Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My topic is more than 3 days old.

Started by craig111 , Dec 27 2007 07:37 PM

  • Please log in to reply

#1
craig111
Posted 27 December 2007 - 07:37 PM

craig111

    New Member

  • Member
  • Pip
  • 5 posts
Here is a link to my original thread:

http://www.geekstogo...-d-t180738.html

I'm on Windows XP, and am having issues with malware, and persistent pop-ups as well as icons being added to my desktop (for things like online dating, casinos, ect.)

No harm, no foul on not getting to my topic. Hope you guys had a good holiday. Thanks so much, in advance, for your help. :)

p.s. I ran hijackthis just in case it might help you guys out. Here's my log:


Logfile of HijackThis v1.99.1
Scan saved at 7:21:21 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\avp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA .EXE
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\QuickTime\QTTask .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\WINDOWS\mgrs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\AOL\1175609966\ee\aolsoftware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccd.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175609966\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PO6634~3.EXE" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm565YYUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

Advertisements

#2
amateur
Posted 27 December 2007 - 08:08 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hello and welcome to G2G :)

[url="http://www.bleepingcomputer.com""]www.bleepingcomputer.com[/url]
[url="http://www.forospyware.com""]www.forospyware.com[/url]
[url="http://www.geekstogo.com""]www.geekstogo.com[/url]

1. Please choose any of the above links to download the file & save it to your Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Edited by amateur, 27 December 2007 - 08:13 PM.

  • 0

#3
craig111
Posted 03 January 2008 - 03:07 PM

craig111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK I ran combofix. Here's the combofix log and then I did a new hijack this log and here it is as well.

COMBOFIX LOG

ComboFix 08-01-03.3 - Compaq_Owner 2008-01-03 14:57:30.2 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Compaq_Owner\Application Data\printer.exe
C:\Documents and Settings\Compaq_Owner\Application Data\ultra
C:\Documents and Settings\Compaq_Owner\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Compaq_Owner\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Compaq_Owner\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Compaq_Owner\Desktop\Go to Casino.lnk
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\Common Files\AOL\1175609966\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Download Manager\DLM.exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\avp .exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mgrs.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\sw31Olw8vGuc.exe
C:\WINDOWS\PerfInfo\sw31Olw8vGud.exe
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ceikapnq.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.exe
C:\WINDOWS\system32\drdsoifc.exe
C:\WINDOWS\system32\emsaeuts.dll
C:\WINDOWS\system32\hdymvpey.dll
C:\WINDOWS\system32\jbefwdfi.dll
C:\WINDOWS\system32\kigeevkc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\lvdkxven.exe
C:\WINDOWS\system32\mcesbpim.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlievhpw.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\oausoruw.dll
C:\WINDOWS\system32\ocfcfwix.exe
C:\WINDOWS\system32\olmsrlin.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\qnpakiec.dll
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\stueasme.ini
C:\WINDOWS\system32\vcehgswa.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wphveilm.dll
C:\WINDOWS\system32\xgxephau.exe
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\ybkrjndx.dll
C:\WINDOWS\system32\ycnlvwlh.dll
C:\WINDOWS\system32\yurfaktm.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 14:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 13:43 . 2008-01-03 13:43 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\EasySpywareCleaner.com
2008-01-03 13:42 . 2008-01-03 15:16 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-03 11:24 . 2008-01-03 11:24 1,036,162 ---hs---- C:\WINDOWS\system32\yncpvsyv.ini
2008-01-01 11:21 . 2008-01-02 11:24 1,031,398 ---hs---- C:\WINDOWS\system32\cjdltdwk.ini
2007-12-30 10:55 . 2007-12-31 10:55 1,031,199 ---hs---- C:\WINDOWS\system32\mxdlaemu.ini
2007-12-28 10:52 . 2007-12-30 10:53 1,031,139 ---hs---- C:\WINDOWS\system32\hqtixgda.ini
2007-12-25 23:25 . 2008-01-03 15:16 <DIR> d-------- C:\Program Files\PowerISO
2007-12-23 19:45 . 2007-12-23 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 17:00 . 2007-12-23 17:00 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Viewpoint
2007-12-22 12:12 . 2007-12-22 12:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Quark
2007-12-22 11:43 . 2007-12-22 11:43 <DIR> d-------- C:\Program Files\Quark
2007-12-22 11:43 . 2007-12-22 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Quark
2007-12-22 01:55 . 2007-12-22 01:58 <DIR> d-------- C:\Program Files\Redblade 3.5e
2007-12-21 16:28 . 2007-12-21 16:28 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft
2007-12-21 13:01 . 2007-12-23 19:01 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-21 12:10 . 2007-12-21 12:10 30,800 --a------ C:\WINDOWS\xpupdate .exe
2007-12-21 12:09 . 2007-12-23 18:25 357,888 --a------ C:\WINDOWS\avp .exe
2007-12-21 12:08 . 2008-01-03 14:12 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-21 01:47 . 2007-12-21 02:29 <DIR> d-------- C:\Program Files\MalwareAlarm
2007-12-21 01:47 . 2007-12-21 01:47 1,283,174 --a------ C:\Install
2007-12-21 01:47 . 2007-12-21 01:47 39,936 --a------ C:\WINDOWS\system32\yayabbb.dll
2007-12-12 11:58 . 2008-01-03 14:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-12 11:58 . 2007-12-12 11:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-12 11:55 . 2008-01-03 15:16 <DIR> d-------- C:\Program Files\iTunes
2007-12-12 04:18 . 2007-12-12 04:18 <DIR> d-------- C:\Program Files\Undisker
2007-12-11 23:12 . 2007-12-11 23:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-11 23:12 . 2007-12-11 23:12 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-11 23:12 . 2007-12-11 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 05:36 . 2008-01-03 15:16 <DIR> d-------- C:\Program Files\Download Manager
2007-12-11 05:36 . 2007-12-11 05:42 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\IGN_DLM
2007-12-11 05:07 . 2007-12-11 05:07 <DIR> d-------- C:\GameSpy Arcade Setup
2007-12-07 11:46 . 2007-10-10 18:55 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 11:46 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-07 11:46 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-07 11:46 . 2007-10-10 18:55 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 11:46 . 2007-10-10 18:55 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 11:46 . 2007-10-10 18:55 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 11:46 . 2007-10-10 18:55 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 11:46 . 2007-10-10 18:55 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 11:46 . 2007-10-10 05:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 20:16 --------- d-----w C:\Program Files\QuickTime
2008-01-03 20:16 --------- d-----w C:\Program Files\BitTorrent
2007-12-28 20:50 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\U3
2007-12-26 04:44 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
2007-12-23 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 20:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-21 23:13 --------- d-----w C:\Program Files\Google
2007-12-21 22:43 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2007-12-14 10:17 --------- d-----w C:\Program Files\Stuff
2007-12-12 16:56 --------- d-----w C:\Program Files\iPod
2007-12-12 04:13 --------- d-----w C:\Program Files\Apple Software Update
2007-12-11 10:13 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-11 08:50 --------- d-----w C:\Program Files\Black Isle
2007-12-07 18:17 --------- d-----w C:\Program Files\Acro Software
2007-12-07 18:00 --------- d-----w C:\Program Files\Yahoo!
2007-12-07 18:00 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2007-12-07 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-12-07 17:59 --------- d-----w C:\Program Files\Yahoo SiteBuilder
2007-12-05 07:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 02:05 2,540 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-12-02 13:12 --------- d-----w C:\Program Files\Irrational Games
2007-12-02 13:05 --------- d-----w C:\Program Files\Diablo
2007-12-02 13:02 118,784 ----a-w C:\WINDOWS\DiabUnin.exe
2007-12-02 13:02 --------- d-----w C:\Program Files\Spawn
2007-12-02 12:51 --------- d-----w C:\Program Files\MySpace
2007-11-30 12:58 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-30 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-29 13:48 --------- d-----w C:\Program Files\Verizon Wireless
2007-11-29 13:48 --------- d-----w C:\Program Files\LG Electronics
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-09 22:54 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
----a-w			43,008 2007-12-26 04:42:26  C:\Program Files\BitTorrent\bittorrent		 .exe
----a-w			43,008 2007-12-28 00:48:05  C:\Program Files\BitTorrent\bittorrent   .exe
----a-w		   398,848 2008-01-03 19:11:06  C:\Program Files\BitTorrent\bittorrent .exe
----a-w			50,736 2008-01-03 19:32:44  C:\Program Files\Common Files\AOL\1175609966\EE\AOLSoftware .exe
----a-w			71,216 2008-01-03 19:13:04  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w		   180,269 2008-01-03 19:12:54  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			48,752 2007-12-21 21:13:20  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		 1,103,480 2008-01-03 19:13:57  C:\Program Files\Download Manager\DLM .exe
----a-w		   305,490 2008-01-03 19:13:38  C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe
----a-w			68,856 2008-01-03 19:13:52  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 1,942,016 2008-01-03 20:53:55  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp		 .exe
----a-w		 1,942,016 2007-12-28 00:46:41  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp	   .exe
----a-w		 1,942,016 2007-12-27 23:30:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp	  .exe
----a-w		 1,942,016 2007-12-26 04:39:43  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp	 .exe
----a-w		 1,942,016 2007-12-24 05:47:16  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp	.exe
----a-w		 1,942,016 2007-12-24 00:01:54  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp   .exe
----a-w		 1,942,016 2007-12-23 21:10:52  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
----a-w		 1,942,016 2007-12-21 21:11:14  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w			49,152 2008-01-03 19:12:44  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w		   267,048 2008-01-03 19:13:14  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   454,656 2008-01-03 19:12:51  C:\Program Files\Logitech\Video\ISStart .exe
----a-w		   212,992 2008-01-03 19:12:51  C:\Program Files\Logitech\Video\LogiTray .exe
----a-w		   167,936 2008-01-03 19:13:25  C:\Program Files\PowerISO\SCDEmuApp .exe
----a-w		   464,896 2007-12-28 00:47:20  C:\Program Files\Pure Networks\Port Magic\PO4A1A~1 .EXE
----a-w		   464,896 2008-01-03 19:11:44  C:\Program Files\Pure Networks\Port Magic\PO4A1A~2 .EXE
----a-w		   464,896 2008-01-03 20:00:17  C:\Program Files\Pure Networks\Port Magic\PO4A1A~3 .EXE
----a-w		   464,896 2008-01-03 20:53:57  C:\Program Files\Pure Networks\Port Magic\PO4A1A~4 .EXE
----a-w		   464,896 2007-12-24 00:02:49  C:\Program Files\Pure Networks\Port Magic\PO6634~1 .EXE
----a-w		   464,896 2007-12-24 05:47:47  C:\Program Files\Pure Networks\Port Magic\PO6634~2 .EXE
----a-w		   464,896 2007-12-26 04:40:07  C:\Program Files\Pure Networks\Port Magic\PO6634~3 .EXE
----a-w		   464,896 2007-12-27 23:30:34  C:\Program Files\Pure Networks\Port Magic\PO6634~4 .EXE
----a-w		   464,896 2007-12-21 18:01:44  C:\Program Files\Pure Networks\Port Magic\PortAOL .exe
----a-w		   464,896 2007-12-21 19:47:35  C:\Program Files\Pure Networks\Port Magic\PORTAO~1 .EXE
----a-w		   464,896 2007-12-21 21:11:41  C:\Program Files\Pure Networks\Port Magic\PORTAO~2 .EXE
----a-w		   464,896 2007-12-23 20:52:34  C:\Program Files\Pure Networks\Port Magic\PORTAO~3 .EXE
----a-w		   464,896 2007-12-23 21:11:20  C:\Program Files\Pure Networks\Port Magic\PORTAO~4 .EXE
----a-w		   649,216 2008-01-03 19:11:45  C:\Program Files\QuickTime\qttask .exe
----a-w		 4,670,968 2007-12-21 18:03:53  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w		   357,888 2007-12-23 23:25:54  C:\WINDOWS\avp .exe
----a-w			30,800 2007-12-21 17:10:48  C:\WINDOWS\xpupdate .exe
----a-w			15,360 2007-12-24 00:01:45  C:\WINDOWS\system32\ctfmon .exe
----a-w		   221,184 2008-01-03 19:12:50  C:\WINDOWS\system32\LVCOMSX .EXE
----a-w			98,304 2008-01-03 19:12:59  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA .EXE


((((((((((((((((((((((((((((( snapshot@2007-12-23_19.04.15.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-26 23:42:11 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
- 2007-12-22 22:30:58 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-27 00:28:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-22 22:30:58 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-27 00:28:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-22 22:30:58 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-27 00:28:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-24 00:01:03 352,256 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-04 12:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-04 19:00:00 36,992 ----a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-04 19:00:00 37,376 ----a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2004-08-04 19:00:00 262,528 ----a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2004-08-04 19:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2004-08-04 19:00:00 36,480 ----a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-17 20:46:40 6,400 ----a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2004-08-04 19:00:00 12,160 ----a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2004-08-04 19:00:00 63,744 ----a-w C:\WINDOWS\system32\dllcache\mf.sys
+ 2004-08-04 19:00:00 12,032 ----a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
+ 2004-08-04 12:00:00 3,456 ----a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
+ 2004-08-04 19:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\p3.sys
+ 2004-08-04 13:01:16 196,864 ----a-w C:\WINDOWS\system32\dllcache\rdpdr.sys
+ 2004-08-04 19:00:00 12,032 ----a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2004-08-04 19:00:00 12,032 ----a-w C:\WINDOWS\system32\dllcache\riodrv.sys
+ 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\dllcache\sdbus.sys
+ 2004-08-04 12:00:00 15,488 ----a-w C:\WINDOWS\system32\dllcache\serenum.sys
+ 2004-08-04 12:00:00 11,136 ----a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-04 12:00:00 10,240 ----a-w C:\WINDOWS\system32\dllcache\sffp_sd.sys
+ 2004-08-04 19:00:00 25,472 ----a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
+ 2004-08-04 19:00:00 51,712 ----a-w C:\WINDOWS\system32\dllcache\tosdvd.sys
+ 2004-08-04 19:00:00 21,376 ----a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2004-08-04 19:00:00 12,416 ----a-w C:\WINDOWS\system32\dllcache\tunmp.sys
+ 2004-08-04 19:00:00 23,808 ----a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2004-08-04 19:00:00 23,936 ----a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
+ 2004-08-04 19:00:00 16,000 ----a-w C:\WINDOWS\system32\dllcache\usbintel.sys
+ 2004-08-04 19:00:00 58,112 ----a-w C:\WINDOWS\system32\dllcache\vdmindvd.sys
+ 2005-10-16 01:15:41 27,171 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
- 2007-12-07 08:28:06 64,064 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-02 18:44:53 64,064 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-07 08:28:06 405,640 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-02 18:44:53 405,640 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-14 02:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
C:\Program Files\iVideoCodec\isaddon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7121DDE6-6D07-4D54-BCED-41C5CD2A6935}]
2008-01-03 15:53 331776 --a------ C:\WINDOWS\system32\ddccd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent .exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [2008-01-03 15:53 1942016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1175609966\ee\AOLSoftware.exe" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PO579B~1.exe" [2008-01-03 15:53 464896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [ ]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"EasySpywareCleaner"="C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe" [ ]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-07 04:17:16]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-11-29 08:48:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-07 04:17:16]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-08 15:55:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sw31Olw8vG"= rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ddccd.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddccd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-08-01 02:26]
S3 ATIXPGAA;ATIXPGAA;C:\pcdr5\ATIXPGAA.SYS []
S3 jfdcd;jfdcd;C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\jfdcd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d41b964-f018-11da-8b0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 22:20:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-03 20:57:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 15:52:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\dccdd.ini 319 bytes
C:\WINDOWS\system32\dccdd.ini2 319 bytes
C:\WINDOWS\system32\ddccd.exe 335360 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddccd.dll
-> C:\Program Files\WinRAR\rarext.dll
.
Completion time: 2008-01-03 16:00:32 - machine was rebooted [Compaq_Owner]
ComboFix-quarantined-files.txt 2008-01-03 21:00:24
ComboFix2.txt 2007-12-24 00:19:31
.
2007-12-15 08:19:03 --- E O F ---






HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 4:04:06 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175609966\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PO579B~1.EXE" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm565YYUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#4
craig111
Posted 26 January 2008 - 08:02 PM

craig111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK once again, I'm getting the run around here. :)

I've asked for help (this is the FOURTH time).

The first time no one helped.

The second time, I was ignored after I was told to post my hijackthis log.

It's clearly stated to not reply to your own topic so folks who can help, will know if you've been helped or not.

So I don't do that.

Instead I create yet another topic stating that my topic isn't only more than three days old (according to the rules) but is several weeks old now, and no one is helping.

Instead of any staff offering any help I get this:

http://www.geekstogo...07#entry1145507

Now then, can someone please help me.

I asked for help and followed the rules.

No one helped.

I asked again and followed the rules and posted my hijackthislog and no one replied then either.

Then I state no one is helping me and I get told to read the rules.

Yet the rules clearly state the following:

If your topic is 3 days old or more, and you haven't received a reply, please Start a new thread in The Waiting Room with ONLY:

* a link to your topic
* Brief description of your issue i.e Malware - Hardware- Application - Operating system.
* the date it was posted

This way the proper staff member will reply to your original topic and then will remove your post from this topic and move it to an archive once it's received a reply.

First I'd like to know what rule I'm breaking when all I'm doing is creating a new thread with the links to my topic(s) and a brief description.

Secondly, can someone please help me.

It's bad enough, I've been virtually ignored for weeks now, let alone getting told I'm breaking rules when all I did was what it says to do if no one is replying to you and it's been three or more days.

I'm not trying to cause an issue here, and I understand that people have real lives outside of the internet, but one can't blame me for being upset when all I'm doing is asking for help and instead of getting any, I'm being told I'm breaking rules when other rules clearly state to post the threads I've posted.

Any help offered is truly greatly appreciated.
  • 0

#5
amateur
Posted 28 January 2008 - 03:16 PM

amateur

    Trusted Helper

  • Malware Removal
  • 173 posts
Hi,

For an unknown reason which I'll bring up with the admin, I did not receive any notification when you replied. Sorry about that. Thank you for your patience and apologies again.

Combofix has been updated many times since you posted. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix


  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Edited by amateur, 28 January 2008 - 03:23 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP