer in the morning and everything was fine. However, the evening it was messed up. The internet connection is totally gone. The network card and everything works, just nothing coming in or out. Also the wireless keyboard/mouse wouldn't work. I was able to plug in a wire mouse and get that fixed though. Another thing I noticed with Spybot search and destroy is it mentioned some files we're archive password protected when it was scanning. I never did anything like this. I have a Dell Dimension E510, 3 gig ram, 250gig HD, Nvidia Geforce 7700, 48x cd-rw/dvd. I am using a broadband connection, I have computer connected through router to another computer that has the main Broadband modem. And I tried just connecting the modem straight to this computer so I know it's not the routers or anything. I have done numerous scans with AVGspyware, Avast, Bitdefender, and superantifree. Everything else on the computer works fine. I can still use it and play games and there isn't any performance problems. One thing I noticed is when im playing a game, every once in a while the game will minimize like a program came up or something. But there is nothing there. Like maybe some invisible program came up or did something. I am gonna be posting my Hijack log and uninstall log now. I really appreciate any help you guys provide!!! Thanks!!! If I left anything out just let me know.

HIJACK LOG:
Logfile of HijackThis v1.99.1
Scan saved at 3:25:17 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\Sean\LOCALS~1\Temp\TICHD003.exe CHD003
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\DOCUME~1\Sean\LOCALS~1\Temp\WinAntiVirusPro2007FreeInstall.exe" -nag
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Sean\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware....phin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

UNINSTALL LOG:
Ad-Aware SE Personal
Adobe After Effects 7.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player ActiveX
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
AGEIA PhysX v7.01.12
AIM 6.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Software Update
Ares 1.9.0
avast! Antivirus
BitDefender 8 Free Edition
BitDefender Definitions Update
BitTornado 0.3.7
CinepPlayer 30 Update
Command & Conquer 3
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support 3.1
Digimax Master
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
ELIcon
EQ2 Item Database 1.4
EQ2MAP Updater 1.0.6
EverQuest
EverQuest II
EverQuest II: Desert of Flames
EverQuest: Planes of Power
EverQuest: Shadows of Luclin
EverQuest: SOV
EverQuest: The Anniversary Edition
FEAR
Games, Music, & Photos Launcher
Half-Life® 2
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
IGN Download Manager 2.2.2
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Service Offers Launcher
iPod for Windows 2005-02-22
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
King's Quest Collection™
Learn2 Player (Uninstall Only)
Logitech Print Service
Logitech QuickCam
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI Edition (English) 12 [pre-release]
Microsoft Office Excel MUI Edition (English) 12 [pre-release]
Microsoft Office Excel Viewer 2003
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release]
Microsoft Office Outlook MUI Edition (English) 12 [pre-release]
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release]
Microsoft Office Professional Edition 12 [pre-release]
Microsoft Office Professional Enterprise Edition 12 [pre-release]
Microsoft Office Proof Edition (English) 12 [pre-release]
Microsoft Office Publisher MUI Edition (English) 12 [pre-release]
Microsoft Office Shared MUI Edition (English) 12 [pre-release]
Microsoft Office Word MUI Edition (English) 12 [pre-release]
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Morrowind
Mozilla Firefox (1.5.0.12)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
My Screen Recorder 2.57
NetWaiting
NetZeroInstallers
NVIDIA Drivers
NVIDIA WDM Drivers
Pcsx2 0.9.1 Watermoose
Photo Click
PlanetSide: Aftershock
PlayLinc
PowerISO
Project64 1.6
Quick Screen Recorder 1.5
QuickTime
RealPlayer
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
S.T.A.L.K.E.R. - Shadow of Chernobyl
S500/S600 USB Driver
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sonic Activation Module
Sonic Update Manager
Steam
Steam™
SUPERAntiSpyware Free Edition
System Requirements Lab
TeamSpeak 2 RC2
TES Construction Set
Titan Quest
Titan Quest Immortal Throne
Trillian
Two Worlds
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Vanguard: Saga of Heroes
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCam for MSN Messenger
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Winamp (remove only)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WordPerfect Office 12
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
  • 0

Advertisements

#2
amateur
Posted 15 June 2007 - 09:23 AM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hello and welcome to G2G,

I see you have two or more antivirus programs installed and running at the same time. Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I strongly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel.

====================================

Click Download RogueRemover . Select "Save" and save to your desktop.

Please put RogueRemover in it's own folder, (I create a new folder in C:\ named RogueRemover).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder RogueRemover.

Go to where your RogueRemover.zip is and Right Click on RogueRemover.zip, select Cut, then open the new folder you just created (RogueRemove) Right Click in the folder and select paste.

Double click on the file named RogueRemover.zip and unzip it to C:\RogueRemover

Double click on the file named RogueRemover.exe and select Scan.
The program will walk you through the remaining steps.

==================================

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply along with a fresh HijackThis log please.
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

  • 0

#3
Moeror
Posted 15 June 2007 - 08:21 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
I cut down to only 1 AV program. here are the logs you requested.

COMBOFIX:
ComboFix 07-06-13.7 - C:\Documents and Settings\Sean\Desktop\ComboFix.exe
"Sean" - 2007-06-15 22:10:37 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rqrommk.dll
C:\WINDOWS\system32\tuvttsq.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-15 22:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:05 <DIR> d-------- C:\Program Files\The Silver Lining Demo RC1
2007-06-14 14:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\SUPERAntiSpyware.com
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-12 18:32 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-12 18:32 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-12 18:32 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-12 18:32 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-12 18:32 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-12 18:32 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-12 18:32 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-11 14:19 <DIR> d-------- C:\Program Files\LucasArts
2007-06-08 16:52 <DIR> d-------- C:\WINDOWS\nview
2007-06-08 16:30 <DIR> d-------- C:\WINDOWS\NV14481564.TMP
2007-06-08 16:27 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-08 05:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-07 22:18 <DIR> d-------- C:\Program Files\StarWarsGalaxies
2007-06-07 20:02 <DIR> d-------- C:\Program Files\Focus
2007-06-07 19:51 35 --a------ C:\DOCUME~1\Sean\readme.bat
2007-06-04 05:48 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-01 16:03 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-01 16:03 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-01 16:03 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-01 16:03 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-01 16:03 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-01 15:59 <DIR> d-------- C:\Program Files\Reality Pump
2007-06-01 15:56 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-06-01 15:56 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-05-31 00:03 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-31 00:03 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-31 00:02 <DIR> d-------- C:\WINDOWS\system32\T7
2007-05-31 00:02 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-31 00:02 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-31 00:02 <DIR> d-------- C:\Temp
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 18:10:11 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 18:19:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 01:52:58 -------- d-----w C:\DOCUME~1\Sean\APPLIC~1\IGN_DLM
2007-06-06 01:09:48 -------- d-----w C:\Program Files\AIM6
2007-06-01 03:45:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-01 02:16:36 -------- d-----w C:\Program Files\Yahoo!
2007-06-01 02:16:36 -------- d-----w C:\Program Files\World of Warcraft
2007-06-01 02:16:30 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-06-01 02:15:40 -------- d-----w C:\Program Files\QuickTime
2007-06-01 02:15:39 -------- d-----w C:\Program Files\Pcsx2
2007-06-01 02:15:37 -------- d-----w C:\Program Files\Modem Helper
2007-06-01 02:15:25 -------- d-----w C:\Program Files\Dell
2007-06-01 02:15:19 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-01 02:15:07 -------- d-----w C:\Program Files\Ares
2007-05-16 19:01:12 -------- d-----w C:\Program Files\EverQuest
2007-05-14 07:49:08 -------- d-----w C:\Program Files\Sony
2007-05-14 03:09:28 -------- d-----w C:\Program Files\EQ2iDB
2007-05-12 22:55:36 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-05-07 20:41:30 -------- d-----w C:\Program Files\THQ
2007-05-06 02:30:21 -------- d-----w C:\Program Files\Viewpoint
2007-05-04 20:31:00 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-04 20:31:00 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-04 01:18:37 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2007-05-03 07:25:38 -------- d-----w C:\Program Files\iTunes
2007-05-03 07:25:31 -------- d-----w C:\Program Files\iPod
2007-05-03 07:23:24 -------- d-----w C:\Program Files\Apple Software Update
2007-04-30 06:30:28 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-06 03:03:07 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 01:17:25 24 ----a-w C:\DUKE3D.BAT
2007-01-04 18:25:41 104 --sh--r C:\WINDOWS\system32\5397F8FCB6.sys
2006-08-25 05:26:33 88 --sh--r C:\WINDOWS\system32\B6FCF89753.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"HostManager"="C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe" [2006-05-09 20:24]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NI.UWA7P_0001_N91M0809"="C:\DOCUME~1\Sean\LOCALS~1\Temp\WinAntiVirusPro2007FreeInstall.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


Contents of the 'Scheduled Tasks' folder
2007-06-13 10:57:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 22:16:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-15 22:17:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-15 22:17

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rqrommk.dll
C:\WINDOWS\system32\tuvttsq.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))



HIJACKTHIS2

Logfile of HijackThis v1.99.1
Scan saved at 22:19, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\ComboFix\catchme.cfexe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\DOCUME~1\Sean\LOCALS~1\Temp\WinAntiVirusPro2007FreeInstall.exe" -nag
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware....phin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#4
amateur
Posted 15 June 2007 - 09:04 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hi,

Open notepad and copy/paste the text inside the codebox below into it:

Folder::
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T1QaSQ


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWA7P_0001_N91M0809"=-
Save this as ComboFix-Do.txt Posted Image
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

=========================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The JSE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

==========================================

Run Combofix again and save the log.

==========================================

Restart your computer.

==========================================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.
Copy and paste that information from Kapersky in your next post along with a fresh HijackThis log and the Combofix log.
  • 0

#5
Moeror
Posted 17 June 2007 - 03:29 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
As stated above my internet doesn't work. And it still doesn't after the first few things you told me to do. I can't do the online scanner. I tried just downloading their AV program but you need internet connection to even activate the trial version. I am posting the logs from the first ComboFix with the DO text and the final combo fix after I installled up to date Java.


First ComboFix
ComboFix 07-06-13.7 - C:\Documents and Settings\Sean\Desktop\ComboFix.exe
"Sean" - 2007-06-17 16:57:44 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Sean\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\T1QaSQ
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T7\mycleanerpc.exe


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-15 22:26 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-06-15 22:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:05 <DIR> d-------- C:\Program Files\The Silver Lining Demo RC1
2007-06-14 14:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\SUPERAntiSpyware.com
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-12 18:32 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-12 18:32 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-12 18:32 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-12 18:32 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-12 18:32 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-12 18:32 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-12 18:32 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-11 14:19 <DIR> d-------- C:\Program Files\LucasArts
2007-06-08 16:52 <DIR> d-------- C:\WINDOWS\nview
2007-06-08 16:30 <DIR> d-------- C:\WINDOWS\NV14481564.TMP
2007-06-08 16:27 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-08 05:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-07 20:02 <DIR> d-------- C:\Program Files\Focus
2007-06-07 19:51 35 --a------ C:\DOCUME~1\Sean\readme.bat
2007-06-04 05:48 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-01 16:03 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-01 16:03 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-01 16:03 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-01 16:03 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-01 16:03 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-01 15:59 <DIR> d-------- C:\Program Files\Reality Pump
2007-06-01 15:56 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-06-01 15:56 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-05-31 00:03 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-31 00:03 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-31 00:02 <DIR> d-------- C:\Temp
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 18:10:11 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 18:19:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 01:52:58 -------- d-----w C:\DOCUME~1\Sean\APPLIC~1\IGN_DLM
2007-06-06 01:09:48 -------- d-----w C:\Program Files\AIM6
2007-06-01 03:45:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-01 02:16:36 -------- d-----w C:\Program Files\Yahoo!
2007-06-01 02:16:36 -------- d-----w C:\Program Files\World of Warcraft
2007-06-01 02:16:30 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-06-01 02:15:40 -------- d-----w C:\Program Files\QuickTime
2007-06-01 02:15:39 -------- d-----w C:\Program Files\Pcsx2
2007-06-01 02:15:37 -------- d-----w C:\Program Files\Modem Helper
2007-06-01 02:15:25 -------- d-----w C:\Program Files\Dell
2007-06-01 02:15:19 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-01 02:15:07 -------- d-----w C:\Program Files\Ares
2007-05-16 19:01:12 -------- d-----w C:\Program Files\EverQuest
2007-05-14 07:49:08 -------- d-----w C:\Program Files\Sony
2007-05-14 03:09:28 -------- d-----w C:\Program Files\EQ2iDB
2007-05-12 22:55:36 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-05-07 20:41:30 -------- d-----w C:\Program Files\THQ
2007-05-06 02:30:21 -------- d-----w C:\Program Files\Viewpoint
2007-05-04 20:31:00 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-04 20:31:00 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-04 01:18:37 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2007-05-03 07:25:38 -------- d-----w C:\Program Files\iTunes
2007-05-03 07:25:31 -------- d-----w C:\Program Files\iPod
2007-05-03 07:23:24 -------- d-----w C:\Program Files\Apple Software Update
2007-04-30 06:30:28 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-06 03:03:07 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-01-04 18:25:41 104 --sh--r C:\WINDOWS\system32\5397F8FCB6.sys
2006-08-25 05:26:33 88 --sh--r C:\WINDOWS\system32\B6FCF89753.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"HostManager"="C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe" [2006-05-09 20:24]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


Contents of the 'Scheduled Tasks' folder
2007-06-13 10:57:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 16:59:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 16:59:42
C:\ComboFix-quarantined-files.txt ... 2007-06-17 16:59
C:\ComboFix2.txt ... 2007-06-15 22:18

--- E O F ---


2nd ComboFox with java update

ComboFix 07-06-13.7 - C:\Documents and Settings\Sean\Desktop\ComboFix.exe
"Sean" - 2007-06-17 17:07:28 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-15 22:26 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-06-15 22:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:05 <DIR> d-------- C:\Program Files\The Silver Lining Demo RC1
2007-06-14 14:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\Sean\APPLIC~1\SUPERAntiSpyware.com
2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-12 18:32 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-12 18:32 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-12 18:32 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-12 18:32 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-12 18:32 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-12 18:32 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-12 18:32 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-11 14:19 <DIR> d-------- C:\Program Files\LucasArts
2007-06-08 16:52 <DIR> d-------- C:\WINDOWS\nview
2007-06-08 16:30 <DIR> d-------- C:\WINDOWS\NV14481564.TMP
2007-06-08 16:27 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-08 05:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-07 20:02 <DIR> d-------- C:\Program Files\Focus
2007-06-07 19:51 35 --a------ C:\DOCUME~1\Sean\readme.bat
2007-06-04 05:48 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-01 16:03 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-01 16:03 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-01 16:03 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-01 16:03 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-01 16:03 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-01 15:59 <DIR> d-------- C:\Program Files\Reality Pump
2007-06-01 15:56 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-06-01 15:56 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-05-31 00:03 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-31 00:03 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-31 00:02 <DIR> d-------- C:\Temp
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-25 00:24 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 18:10:11 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 18:19:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 01:52:58 -------- d-----w C:\DOCUME~1\Sean\APPLIC~1\IGN_DLM
2007-06-06 01:09:48 -------- d-----w C:\Program Files\AIM6
2007-06-01 03:45:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-01 02:16:36 -------- d-----w C:\Program Files\Yahoo!
2007-06-01 02:16:36 -------- d-----w C:\Program Files\World of Warcraft
2007-06-01 02:16:30 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-06-01 02:15:40 -------- d-----w C:\Program Files\QuickTime
2007-06-01 02:15:39 -------- d-----w C:\Program Files\Pcsx2
2007-06-01 02:15:37 -------- d-----w C:\Program Files\Modem Helper
2007-06-01 02:15:25 -------- d-----w C:\Program Files\Dell
2007-06-01 02:15:19 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-01 02:15:07 -------- d-----w C:\Program Files\Ares
2007-05-16 19:01:12 -------- d-----w C:\Program Files\EverQuest
2007-05-14 07:49:08 -------- d-----w C:\Program Files\Sony
2007-05-14 03:09:28 -------- d-----w C:\Program Files\EQ2iDB
2007-05-12 22:55:36 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-05-07 20:41:30 -------- d-----w C:\Program Files\THQ
2007-05-06 02:30:21 -------- d-----w C:\Program Files\Viewpoint
2007-05-04 20:31:00 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-04 20:31:00 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-04 01:18:37 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2007-05-03 07:25:38 -------- d-----w C:\Program Files\iTunes
2007-05-03 07:25:31 -------- d-----w C:\Program Files\iPod
2007-05-03 07:23:24 -------- d-----w C:\Program Files\Apple Software Update
2007-04-30 06:30:28 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-06 03:03:07 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-01-04 18:25:41 104 --sh--r C:\WINDOWS\system32\5397F8FCB6.sys
2006-08-25 05:26:33 88 --sh--r C:\WINDOWS\system32\B6FCF89753.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"HostManager"="C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe" [2006-05-09 20:24]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


Contents of the 'Scheduled Tasks' folder
2007-06-13 10:57:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 17:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 17:11:33
C:\ComboFix-quarantined-files.txt ... 2007-06-17 17:11
C:\ComboFix2.txt ... 2007-06-17 16:59
C:\ComboFix3.txt ... 2007-06-15 22:18

--- E O F ---

Edited by Moeror, 17 June 2007 - 03:32 PM.

  • 0

#6
amateur
Posted 17 June 2007 - 04:38 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts

Edited by amateur, 17 June 2007 - 04:56 PM.

  • 0

#7
amateur
Posted 17 June 2007 - 05:55 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts

  • 0

#8
amateur
Posted 17 June 2007 - 06:14 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Sorry about the previous empty posts. There is a problem with the forum software. The only way I can post is by using the quote box.

Hi,

As stated above my internet doesn't work. And it still doesn't after the first few things you told me to do. I can't do the online scanner. I tried just downloading their AV program but you need internet connection to even activate the trial version.


Whose AV program did you try downloading that you could not activate? Since you already have AVAST installed, you don't need to download another antivirus application. Have you talked to your ISP about the internet connection problem? At the moment, it doesn't appear to be malware related.

Let's try a couple of things.

Go to start > run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
hit enter.

============================

Restart your computer.

============================

Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread along with a fresh HijackThis log please.
==============================

We can also try another scanner that doesn't require you to be connected to the internet during the scan.

Please download Dr.Web CureIt to the desktop.

It's crucial that you follow this next step exactly as instructed: Do not multi-task while the scan is running...only DrWeb can be active
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.
Things to post back:
haxlog.txt
Dr.Web report
A fresh HijackThis log


P.S. Let me know if you're able to connect to the internet.

Edited by amateur, 17 June 2007 - 06:15 PM.

  • 0

#9
Moeror
Posted 18 June 2007 - 01:22 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
It's not my ISP, my Xbox live, laptop and my mothers computer work fine, this is the only computer that can't use the internet. I've tried resetting the router and everything. I've even tried directly connecting it to modeom still no go. The internet still doesn't work. Here are the logs.

HAXLOG
HAXFIX logfile - by Marckie

version 4.46
2007-06-18 1:30:25.65

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
no matching services found

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected


--- Catchme logfile - thank you Gmer ---

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 01:30:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{CDDE2CD3-A543-1ACF-B486-8671FDA00409}\01\10-{CDDE2CD3-A543-1ACF-B486-8671FDA00409}-v1-{AC83E470-3903-4D75-BEB0-7EAAE3723CF6}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!

DrWeb
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3899.1.16;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3991.4.16;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4000.1.4;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4024.2.4;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1;Probably BACKDOOR.Trojan;Moved.;
Process.exe;C:\Program Files\HaxFix;Tool.Prockill;Moved.;
rqrommk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
tuvttsq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
A0091462.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470;Trojan.Virtumod;Deleted.;
A0091463.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470;Trojan.Virtumod;Deleted.;
A0096142.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP475;Trojan.Click.1487;Deleted.;
process.exe;C:\WINDOWS\system32;Tool.Prockill;Moved.;



Hijack

Logfile of HijackThis v1.99.1
Scan saved at 3:18:09 PM, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146117766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware....phin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#10
amateur
Posted 18 June 2007 - 03:25 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hi,

The log is clean. The reason I asked if you contacted your ISP is not because there is a problem with their connection but because this particular computer may need to be reconfigured with their IP/DNS data. It is possible that your Internet Service Provider requires specific settings.

Also, check and make sure that your firewall is not preventing Internet Explorer from running.

=======================================

Let's reset your IP configuration again:

Go to Start>Run and type: cmd and press enter. A dos window will be opened. Type: ipconfig It will take about a minute before it would give you your IP address. Next type: ipconfig /release press enter. Wait about 1 minute. The ip address will be changed to 00.00.000. Next, type: ipconfig /renew and press enter. Wait another minute before it can renew the ip settings.

=======================================

If that didn't work, try this:

Disconnect computer from the the modem/router. Unplug the modem/router from the power source.

Next go to start>run type cmd and hit OK
Type ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

=======================================

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.

=======================================

Shut down your computer. Unplug from the power source and wait a minute. Then plug it back.

=======================================

Connect the modem/router to the power. Connect the modem/router to the computer.

=======================================

Turn on your computer.

======================================

Check if you can connect to the internet now.

======================================

Do you have any other browsers installed? Can you connect to the internet with them? If you don't have another browser, let's get one and see if you are able to browse the internet with it.

You can download the installer for Firefox from here > http://download.mozi....win&lang=en-US

====================================

Can you also peek into this folder and let me know what's in there:

C:\Temp

====================================

Let me know how all that went.
  • 0

Advertisements

#11
Moeror
Posted 18 June 2007 - 03:44 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Whenever I tried eitherof those dos commands a message came up it says this
"Windows IP Configuration
An internal error occured: The request is not supported
Please contact Microsoft product Support for further help
Additional information: unable to query host name"
  • 0

#12
amateur
Posted 18 June 2007 - 07:22 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Let's try couple more things.
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • Move nothing just click Finish.
  • Restart Your PC
=================================

Open Control Panel and Network Connections. Double click your local area
connection to open the status window. Click the Support tab then click
repair.
  • 0

#13
Moeror
Posted 19 June 2007 - 10:15 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
No go im beginning to think im cursed. This came up when I tried the repair option :Failed to query TCP/IP settings of the connection. Cannot proceed."
n the network connections window along with local internet, it's disabled.

Edited by Moeror, 19 June 2007 - 10:42 PM.

  • 0

#14
amateur
Posted 20 June 2007 - 08:05 AM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hi,

"cursed", nope, I don't think so. Something is missing somewhere and we'll find it out somehow. As I said earlier, this doesn't appear to be malware related.

I have a couple of questions:

1. When did you start having problems connecting to the internet?

2. Did you try other browsers as I suggested in my post #10?

3. Did you also check what's inside this folder as requested in my post #10
C:\Temp

I would like you to go to "Tools" in Internet Explorer and check if the "Work Offline" is checked. If it is, uncheck it.


Please download HostsXpert from the link below.

Download the HostsXpert. Here: http://www.funkytoad...load/hoster.zip
  • Unzip HostsXpert. to your desktop
  • Open up the HostsXpert program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore original host files
  • Close program when complete.

Warning: if you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them
  • 0

#15
Moeror
Posted 20 June 2007 - 02:21 PM

Moeror

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
I have tried other browsers nothing
Nothing is in my Temp folder.
THe day it happened I had used the internet that morning, then I went to the mall with m girlfriend, and when I came home in the eveing, my AV program wouldn't scan C and my wireless mouse and keyboard wouldnt work either, this is when the internet stopped working.
Still no go :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP