Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another victim of Win32: TratBHO

Started by luytim , Mar 26 2008 04:11 PM

  • Please log in to reply

#1
luytim
Posted 26 March 2008 - 04:11 PM

luytim

    New Member

  • Member
  • Pip
  • 4 posts
Hi need help badly. Please need a walkthrough process to remove this virus. Please be patient with me too im no computer literate. Thanks in advanced. So far by reading some of the related topic heres what I have info by running Deckard's System Scanner (DSS):

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-26 14:50:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:49 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eb06193b-483e-8868-4d84-e9daadb4affb} - {bffa4bda-ad9e-48d4-8688-e384b39160be} - C:\WINDOWS\system32\ivhgcixq.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\vtusppo.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [BMd3379fb5] Rundll32.exe "C:\WINDOWS\system32\psnsfhoe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtusppo - vtusppo.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8033 bytes

-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-26 14:50:39 0 d-------- C:\Program Files\Trend Micro
2008-03-20 17:33:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-20 17:33:09 0 d-------- C:\Program Files\Hamachi
2008-03-17 17:18:36 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-03-16 23:17:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 23:17:00 0 d-------- C:\Program Files\Logitech
2008-03-16 23:14:13 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-15 17:05:12 0 d-------- C:\Program Files\StepMania
2008-03-13 15:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-03-13 15:59:43 0 d-------- C:\WINDOWS\system32\QuickTime
2008-03-13 15:59:23 0 d-------- C:\Program Files\Macromedia
2008-03-13 15:59:23 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-06 11:57:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2008-03-06 11:53:07 0 d-------- C:\Program Files\Opera
2008-02-29 19:18:21 0 d--hs---- C:\found.000
2008-02-27 12:25:04 270804 --ahs---- C:\WINDOWS\system32\cbeeg.ini2
2008-02-27 00:56:02 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-26 17:32:46 0 d-------- C:\WINDOWS\Sun
2008-02-26 17:26:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-02-26 17:19:46 0 d-------- C:\Program Files\Java
2008-02-26 17:19:34 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-03-26 14:09:20 0 d-------- C:\Documents and Settings\Owner\Application Data\WTablet
2008-03-26 14:09:03 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-26 12:51:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 12:41:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 12:03:25 0 d-------- C:\Program Files\Maxthon
2008-03-17 19:55:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Canon
2008-03-16 23:24:07 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-13 16:08:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-13 15:59:23 0 d-------- C:\Program Files\Common Files
2008-03-07 17:19:27 0 d-------- C:\Program Files\Soulseek
2008-02-27 12:16:07 276424 --ahs---- C:\WINDOWS\system32\jmllm.ini2
2008-02-24 13:34:26 239595 --ahs---- C:\WINDOWS\system32\yyadd.ini2
2008-02-23 13:21:14 0 d-------- C:\Program Files\Bethesda Softworks
2008-02-23 11:46:53 0 d-------- C:\Program Files\Common Files\Real
2008-02-23 11:46:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-02-21 20:00:37 0 d-------- C:\Program Files\DivX
2008-02-21 17:29:38 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-21 17:28:19 0 d-------- C:\Program Files\Microsoft.NET
2008-02-21 16:14:15 0 d-------- C:\Program Files\MSECache
2008-02-21 16:06:21 0 d-------- C:\Program Files\Kutchka
2008-02-21 16:06:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Kutchka
2008-02-21 16:05:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-16 13:38:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-15 20:39:35 0 d-------- C:\Program Files\Windows Journal Viewer
2008-02-15 20:25:41 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-15 20:24:02 0 d-------- C:\Program Files\Messenger
2008-02-15 15:26:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-15 15:25:49 0 d-------- C:\Program Files\Yahoo!
2008-02-13 20:57:34 0 d-------- C:\Program Files\SoundSpectrum
2008-02-13 20:44:36 298931 --ahs---- C:\WINDOWS\system32\ayadd.ini2
2008-02-12 17:10:10 0 d-------- C:\Program Files\GALA-NET
2008-02-11 14:12:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 11:05:43 0 d-------- C:\Program Files\Google
2008-02-08 14:50:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-02-07 16:16:40 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2008-02-07 12:26:00 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-02-06 13:36:10 0 d-------- C:\Program Files\MSN Messenger
2008-02-06 03:01:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-06 03:01:33 0 d-------- C:\Program Files\MSXML 4.0
2008-02-05 17:57:10 0 d-------- C:\Program Files\Windows Live
2008-02-05 16:48:11 0 d-------- C:\Program Files\Zune
2008-02-05 15:30:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-05 03:36:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GRETECH
2008-02-05 03:36:04 0 d-------- C:\Program Files\GRETECH
2008-02-04 23:42:45 0 d-------- C:\Program Files\uTorrent
2008-02-04 23:33:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-02-04 23:11:05 0 d-------- C:\Program Files\Tablet
2008-02-04 23:03:29 0 d-------- C:\Program Files\ScanSoft
2008-02-04 23:01:09 0 d-------- C:\Program Files\Canon
2008-02-04 22:50:24 0 d-------- C:\Program Files\CyberLink
2008-02-04 22:46:19 0 d-------- C:\Program Files\Creative
2008-02-04 22:41:32 0 d-------- C:\Program Files\HighCriteria
2008-02-04 22:38:44 0 d-------- C:\Program Files\Gabest
2008-02-04 22:37:36 35346 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-02-04 22:37:36 130048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-04 22:37:31 0 d-------- C:\Program Files\Illustrate
2008-02-04 22:36:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-02-04 22:35:31 0 d-------- C:\Program Files\Alwil Software
2008-02-04 22:27:46 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-04 22:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 22:26:53 0 d-------- C:\Program Files\Stardock
2008-02-04 22:26:53 0 d-------- C:\Program Files\Common Files\Stardock
2008-02-04 22:22:20 0 d-------- C:\Program Files\Roxio
2008-02-04 22:16:41 0 d-------- C:\Program Files\Digital Line Detect
2008-02-04 21:51:05 0 d-------- C:\Program Files\Intel
2008-02-04 21:10:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-02-04 21:07:17 0 d-------- C:\Program Files\microsoft frontpage
2008-02-04 21:06:49 0 -rahs---- C:\MSDOS.SYS
2008-02-04 21:06:49 0 -rahs---- C:\IO.SYS
2008-02-04 21:06:49 0 --a------ C:\CONFIG.SYS
2008-02-04 21:06:49 0 --a------ C:\AUTOEXEC.BAT
2008-02-04 21:05:27 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-04 21:05:22 0 d-------- C:\Program Files\Online Services
2008-02-04 21:04:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-04 21:04:25 0 d-------- C:\Program Files\Movie Maker
2008-02-04 21:03:57 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-04 21:03:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-04 21:02:52 0 d-------- C:\Program Files\Windows NT
2008-02-04 13:53:25 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-04 13:53:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-04 13:52:52 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-01-04 14:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bffa4bda-ad9e-48d4-8688-e384b39160be}]
C:\WINDOWS\system32\ivhgcixq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
C:\WINDOWS\system32\vtusppo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 08:12 PM]
"UIUCU"="C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:00 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"P17Helper"="P17.dll" [06/10/2004 09:51 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [05/11/2007 05:25 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [05/11/2007 05:26 PM]
"BMd3379fb5"="C:\WINDOWS\system32\psnsfhoe.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2/4/2008 10:26:59 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/16/2008 11:20:23 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\vtusppo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusppo]
vtusppo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d004ac29]
rundll32.exe "C:\WINDOWS\system32\omwdmiww.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"




-- End of Deckard's System Scanner: finished at 2008-03-26 14:51:10 ------------
  • 0

Advertisements

#2
Noviciate
Posted 26 March 2008 - 04:35 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingc...to-use-combofix
  • Please Note: This tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Also, run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
luytim
Posted 26 March 2008 - 09:37 PM

luytim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Im so SORRY I made a mistake I run the Combofix and FORGOT to donwload the "Windows Recovery Console"
and this is the only thing I got from "log C:\ComboFix.txt"

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

AND Heres the HJT uninstall_list.txt:

Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.2
avast! Antivirus
Canon MP Navigator 2.0
Canon MP450
Canon Utilities Easy-PhotoPrint
Creative MediaSource
dBpowerAMP Music Converter
Dell Driver Reset Tool
Dell ResourceCD
Digital Line Detect
DivX Codec
Easy-WebPrint
GOM Player
Google Earth
Hamachi 1.0.2.5
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Java™ 6 Update 3
KKopy
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech® Camera Driver
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Maxthon Browser (remove only)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
  • 0

#4
luytim
Posted 26 March 2008 - 10:40 PM

luytim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Heres the new DSS log after I made a mistake on the Combofix hopefully it still helpful:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-26 21:37:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:29 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eb06193b-483e-8868-4d84-e9daadb4affb} - {bffa4bda-ad9e-48d4-8688-e384b39160be} - C:\WINDOWS\system32\ivhgcixq.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [BMd3379fb5] Rundll32.exe "C:\WINDOWS\system32\psnsfhoe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtusppo - vtusppo.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7766 bytes

-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-26 20:26:15 0 d-------- C:\cmdcons
2008-03-26 19:54:26 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-26 19:54:26 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-26 19:54:26 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-26 19:54:26 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-26 14:50:39 0 d-------- C:\Program Files\Trend Micro
2008-03-20 17:33:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-20 17:33:09 0 d-------- C:\Program Files\Hamachi
2008-03-17 17:18:36 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-03-16 23:17:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 23:17:00 0 d-------- C:\Program Files\Logitech
2008-03-16 23:14:13 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-15 17:05:12 0 d-------- C:\Program Files\StepMania
2008-03-13 15:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-03-13 15:59:43 0 d-------- C:\WINDOWS\system32\QuickTime
2008-03-13 15:59:23 0 d-------- C:\Program Files\Macromedia
2008-03-13 15:59:23 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-06 11:57:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2008-03-06 11:53:07 0 d-------- C:\Program Files\Opera
2008-02-29 19:18:21 0 d--hs---- C:\found.000
2008-02-27 00:56:02 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-26 17:32:46 0 d-------- C:\WINDOWS\Sun
2008-02-26 17:26:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-02-26 17:19:46 0 d-------- C:\Program Files\Java
2008-02-26 17:19:34 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:10:52 0 d-------- C:\Documents and Settings\Owner\Application Data\WTablet
2008-03-26 14:09:03 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-26 12:51:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 12:41:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 12:03:25 0 d-------- C:\Program Files\Maxthon
2008-03-17 19:55:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Canon
2008-03-16 23:24:07 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-13 16:08:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-13 15:59:23 0 d-------- C:\Program Files\Common Files
2008-03-07 17:19:27 0 d-------- C:\Program Files\Soulseek
2008-02-23 13:21:14 0 d-------- C:\Program Files\Bethesda Softworks
2008-02-23 11:46:53 0 d-------- C:\Program Files\Common Files\Real
2008-02-23 11:46:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-02-21 20:00:37 0 d-------- C:\Program Files\DivX
2008-02-21 17:29:38 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-21 17:28:19 0 d-------- C:\Program Files\Microsoft.NET
2008-02-21 16:14:15 0 d-------- C:\Program Files\MSECache
2008-02-21 16:06:21 0 d-------- C:\Program Files\Kutchka
2008-02-21 16:06:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Kutchka
2008-02-21 16:05:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-16 13:38:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-15 20:39:35 0 d-------- C:\Program Files\Windows Journal Viewer
2008-02-15 20:25:41 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-15 20:24:02 0 d-------- C:\Program Files\Messenger
2008-02-15 15:26:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-15 15:25:49 0 d-------- C:\Program Files\Yahoo!
2008-02-13 20:57:34 0 d-------- C:\Program Files\SoundSpectrum
2008-02-12 17:10:10 0 d-------- C:\Program Files\GALA-NET
2008-02-11 14:12:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 11:05:43 0 d-------- C:\Program Files\Google
2008-02-08 14:50:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-02-07 16:16:40 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2008-02-07 12:26:00 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-02-06 13:36:10 0 d-------- C:\Program Files\MSN Messenger
2008-02-06 03:01:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-06 03:01:33 0 d-------- C:\Program Files\MSXML 4.0
2008-02-05 17:57:10 0 d-------- C:\Program Files\Windows Live
2008-02-05 16:48:11 0 d-------- C:\Program Files\Zune
2008-02-05 15:30:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-05 03:36:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GRETECH
2008-02-05 03:36:04 0 d-------- C:\Program Files\GRETECH
2008-02-04 23:42:45 0 d-------- C:\Program Files\uTorrent
2008-02-04 23:33:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-02-04 23:11:05 0 d-------- C:\Program Files\Tablet
2008-02-04 23:03:29 0 d-------- C:\Program Files\ScanSoft
2008-02-04 23:01:09 0 d-------- C:\Program Files\Canon
2008-02-04 22:50:24 0 d-------- C:\Program Files\CyberLink
2008-02-04 22:46:19 0 d-------- C:\Program Files\Creative
2008-02-04 22:41:32 0 d-------- C:\Program Files\HighCriteria
2008-02-04 22:38:44 0 d-------- C:\Program Files\Gabest
2008-02-04 22:37:36 35346 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-02-04 22:37:36 130048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-04 22:37:31 0 d-------- C:\Program Files\Illustrate
2008-02-04 22:36:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-02-04 22:35:31 0 d-------- C:\Program Files\Alwil Software
2008-02-04 22:27:46 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-04 22:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 22:26:53 0 d-------- C:\Program Files\Stardock
2008-02-04 22:26:53 0 d-------- C:\Program Files\Common Files\Stardock
2008-02-04 22:22:20 0 d-------- C:\Program Files\Roxio
2008-02-04 22:16:41 0 d-------- C:\Program Files\Digital Line Detect
2008-02-04 21:51:05 0 d-------- C:\Program Files\Intel
2008-02-04 21:10:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-02-04 21:07:17 0 d-------- C:\Program Files\microsoft frontpage
2008-02-04 21:06:49 0 -rahs---- C:\MSDOS.SYS
2008-02-04 21:06:49 0 -rahs---- C:\IO.SYS
2008-02-04 21:06:49 0 --a------ C:\CONFIG.SYS
2008-02-04 21:06:49 0 --a------ C:\AUTOEXEC.BAT
2008-02-04 21:05:27 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-04 21:05:22 0 d-------- C:\Program Files\Online Services
2008-02-04 21:04:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-04 21:04:25 0 d-------- C:\Program Files\Movie Maker
2008-02-04 21:03:57 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-04 21:03:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-04 21:02:52 0 d-------- C:\Program Files\Windows NT
2008-02-04 13:53:25 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-04 13:53:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-04 13:52:52 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-01-04 14:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bffa4bda-ad9e-48d4-8688-e384b39160be}]
C:\WINDOWS\system32\ivhgcixq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 08:12 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:00 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"P17Helper"="P17.dll" [06/10/2004 09:51 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [05/11/2007 05:25 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [05/11/2007 05:26 PM]
"BMd3379fb5"="C:\WINDOWS\system32\psnsfhoe.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2/4/2008 10:26:59 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/16/2008 11:20:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusppo]
vtusppo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d004ac29]
rundll32.exe "C:\WINDOWS\system32\omwdmiww.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"




-- End of Deckard's System Scanner: finished at 2008-03-26 21:38:01 ------------
  • 0

#5
Noviciate
Posted 27 March 2008 - 03:10 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Try CF again, but forget about the Recovery Console for now.
  • 0

#6
luytim
Posted 12 April 2008 - 02:07 AM

luytim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
so sorry it took awhile to reply. I've been busy. So Here is the CF:

ComboFix 08-04-11.5 - Owner 2008-04-11 22:39:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.146 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Favorites\.url
.
---- Previous Run -------
.
C:\WINDOWS\BMd3379fb5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aponvhep.ini
C:\WINDOWS\system32\aucgqfkd.ini
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\gfwxfcao.ini
C:\WINDOWS\system32\gqbfnoaq.ini
C:\WINDOWS\system32\grwrlard.ini
C:\WINDOWS\system32\hmkulxlv.ini
C:\WINDOWS\system32\hrqemnie.ini
C:\WINDOWS\system32\ibqokkmo.ini
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\kvvitrfi.ini
C:\WINDOWS\system32\kxfgopxb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mecnsitv.ini
C:\WINDOWS\system32\nbcxqppa.ini
C:\WINDOWS\system32\ourdcsor.ini
C:\WINDOWS\system32\rmbjoltg.ini
C:\WINDOWS\system32\shcvwwyt.ini
C:\WINDOWS\system32\tfyiqhrf.ini
C:\WINDOWS\system32\uhxlpuid.ini
C:\WINDOWS\system32\ulmjctbg.ini
C:\WINDOWS\system32\wwimdwmo.ini
C:\WINDOWS\system32\xpyvrgbf.ini
C:\WINDOWS\system32\yeyjllwp.ini
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-10 22:49 . 2008-04-10 22:49 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-09 11:20 . 2008-04-09 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-04-05 23:04 . 2008-04-05 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 20:00 . 2008-03-29 20:16 <DIR> d-------- C:\Program Files\NCH Software
2008-03-29 20:00 . 2008-03-29 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-03-29 18:23 . 2008-03-29 21:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-03-29 17:55 . 2008-03-29 18:06 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-29 12:39 . 2008-03-29 12:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
2008-03-29 12:39 . 2008-03-29 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
2008-03-29 12:38 . 2008-04-07 20:31 <DIR> d-------- C:\Program Files\sai-eng-1.0.1
2008-03-26 22:45 . 2008-03-26 22:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 14:50 . 2008-03-26 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 14:41 . 2008-03-26 14:41 <DIR> d-------- C:\Deckard
2008-03-20 17:33 . 2008-03-20 17:33 <DIR> d-------- C:\Program Files\Hamachi
2008-03-20 17:33 . 2008-04-07 16:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-20 17:33 . 2008-03-20 17:33 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-17 17:18 . 2008-03-17 17:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-03-16 23:20 . 2008-03-16 23:20 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-16 23:17 . 2008-03-16 23:20 <DIR> d-------- C:\Program Files\Logitech
2008-03-16 23:17 . 2008-03-16 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 23:14 . 2008-03-16 23:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-15 17:05 . 2008-04-11 18:22 <DIR> d-------- C:\Program Files\StepMania
2008-03-13 15:59 . 2008-03-13 15:59 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-13 15:59 . 2008-03-13 16:00 <DIR> d-------- C:\Program Files\Macromedia
2008-03-13 15:59 . 2008-03-13 16:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 04:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\WTablet
2008-04-12 04:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-11 05:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 07:21 --------- d-----w C:\Program Files\Soulseek
2008-04-06 01:53 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 18:53 --------- d-----w C:\Program Files\Maxthon
2008-03-30 03:59 --------- d-----w C:\Program Files\Gabest
2008-03-29 03:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-03-27 05:30 --------- d-----w C:\Program Files\Opera
2008-03-27 05:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 06:24 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-17 06:24 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-03-17 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 00:21 --------- d-----w C:\Program Files\Java
2008-02-27 00:19 --------- d-----w C:\Program Files\Common Files\Java
2008-02-23 20:21 --------- d-----w C:\Program Files\Bethesda Softworks
2008-02-23 18:46 --------- d-----w C:\Program Files\Common Files\Real
2008-02-22 03:00 --------- d-----w C:\Program Files\DivX
2008-02-22 00:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-22 00:28 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-22 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 23:14 --------- d-----w C:\Program Files\MSECache
2008-02-21 23:06 --------- d-----w C:\Program Files\Kutchka
2008-02-21 23:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Kutchka
2008-02-21 23:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 03:39 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-02-16 03:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-15 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-14 03:57 --------- d-----w C:\Program Files\SoundSpectrum
2008-02-13 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-13 00:10 --------- d-----w C:\Program Files\GALA-NET
2008-02-05 05:37 130,048 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-12 00:54 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-12 00:54 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-12 00:39 70,656 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-01-12 00:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-01-12 00:39 35,840 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-01-12 00:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bffa4bda-ad9e-48d4-8688-e384b39160be}]
C:\WINDOWS\system32\ivhgcixq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 05:20 122940]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"P17Helper"="P17.dll" [2004-06-10 09:51 60928 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 17:25 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 17:26 780312]
"BMd3379fb5"="C:\WINDOWS\system32\psnsfhoe.dll" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-04 22:26:59 1976056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-16 23:20:23 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusppo]
vtusppo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d004ac29]
C:\WINDOWS\system32\omwdmiww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-11 17:25 505368 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-11 17:26 780312 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-26 22:00 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2002-03-12 23:18 32768 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-11 17:54 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\MSN Messenger\\Live Messenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Maxthon\\Maxthon.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 14:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 12:55]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 22:48:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 22:55:18
ComboFix-quarantined-files.txt 2008-04-12 05:55:06
Pre-Run: 59,927,658,496 bytes free
Post-Run: 59,970,793,472 bytes free
.
2008-04-12 05:44:56 --- E O F ---
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP