Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unstable system, slow net etc. [CLOSED]


  • This topic is locked This topic is locked

#1
sdmayhem

sdmayhem

    Member

  • Member
  • PipPip
  • 33 posts
Well the internet part has been happening for a couple of days now. My desktop icons and various others wont display and that just started happening today. I've also been getting the occasional pop up along with web pages opening really slow (mins at times). I was wondering if anyone could help me with these problems.


Current Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:44 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9638 bytes


If theres anything else that I would need to run please let me know.


Thank You,
SdMayhem
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

  • 0

#3
sdmayhem

sdmayhem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I did all that was instructed but I ran into a couple of problems while downloading combofix which I have described at the end of my MBAM log


saved at 11:24:41 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9474 bytes


Malwarebytes' Anti-Malware 1.12
Database version: 731

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 121599
Time elapsed: 42 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I was not able to download Combofix from the first link(techsupportforum.com) a msg saying c:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\04G90D1W\Combofix[1].exe is not a valid Win32 application
and then from the second link(download.bleepingcomputer.com) it kept telling me it "You cannot rename Combofix as Combofix[1] Please use another name, preferbaly made up of alphanumeric characters"

Thank You,
Sdmayhem
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please save Combofix to your desktop. It looks like you are running it directly from a temp folder which is NOT allowed.
  • 0

#5
sdmayhem

sdmayhem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I'm Terribly sorry for taking so long to respond. To start things off the first dl link for combofix does not work the file will not run the second 1 will and heres the log it provided for me after my system became unstable and i had to restart it 2 times before being able to get it to work.

ComboFix 08-05-11.1 - user 2008-05-12 11:54:27.3 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 10:04 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-08 10:04 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-02 13:46 . 2008-05-02 13:46 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-29 20:02 . 2008-05-01 08:39 256 --a------ C:\WINDOWS\SYSTEM32\pool.bin
2008-04-29 19:49 . 2008-04-29 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-29 19:48 . 2008-04-29 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-29 19:40 . 2008-05-01 08:53 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-29 19:40 . 2008-05-01 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-29 19:30 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
2008-04-29 19:27 . 2008-04-29 19:27 <DIR> d-------- C:\Program Files\Research In Motion
2008-04-29 19:04 . 2008-05-01 08:45 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-04-29 13:21 . 2008-04-29 13:21 <DIR> d-------- C:\Program Files\Audacity
2008-04-27 10:49 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2008-04-27 10:49 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2008-04-27 10:49 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
2008-04-26 09:46 . 2008-04-26 09:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dell
2008-04-23 01:15 . 2008-04-23 01:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-21 17:38 . 2008-04-21 17:38 216 --a------ C:\Temp\DebugTrace-RockallDLL.log
2008-04-21 17:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-04-21 10:50 . 2008-04-21 10:50 <DIR> d-------- C:\Documents and Settings\user\Application Data\ATI
2008-04-21 10:50 . 2008-04-21 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 10:43 . 2008-04-21 10:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 10:32 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\SYSTEM32\ati2sgag.exe
2008-04-21 10:29 . 2008-04-21 10:29 <DIR> d-------- C:\ATI
2008-04-17 06:50 . 2008-05-04 13:37 91 --a------ C:\WINDOWS\brmx2001.ini
2008-04-17 06:50 . 2008-04-17 06:50 40 --a------ C:\WINDOWS\opt_2460.ini
2008-04-17 06:32 . 2008-04-17 06:33 <DIR> d-------- C:\Program Files\Brother
2008-04-17 06:32 . 2008-04-17 06:32 <DIR> d-------- C:\Brother

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 18:52 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-05-11 08:49 --------- d-----w C:\Program Files\AquariaDemo
2008-05-01 15:53 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-27 17:41 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-27 01:14 --------- d-----w C:\Program Files\PokerStars
2008-04-26 16:46 --------- d-----w C:\Program Files\Dell
2008-04-22 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 00:15 --------- d-----w C:\Program Files\Microsoft Games
2008-04-21 17:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-17 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-16 19:48 --------- d-----w C:\Program Files\Incomplete
2008-04-16 19:41 --------- d-----w C:\Program Files\LimeWire
2008-04-07 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-07 21:41 --------- d-----w C:\Program Files\GameTap
2008-04-07 21:39 --------- d-----w C:\Documents and Settings\user\Application Data\InstallShield
2008-04-03 06:59 --------- d-----w C:\Program Files\Last.fm
2008-04-02 20:55 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic
2008-04-01 03:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-30 02:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 02:55 --------- d-----w C:\Program Files\Windows Live
2008-03-30 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\SYSTEM32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\SYSTEM32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\SYSTEM32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\SYSTEM32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\SYSTEM32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\SYSTEM32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\SYSTEM32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\SYSTEM32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\SYSTEM32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\SYSTEM32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\SYSTEM32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
2008-03-28 21:17 --------- d-----w C:\Program Files\Kiran's Typing Tutor
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-18 16:01 --------- d-----w C:\Program Files\Java
2008-03-16 23:33 --------- d-----w C:\Documents and Settings\user\Application Data\Sierra Online
2008-03-16 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sierra Online
2008-03-16 03:21 --------- d-----w C:\Program Files\HP Games
2008-03-14 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-13 16:23 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-04 19:33 7,680 ----a-w C:\WINDOWS\SYSTEM32\ff_vfw.dll
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2004-05-29 00:48 154,112 ----a-w C:\WINDOWS\INF\MA111v2\MA111v2.sys
2004-03-12 23:33 212,992 ----a-w C:\WINDOWS\INF\MA111v2\CopyWHQLDriver.exe
2004-03-08 22:51 49,152 ----a-w C:\WINDOWS\INF\MA111v2\SiSWBase.dll
2004-03-08 22:51 237,568 ----a-w C:\WINDOWS\INF\MA111v2\SiSWPars.dll
2004-03-08 22:51 155,648 ----a-w C:\WINDOWS\INF\MA111v2\SiSWInst.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 14:25 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 11:34 1481968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52 339968]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 00:01 86016]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 12:59 73728]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 23:32 473920]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-05 21:08 185896]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-05-28 17:53:34 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126044578\\ee\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]

*Newly Created Service* - CATCHME
*Newly Created Service* - NAVENG
*Newly Created Service* - NAVEX15
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 11:57:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-05-12 12:02:07
ComboFix-quarantined-files.txt 2008-05-12 19:01:35
ComboFix2.txt 2008-02-12 17:48:55

Pre-Run: 8,891,613,184 bytes free
Post-Run: 9,226,776,576 bytes free

193 --- E O F --- 2008-05-02 20:46:41



Heres a current hijackthis log also

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:42 AM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9791 bytes



Thank You,
SDmayhem
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Can you also post C:\ComboFix2.txt here? I want to see what it removed the first time it was run before they system became unstable and caused you to run it two more times....

Uninstall Viewpoint via the Add/Remove Programs panel.

For the below two files, I want you to double-click on each of them to open them in Notepad. Copy and paste the entire contents of both files in your next reply:

C:\WINDOWS\brmx2001.ini
C:\WINDOWS\opt_2460.ini


Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Is the computer still having problems?
  • 0

#7
sdmayhem

sdmayhem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Combofix2.txt


ComboFix 08-02-12.1 - user 2008-02-12 9:45:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.253 [GMT -8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\iWin
C:\Program Files\Dot1XCfg
C:\Temp\cXzz9
C:\Temp\Ryuan1
C:\WINDOWS\SYSTEM32\edcA01

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-08 13:01 . 2008-02-08 12:59 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-08 13:01 . 2008-02-08 13:01 3,439 --a------ C:\WINDOWS\unins000.dat
2008-02-07 18:38 . 2008-02-07 18:38 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-02-07 18:19 . 2008-02-07 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 18:10 . 2008-02-07 18:10 <DIR> d-------- C:\VundoFix Backups
2008-01-31 15:11 . 2008-02-08 09:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-29 11:50 . 2008-01-29 11:50 <DIR> d-------- C:\Program Files\Veoh Networks
2008-01-27 18:04 . 2008-01-27 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-27 01:31 . 2008-01-27 01:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\44424643474A4
2008-01-22 22:22 . 2008-01-22 22:22 <DIR> d-------- C:\Documents and Settings\user\Application Data\Gamelab
2008-01-19 12:08 . 2008-02-12 09:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:08 . 2008-01-19 12:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 22:56 . 2008-01-18 22:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Grisoft
2008-01-18 22:22 . 2008-01-18 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 20:57 . 2008-01-27 20:34 235 --a------ C:\WINDOWS\wininit.ini
2008-01-15 19:27 . 2008-01-15 19:27 <DIR> d-------- C:\Documents and Settings\user\Application Data\Jane s Hotel
2008-01-13 00:05 . 2008-01-13 00:05 <DIR> d-------- C:\Program Files\iPod
2008-01-13 00:04 . 2008-01-13 00:05 <DIR> d-------- C:\Program Files\iTunes
2008-01-13 00:01 . 2008-01-13 00:01 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-01-13 00:01 . 2008-01-13 00:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-13 00:00 . 2008-01-13 00:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-13 00:00 . 2008-01-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-12 20:56 . 2008-02-12 09:45 <DIR> d-------- C:\Temp
2008-01-12 18:30 . 2008-01-12 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 17:39 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-02-08 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 21:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 20:57 --------- d-----w C:\Program Files\NavNT
2008-01-29 23:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-29 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 05:51 --------- d-----w C:\Program Files\Valve
2008-01-23 15:12 --------- d-----w C:\Program Files\Shockwave.com
2008-01-23 06:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 20:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 16:58 --------- d-----w C:\Program Files\Incomplete
2008-01-19 16:56 --------- d-----w C:\Program Files\LimeWire
2008-01-19 06:26 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-01-13 08:03 --------- d-----w C:\Program Files\QuickTime
2008-01-13 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 19:28 --------- d-----w C:\Documents and Settings\user\Application Data\DivX
2008-01-11 19:17 --------- d-----w C:\Program Files\DivX
2008-01-07 01:18 --------- d-----w C:\Documents and Settings\user\Application Data\Pirateville
2008-01-06 04:09 --------- d-----w C:\Program Files\Real
2008-01-06 04:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-06 04:08 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2008-01-06 04:08 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-06 04:08 --------- d-----w C:\Program Files\Common Files\Real
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-01-03 09:02 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2008-01-03 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-01 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-01 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-01 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-30 23:13 --------- d-----w C:\Documents and Settings\user\Application Data\Home Sweet Home
2007-12-30 08:28 --------- d-----w C:\Program Files\Codemasters
2007-12-27 23:54 --------- d-----w C:\Documents and Settings\user\Application Data\Move Networks
2007-12-27 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-12 02:43 --------- d-----w C:\Program Files\Google
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\SYSTEM32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2004-05-29 00:48 154,112 ----a-w C:\WINDOWS\INF\MA111v2\MA111v2.sys
2004-03-12 23:33 212,992 ----a-w C:\WINDOWS\INF\MA111v2\CopyWHQLDriver.exe
2004-03-08 22:51 49,152 ----a-w C:\WINDOWS\INF\MA111v2\SiSWBase.dll
2004-03-08 22:51 237,568 ----a-w C:\WINDOWS\INF\MA111v2\SiSWPars.dll
2004-03-08 22:51 155,648 ----a-w C:\WINDOWS\INF\MA111v2\SiSWInst.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\SYSTEM32\44424643474A4 ----

2008-01-31 22:23 13988 --a------ C:\WINDOWS\SYSTEM32\44424643474A4\05030704080B0


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 13:25 68856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-23 12:23 3497984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 10:52 339968]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-14 23:01 86016]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 06:50 53248]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 11:59 73728]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 22:32 473920]
"HostManager"="C:\Program Files\Common Files\AOL\1126044578\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-05 20:08 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 11:32:10 327680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-05-28 16:53:34 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 09:48:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-02-12 9:48:54
ComboFix-quarantined-files.txt 2008-02-12 17:48:37
ComboFix2.txt 2008-02-12 01:50:47
.
2008-02-01 06:34:56 --- E O F ---




C:\WINDOWS\brmx2001.ini

[:BRMX2000:]
Port=\\GORDON-OFFICE\Printer4
Printer=Auto Brother PC-FAX on GORDON-OFFICE



C:\WINDOWS\opt_2460.ini

[MACROS]
IDLIST0=0
[MACROCONFIG]
0=


Panda Scan

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-14 22:14:05
PROTECTIONS: 2
MALWARE: 4
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Symantec Antivirus Corporate Edition 7.6 No Yes
Norton Antivirus Edition 7.5 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\JewelQuestSolitaireGrab-dm[1].exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\CakeMania2Grab-dm[1].exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\TurboPizzaGrab-dm[1].exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\user\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02904593 Adware/Trymedia Adware No 0 Yes No C:\Documents and Settings\All Users\Desktop\Downloads\JewelOfAtlantisSetup-dm[1].exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\Documents and Settings\All Users\Desktop\Downloads\DinerDashSetup-dm[1].exe
02904593 Adware/Trymedia Adware No 0 Yes No C:\Documents and Settings\All Users\Desktop\Downloads\Cute_Knight-v1_0-dm[1].exe
02965684 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\ijji\ENGLISH\XStream.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location q
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description q
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


Thats all that came up in the notepad
When I ran combofix the first 2 times it just didnt run it stated that it was not a windows file or something along those lines. I had
to restart my system twice after combofix finally ran thru the second DL link so really it became more unstable after combofix ran on my computer.
So far my computer is running slower and it freezes up with more then 2 pages open it freezes and it takes mins at a time for 1 of the pages to close but I'm sure its mainly due to the viruses I currently have on here.


Thank You,
Sdmayhem
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.
  • 0

#9
sdmayhem

sdmayhem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 16, 2008 5:05:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 779339
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 81684
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:20:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Desktop\Downloads\Cute_Knight-v1_0-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\All Users\Desktop\Downloads\DinerDashSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\All Users\Desktop\Downloads\JewelOfAtlantisSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-16-2008( 7-55-17 ).LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF7293.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFF7BF.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Downloads\CakeMania2Grab-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\JewelQuestSolitaireGrab-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\TurboPizzaGrab-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Thank You,
Sdmayhem
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if this helps. We will disable a bunch of startup programs...

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Downloads\JewelQuestSolitaireGrab-dm[1].exe
C:\Downloads\CakeMania2Grab-dm[1].exe
C:\Downloads\TurboPizzaGrab-dm[1].exe
C:\Documents and Settings\All Users\Desktop\Downloads\JewelOfAtlantisSetup-dm[1].exe
C:\Documents and Settings\All Users\Desktop\Downloads\DinerDashSetup-dm[1].exe
C:\Documents and Settings\All Users\Desktop\Downloads\Cute_Knight-v1_0-dm[1].exe
C:\ijji\ENGLISH\XStream.dll


Restart the computer and run Combofix again. Post the log here along with a new HijackThis log.

Any better now?
  • 0

#11
sdmayhem

sdmayhem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
K so far so good most things are running smooth again the only big problems I am having is the fact that my internet takes forever to start up but I will probably be using firefox from now on. whenever I open any programs they take anywhere from 10seconds - 1 minute to initialize but so far I am really greatful for all the help you have been able to supply.

Combofix Log


ComboFix 08-05-11.1 - user 2008-05-19 9:08:46.4 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 21:20 . 2008-05-18 21:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 21:20 . 2008-05-18 21:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 00:36 . 2008-05-18 20:38 <DIR> d-------- C:\Program Files\Tales of Pirates Online
2008-05-17 00:26 . 2008-05-17 00:27 <DIR> d-------- C:\Program Files\FlashGet
2008-05-16 14:52 . 2008-05-16 14:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-16 14:52 . 2008-05-16 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 20:09 . 2008-05-14 20:10 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-08 10:04 . 2008-05-08 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 10:04 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-08 10:04 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-02 13:46 . 2008-05-02 13:46 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-29 20:02 . 2008-05-01 08:39 256 --a------ C:\WINDOWS\SYSTEM32\pool.bin
2008-04-29 19:49 . 2008-04-29 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-29 19:48 . 2008-04-29 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-29 19:40 . 2008-05-01 08:53 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-29 19:40 . 2008-05-01 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-29 19:30 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
2008-04-29 19:27 . 2008-04-29 19:27 <DIR> d-------- C:\Program Files\Research In Motion
2008-04-29 19:04 . 2008-05-01 08:45 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-04-29 13:21 . 2008-04-29 13:21 <DIR> d-------- C:\Program Files\Audacity
2008-04-27 10:49 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2008-04-27 10:49 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2008-04-27 10:49 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2008-04-27 10:49 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
2008-04-26 09:46 . 2008-04-26 09:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dell
2008-04-23 01:15 . 2008-04-23 01:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-21 17:38 . 2008-04-21 17:38 216 --a------ C:\Temp\DebugTrace-RockallDLL.log
2008-04-21 17:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-04-21 10:50 . 2008-04-21 10:50 <DIR> d-------- C:\Documents and Settings\user\Application Data\ATI
2008-04-21 10:50 . 2008-04-21 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 10:43 . 2008-04-21 10:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 10:32 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\SYSTEM32\ati2sgag.exe
2008-04-21 10:29 . 2008-04-21 10:29 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 04:35 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-05-15 03:00 --------- d-----w C:\Program Files\Viewpoint
2008-05-15 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-11 08:49 --------- d-----w C:\Program Files\AquariaDemo
2008-05-01 15:53 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-27 17:41 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-27 01:14 --------- d-----w C:\Program Files\PokerStars
2008-04-26 16:46 --------- d-----w C:\Program Files\Dell
2008-04-22 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 00:15 --------- d-----w C:\Program Files\Microsoft Games
2008-04-21 17:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-17 13:33 --------- d-----w C:\Program Files\Brother
2008-04-17 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-16 19:48 --------- d-----w C:\Program Files\Incomplete
2008-04-16 19:41 --------- d-----w C:\Program Files\LimeWire
2008-04-07 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-07 21:41 --------- d-----w C:\Program Files\GameTap
2008-04-07 21:39 --------- d-----w C:\Documents and Settings\user\Application Data\InstallShield
2008-04-03 06:59 --------- d-----w C:\Program Files\Last.fm
2008-04-02 20:55 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic
2008-04-01 03:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-30 02:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 02:55 --------- d-----w C:\Program Files\Windows Live
2008-03-30 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\SYSTEM32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\SYSTEM32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\SYSTEM32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\SYSTEM32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\SYSTEM32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\SYSTEM32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\SYSTEM32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\SYSTEM32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\SYSTEM32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\SYSTEM32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\SYSTEM32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\SYSTEM32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
2008-03-28 21:17 --------- d-----w C:\Program Files\Kiran's Typing Tutor
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-04 19:33 7,680 ----a-w C:\WINDOWS\SYSTEM32\ff_vfw.dll
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2004-05-29 00:48 154,112 ----a-w C:\WINDOWS\INF\MA111v2\MA111v2.sys
2004-03-12 23:33 212,992 ----a-w C:\WINDOWS\INF\MA111v2\CopyWHQLDriver.exe
2004-03-08 22:51 49,152 ----a-w C:\WINDOWS\INF\MA111v2\SiSWBase.dll
2004-03-08 22:51 237,568 ----a-w C:\WINDOWS\INF\MA111v2\SiSWPars.dll
2004-03-08 22:51 155,648 ----a-w C:\WINDOWS\INF\MA111v2\SiSWInst.dll
.

((((((((((((((((((((((((((((( [email protected]_12.01.06.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 16:08:32 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-19 16:03:39 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-03-26 01:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 20:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 14:25 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 11:34 1481968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52 339968]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 12:59 73728]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-05 21:08 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-05-28 17:53:34 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126044578\\ee\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
R3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]

*Newly Created Service* - NAVENG
*Newly Created Service* - NAVEX15
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 09:14:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3536] 0x81C19888

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-05-19 9:19:17
ComboFix-quarantined-files.txt 2008-05-19 16:19:11
ComboFix2.txt 2008-05-12 19:02:08
ComboFix3.txt 2008-02-12 17:48:55

Pre-Run: 5,734,256,640 bytes free
Post-Run: 6,095,982,592 bytes free

190 --- E O F --- 2008-05-02 20:46:41



Hijackthis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:50 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 9118 bytes

I also have a quick question about Hijackthis, is it normal for the program to take up to 1min when scanning the trusted zone enumeration(015) or is it something that I should be concerned about.


Thank You,
Sdmayhem
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall these via the Add/Remove Programs panel if found:

Kaspersky
Panda
Viewpoint
Limewire - I don't recommend using any file sharing programs as they can help contribute to malware


Do you have a lot of sites in the trusted zones? If not, or you don't mind clearing them, you can run the following:

Right click on this link http://www.mvps.org/.../DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP