Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus icons on desktop [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#16
copperheadretro

copperheadretro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
This is my account
-Only account on PC
-Admin

"Task Manager has been disabled by Administrator"

Has only occured since the virus infection out break.

Edited by copperheadretro, 29 April 2008 - 12:30 PM.

  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is strange. What I would like to do is re-run a new version of combofix and see what that can tell me

Please download ComboFix from Here or Here to your Desktop.

Combofix when you run it on Vista may take up to two minutes to initialise

Prior to running Combofix Right Click the Avast Icon and select Program Settings
Then select Trouble shooting
Within the settings place a tick alongside Disable Avast self defence module
Click OKFinally Right click the Avast Icon and select Stop on access protection


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#18
copperheadretro

copperheadretro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Prior to running Combofix Right Click the Avast Icon and select Program Settings
Then select Trouble shooting
Within the settings place a tick alongside Disable Avast self defence module
Click OKFinally Right click the Avast Icon and select Stop on access protection

I do not have that option,
-delay loading...
-Full screen apps...

Shall i proceed with CF anyway?
:EDIT
Before this virus outbreak i also had this problem..
http://www.xraygamin...mp;d=1207937079
http://www.xraygamin...mp;d=1207937003

That would happen on a lot of installs but not all of them, again im the only admin/user acc on my pc and i have previously installed that on my pc

Edited by copperheadretro, 29 April 2008 - 12:51 PM.

  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you do not have the latest version of Avast ( I would recommend updating as soon as we finish )

Please run the combofix scan now

I cannot access the links as I have not registered at that site, what is the gist of those problems ?
  • 0

#20
copperheadretro

copperheadretro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Will scan now


****

'Warning 1909 verify the shortcut exists.....'

'could not open key:UNKNOWn\lNETcTLS.lNET.1\CLSID verifiy you have sufficient access to that key'


**************
Awesome can open task manager now :)
**************
ComboFix 08-04-26.5 - joe 2008-04-29 19:57:41.3 - NTFSx86
Running from: D:\Documents and Settings\joe\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-27 17:23 . 2008-04-27 17:23 <DIR> d-------- D:\Documents and Settings\joe\Application Data\Malwarebytes
2008-04-27 12:19 . 2008-04-29 19:59 815,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 12:19 . 2008-04-29 19:01 10,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 11:57 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56 . 2008-04-27 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 11:55 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 11:55 . 2008-04-27 11:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:54 . 2008-04-27 11:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 11:53 . 2008-04-29 19:56 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22 . 2008-04-27 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-26 21:21 . 2008-04-26 21:21 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-22 23:29 . 2008-04-22 23:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Program Files\Trapcode
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Presets
2008-04-18 23:15 . 2008-04-19 00:33 36,868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-14 22:24 . 2008-04-14 22:25 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 20:29 . 2008-04-09 18:54 10,431,488 --a------ C:\xac(2).msi
2008-04-09 19:29 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29 . 2008-04-09 19:29 <DIR> d-------- D:\Documents and Settings\Administrator
2008-04-09 19:29 . 2008-04-29 19:57 1,024 --ah----- D:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 01:18 . 2008-04-09 01:18 22,328 --a------ D:\Documents and Settings\joe\Application Data\PnkBstrK.sys
2008-04-09 01:18 . 2008-04-09 01:18 319 --a------ C:\WINDOWS\game.ini
2008-04-09 01:07 . 2008-04-09 01:07 <DIR> d-------- C:\Program Files\Activision
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20 . 2008-04-08 23:20 <DIR> d-------- C:\Program Files\PowerISO
2008-04-05 11:37 . 2008-04-05 11:37 <DIR> d-------- D:\Documents and Settings\joe\Application Data\DAEMON Tools
2008-04-04 16:33 . 2008-04-04 16:33 <DIR> d-------- D:\Documents and Settings\joe\Application Data\NASA
2008-03-30 09:12 . 2008-02-01 01:27 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll.BAK
2008-03-30 09:12 . 2008-02-01 02:14 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll.BAK
2008-03-30 09:12 . 2008-02-05 22:46 189,440 --a------ C:\WINDOWS\system32\Final.effects.complete.5.0_Crk.exe
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-03-30 09:07 . 2008-03-30 09:13 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07 . 2008-03-30 09:13 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 03:37 . 2008-04-27 03:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-30 03:37 . 2008-04-27 03:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-30 03:33 . 2008-03-30 03:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-29 13:58 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 18:56 --------- d-----w D:\Documents and Settings\joe\Application Data\Xfire
2008-04-29 18:03 --------- d-----w C:\Program Files\Steam12
2008-04-27 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 09:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 19:28 --------- d-----w C:\Program Files\DivX
2008-04-10 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 00:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 20:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-29 11:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 21:41 --------- d-----w C:\Program Files\VisualJockey Gold SP1
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-13 00:22 --------- d-----w D:\Documents and Settings\joe\Application Data\Ventrilo
2008-03-10 07:47 5,436 -c--a-w D:\Documents and Settings\joe\Application Data\wklnhst.dat
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-04 22:46 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
.

((((((((((((((((((((((((((((( [email protected]_15.41.21.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 14:20:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 18:02:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 18:02:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TRACTION In-Game Radio Player"="C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk" [2008-02-20 17:55 835]
"Steam"="c:\program files\steam12\steam.exe" [2008-03-28 03:34 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36 36975]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"razer"="D:\razerhid.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.LAGS"= lagarith.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\movies\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland1\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 22:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-29 18:30:00 C:\WINDOWS\Tasks\Setup my PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:59:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\5702b4bh]
"ImagePath"="\??\D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e"
.
Completion time: 2008-04-29 20:00:43
ComboFix-quarantined-files.txt 2008-04-29 19:00:38
ComboFix2.txt 2008-04-27 14:42:08

Pre-Run: 2,218,954,752 bytes free
Post-Run: 2,196,496,384 bytes free

212 --- E O F --- 2008-04-12 03:44:36


Noticed some problems already.
When i open the search option the window comes up but it doesnt fully load...
Also i see i have a bearshare exe there which i had no idea about and it isnt showing up in my program files (Reason i opened up to search for it)

Edited by copperheadretro, 29 April 2008 - 01:14 PM.

  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that warning is stating that the installer cannot create the shortcut as the destination folder does not exist
and further reading would suggest that a poorly constructed registry key (or its name) is absent.

UNKNOWn\lNETcTLS.lNET.1\CLSID verifiy you have sufficient access to that key'
Checking your log now - back in a minute
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see there are two of you now :)

OK there is a hidden element that was not apparent on previous runs and I can find no information about it especially as it is an image path

So I will clear it and see if that helps (OK it will be backed up)

I used combofix as that will reset your task manager - saves me making a reg fix :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e

Folder::
C:\Program Files\BearShare
D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\5702b4bh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Lete me know how that goes
  • 0

#23
copperheadretro

copperheadretro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hehe yeh i nabbed my mums mac as i don't want to be using my PC too much due to security reasons :)

Will run combifix now mate, Some serious karma comming your way

Ok, still cant open search properly *will xshot if you want*

Here are logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:12, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\joe\My Documents\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TRACTION In-Game Radio Player] C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk
O4 - HKCU\..\Run: [Steam] "c:\program files\steam12\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = D:\Documents and Settings\joe\My Documents\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9817 bytes

---------------------------------------------------------------------------------------------------------------------
ComboFix 08-04-26.5 - joe 2008-04-29 20:36:41.4 - NTFSx86
Running from: D:\Documents and Settings\joe\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\joe\Desktop\CFScript.txt

FILE ::
D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-29 20:32 . 2008-04-29 20:32 0 --a------ D:\Documents and Settings\joe\.exe
2008-04-27 17:23 . 2008-04-27 17:23 <DIR> d-------- D:\Documents and Settings\joe\Application Data\Malwarebytes
2008-04-27 12:19 . 2008-04-29 20:42 927,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 12:19 . 2008-04-29 20:38 13,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 11:57 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56 . 2008-04-27 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 11:55 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 11:55 . 2008-04-27 11:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:54 . 2008-04-27 11:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 11:53 . 2008-04-29 20:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22 . 2008-04-27 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-26 21:21 . 2008-04-26 21:21 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-22 23:29 . 2008-04-22 23:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Program Files\Trapcode
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Presets
2008-04-18 23:15 . 2008-04-19 00:33 36,868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-14 22:24 . 2008-04-29 20:16 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 20:29 . 2008-04-09 18:54 10,431,488 --a------ C:\xac(2).msi
2008-04-09 19:29 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29 . 2008-04-09 19:29 <DIR> d-------- D:\Documents and Settings\Administrator
2008-04-09 19:29 . 2008-04-29 19:57 1,024 --ah----- D:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 01:18 . 2008-04-09 01:18 22,328 --a------ D:\Documents and Settings\joe\Application Data\PnkBstrK.sys
2008-04-09 01:18 . 2008-04-09 01:18 319 --a------ C:\WINDOWS\game.ini
2008-04-09 01:07 . 2008-04-09 01:07 <DIR> d-------- C:\Program Files\Activision
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20 . 2008-04-08 23:20 <DIR> d-------- C:\Program Files\PowerISO
2008-04-05 11:37 . 2008-04-05 11:37 <DIR> d-------- D:\Documents and Settings\joe\Application Data\DAEMON Tools
2008-04-04 16:33 . 2008-04-04 16:33 <DIR> d-------- D:\Documents and Settings\joe\Application Data\NASA
2008-03-30 09:12 . 2008-02-01 01:27 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll.BAK
2008-03-30 09:12 . 2008-02-01 02:14 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll.BAK
2008-03-30 09:12 . 2008-02-05 22:46 189,440 --a------ C:\WINDOWS\system32\Final.effects.complete.5.0_Crk.exe
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-03-30 09:07 . 2008-03-30 09:13 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07 . 2008-03-30 09:13 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 03:37 . 2008-04-27 03:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-30 03:37 . 2008-04-27 03:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-30 03:33 . 2008-03-30 03:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-29 13:58 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 19:42 --------- d-----w C:\Program Files\Steam12
2008-04-29 19:33 --------- d-----w D:\Documents and Settings\joe\Application Data\Xfire
2008-04-27 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 09:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-10 19:28 --------- d-----w C:\Program Files\DivX
2008-04-10 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 11:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 21:41 --------- d-----w C:\Program Files\VisualJockey Gold SP1
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-13 00:22 --------- d-----w D:\Documents and Settings\joe\Application Data\Ventrilo
2008-03-10 07:47 5,436 -c--a-w D:\Documents and Settings\joe\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [email protected]_15.41.21.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 14:20:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 19:39:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-27 14:20:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_544.dat
+ 2008-04-29 19:40:01 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-27 11:57 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TRACTION In-Game Radio Player"="C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk" [2008-02-20 17:55 835]
"Steam"="c:\program files\steam12\steam.exe" [2008-03-28 03:34 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36 36975]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"razer"="D:\razerhid.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.LAGS"= lagarith.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\movies\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland1\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 22:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-29 18:30:00 C:\WINDOWS\Tasks\Setup my PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 20:40:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 116

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Documents and Settings\joe\My Documents\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-29 20:46:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 19:46:19
ComboFix2.txt 2008-04-29 19:00:44
ComboFix3.txt 2008-04-27 14:42:08

Pre-Run: 2,216,509,440 bytes free
Post-Run: 2,193,166,336 bytes free

228 --- E O F --- 2008-04-12 03:44:36

Edited by copperheadretro, 29 April 2008 - 01:49 PM.

  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could give me a screenshot of the search problem it may help...

Whilst you are doing that lets update your security

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

THEN

Right click the Avast icon and select updates and then program updates
This will download the 4.8 version which has self defence and a rootkit scanner
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#27
copperheadretro

copperheadretro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey yeah sorry about that had a busy busy workload/exams recently.
Ok updated everything you said <3
Still getting an issue where i cant get search to work properly: Doesnt load up looks like some items have been corrupt kinda stuff.
Another problem is that since i installed zonealarm (Now un-installed) i can't get internet explorer to open up (I use this to get onto mail through my msn) is there a way i can check i haven't disabled its access or how can i make firefox the main internet app?
Hijackthis just for a checkup.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:11, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\joe\My Documents\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Vegas 7.0\vegas70.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [TRACTION In-Game Radio Player] C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk
O4 - HKCU\..\Run: [Steam] "c:\program files\steam12\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = D:\Documents and Settings\joe\My Documents\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9541 bytes

Edited by copperheadretro, 07 May 2008 - 12:28 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again well firstly

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)

You still have remnants of Norton on your system - If you do not use ghost or the firewall element they should be removed. There is a tool to do this http://service1.syma...005033108162039

Ref the IE problem Go to control panel and select default programmes - this will enable you to change them to whatever you wish
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP