Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Warning! Spyware detected on your computer! [CLOSED]

Started by daynikz , Jun 30 2008 07:16 AM

  • This topic is locked This topic is locked

#1
daynikz
Posted 30 June 2008 - 07:16 AM

daynikz

    New Member

  • Member
  • Pip
  • 1 posts
Hi i downloaded a codec and my desktop was changed to blue with a little message in the middle stateing warning please download a antivirus or spyware remover and then it changed my screen saver to the blue screen of death. I was also anable to change my screen saver or deskktop theme. I also had loads of pop ups when i went on the internet i ran many anti virus and spyware removers and it was still on here so i was told to run combo fix and it made me a log im just wondering if it has niow been fixed or if i need to do something else please. Im runing Windows Xp sp2 and this is my combofix log.

ComboFix 08-06-20.4 - Nikz 2008-06-30 13:50:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT 1:00]
Running from: C:\Documents and Settings\Nikz\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 13:47 . 2008-06-30 13:47 60,928 --a------ C:\WINDOWS\system32\blphc9s7j0eg65.scr
2008-06-30 13:46 . 2008-06-30 13:46 90,838 --a------ C:\WINDOWS\system32\phc9s7j0eg65.bmp
2008-06-29 20:36 . 2008-06-29 20:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-29 20:36 . 2008-06-29 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 19:43 . 2008-06-30 13:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-29 19:30 . 2008-06-29 19:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-29 19:30 . 2008-06-29 19:30 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-29 19:30 . 2008-06-29 19:30 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 19:29 . 2008-06-29 19:29 <DIR> d-------- C:\Program Files\AVG
2008-06-29 19:29 . 2008-06-29 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-29 15:48 . 2008-06-29 15:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 15:48 . 2008-06-29 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 15:41 . 2008-06-29 15:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 15:41 . 2008-06-29 15:41 <DIR> d-------- C:\Documents and Settings\Nikz\Application Data\SUPERAntiSpyware.com
2008-06-29 15:41 . 2008-06-29 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 15:19 . 2008-06-29 15:19 33,832 --a------ C:\WINDOWS\system32\wcgninph.exe
2008-06-29 15:18 . 2008-06-29 15:18 109,056 --a------ C:\WINDOWS\system32\lphc9s7j0eg65.exe
2008-06-23 20:42 . 2008-06-23 20:42 <DIR> d-------- C:\Program Files\Free Video Zilla
2008-06-23 19:58 . 2008-06-23 19:58 <DIR> d-------- C:\Program Files\Moyea
2008-06-23 19:58 . 2008-06-23 19:58 <DIR> d-------- C:\Documents and Settings\Nikz\Application Data\Moyea
2008-06-15 14:20 . 2008-06-15 14:20 <DIR> d-------- C:\Documents and Settings\Nikz\Application Data\Betfair
2008-06-12 03:24 . 2008-06-12 03:24 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 11:59 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 21:29 . 2008-06-08 21:29 <DIR> d-------- C:\EurobetRaceInstallation
2008-06-04 21:51 . 2008-06-04 21:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-04 21:51 . 2008-06-04 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-02 11:41 . 2008-06-02 11:41 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-02 01:04 . 2008-06-29 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-01 23:32 . 2008-06-02 01:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-30 12:30 . 2008-05-30 12:30 <DIR> d-------- C:\Program Files\Sports Interactive
2008-05-29 20:17 . 2008-05-29 20:18 <DIR> d-------- C:\Program Files\FM Modifier 2.2
2008-05-29 15:39 . 2008-05-29 15:39 <DIR> d-------- C:\Program Files\Fifa Master
2008-05-29 15:19 . 2008-05-29 15:19 <DIR> d-------- C:\Program Files\New Folder
2008-05-26 14:20 . 2008-05-26 14:20 <DIR> dr-h----- C:\Documents and Settings\Nikz\Application Data\SecuROM
2008-05-26 14:18 . 2008-05-26 14:18 <DIR> d-------- C:\Program Files\GameShadow
2008-05-26 14:18 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-26 14:18 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-26 14:18 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-05-26 14:18 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-05-26 14:18 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-05-26 14:18 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-05-26 14:18 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-26 14:17 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-26 14:17 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-26 14:17 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-05-26 14:17 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-26 14:17 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-26 14:15 . 2008-05-26 14:15 <DIR> d-------- C:\Program Files\Eidos
2008-05-26 04:23 . 2008-06-29 22:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 04:23 . 2008-05-26 04:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-26 04:22 . 2008-05-26 04:22 <DIR> d-------- C:\Program Files\wings3d_0.99.00b
2008-05-26 02:14 . 2008-05-26 02:14 <DIR> d-------- C:\Documents and Settings\Nikz\Application Data\Wings3D
2008-05-25 23:19 . 2008-05-25 23:19 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-25 23:19 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-05-25 23:19 . 2008-06-23 18:43 9,615 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-04 15:11 . 2008-05-04 15:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-01 23:50 . 2008-06-29 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-01 23:49 . 2008-05-01 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 21:50 90,432 ----a-w C:\Documents and Settings\Nikz\Application Data\GDIPFONTCACHEV1.DAT
2008-06-29 20:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-29 19:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-23 01:45 --------- d-----w C:\Documents and Settings\Nikz\Application Data\SecondLife
2008-06-15 21:05 --------- d-----w C:\Program Files\Poker.com
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 12:11 --------- d-----w C:\Documents and Settings\Nikz\Application Data\AdobeUM
2008-05-29 17:31 --------- d-----w C:\Documents and Settings\Nikz\Application Data\Sports Interactive
2008-05-26 13:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 22:47 --------- d-----w C:\Program Files\BitComet
2008-05-25 22:20 --------- d-----w C:\Program Files\QuickTime
2008-05-22 12:41 --------- d-----w C:\Program Files\AIM6
2008-05-22 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-22 12:40 --------- d-----w C:\Program Files\Viewpoint
2008-05-22 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-22 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-18 18:13 129,337 ----a-w C:\WINDOWS\Fonts\selfish.zip
2008-05-18 17:38 30,698 ----a-w C:\WINDOWS\Fonts\adine_kirnberg.zip
2008-05-18 17:36 86,494 ----a-w C:\WINDOWS\Fonts\gabrielle.zip
2008-05-18 17:36 28,265 ----a-w C:\WINDOWS\Fonts\adorable.zip
2008-05-18 17:36 26,705 ----a-w C:\WINDOWS\Fonts\old_script.zip
2008-05-18 17:35 47,319 ----a-w C:\WINDOWS\Fonts\renaissance.zip
2008-05-18 17:35 38,795 ----a-w C:\WINDOWS\Fonts\english.zip
2008-05-18 17:32 52,758 ----a-w C:\WINDOWS\Fonts\today.zip
2008-05-17 17:19 --------- d-----w C:\Program Files\DivX
2008-05-17 17:18 --------- d-----w C:\Program Files\SopCast
2008-05-14 14:16 504 ----a-w C:\WINDOWS\Fonts\Readme.txt
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-12 20:57 102,400 ----a-w C:\WINDOWS\DUMP7bd7.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 10:52 31,619 --sh--r C:\WINDOWS\system32\avpo0.dll
2008-03-19 12:55 99,735 ----a-w C:\WINDOWS\system32\help.exe.tmp
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 19:45 102,400 ----a-w C:\WINDOWS\DUMPca83.tmp
2008-01-15 18:53 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-04-26 14:03 24,192 ----a-w C:\Documents and Settings\Nikz\usbsermptxp.sys
2007-04-26 14:03 22,768 ----a-w C:\Documents and Settings\Nikz\usbsermpt.sys
2000-07-26 13:31 61,440 -c--a-w C:\Program Files\msado20.tlb
1998-05-14 23:00 73,184 -c--a-w C:\Program Files\DAO2535.TLB
2007-11-01 15:32 80 --sh--r C:\WINDOWS\system32\3C8C0E8167.dll
2008-01-10 21:10 54,784 --sh--r C:\WINDOWS\system32\amvo4.dll
2008-03-20 10:52 31,619 --sh--r C:\WINDOWS\system32\avpo0.dll
2007-12-07 15:46 31,619 --sh--r C:\WINDOWS\system32\avpo2.dll
.

------- Sigcheck -------

2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-27 14:53 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-30_13.37.10.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 20:36:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 12:45:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{843DAEB1-A153-4F65-8475-0B53A505931C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 16:12 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-25 23:20 98304]
"lphc9s7j0eg65"="C:\WINDOWS\system32\lphc9s7j0eg65.exe" [2008-06-29 15:18 109056]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-29 19:29 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {C4FFDD48-FB2F-4DB6-9C96-365C92357A4C} - C:\WINDOWS\pntqkflv.dll [ ]
"qegbdmwf"= {D2011468-9792-48EA-92C1-92AD0DBBDB03} - C:\WINDOWS\qegbdmwf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkhFvT]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Venturi 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Venturi 2.lnk
backup=C:\WINDOWS\pss\Venturi 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikz^Start Menu^Programs^Startup^PPS.lnk]
path=C:\Documents and Settings\Nikz\Start Menu\Programs\Startup\PPS.lnk
backup=C:\WINDOWS\pss\PPS.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 17:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]
C:\WINDOWS\system32\avpo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 07:15 102400 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eastenders Screenmate]
C:\Program Files\Eastenders Screenmates\SM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 15:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-23 13:08 147456 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 15:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 15:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-25 23:20 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2006-08-23 21:08 16050688 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2005-11-17 10:51 975360 C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-18 16:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-06-16 17:22 794713 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Forum Poster]
C:\Program Files\Universal Forum Poster\Universal Forum Poster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\SecondLifeWindLight\\SLVoice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\PPMate\\ppmate.exe"=
"C:\\Program Files\\PPMate\\ppmnet.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14021:TCP"= 14021:TCP:BitComet 14021 TCP
"14021:UDP"= 14021:UDP:BitComet 14021 UDP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 19:30]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 19:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
S2 123;123;C:\WINDOWS\RemoteAbc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3792d8-8d86-11dc-b0ca-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3792d9-8d86-11dc-b0ca-001060fb9f7a}]
\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26682a80-ae30-11da-9f20-001060fb9f7a}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5024e40e-ad99-11dc-b0f8-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5024e40f-ad99-11dc-b0f8-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533c0324-f30f-11db-9fa9-001060fb9f7a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dead7cc-f4af-11db-9fb7-001060fb9f7a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dec01ec-f9b8-11db-af30-001060fb9f7a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67867ba0-cda7-11dc-b14a-001060fb9f7a}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - E:\utdetect.com
\Shell\open\Command - E:\utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40303c8-ae3d-11da-9f22-001060fb9f7a}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86d0492-151b-11dc-afcd-001060fb9f7a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86d0493-151b-11dc-afcd-001060fb9f7a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb868a06-77d9-11dc-b08e-001060fb9f7a}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb868a07-77d9-11dc-b08e-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee3504e4-783d-11dc-b08f-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee3504e5-783d-11dc-b08f-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd99ae40-c6c0-11dc-b13c-001060fb9f7a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 13:23:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-30 12:49:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-29 18:10:12 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 13:54:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-30 13:57:58
ComboFix-quarantined-files.txt 2008-06-30 12:56:53
ComboFix2.txt 2008-06-30 12:37:52

Pre-Run: 8,113,147,904 bytes free
Post-Run: 8,088,735,744 bytes free

363 --- E O F --- 2008-06-21 02:01:08

I have now run combofix twice because when i restart it returns to the blue screen with the message in the middle as my desktoip theme and the blue screen of death comes back as my screen saver

Edited by daynikz, 30 June 2008 - 08:19 AM.

  • 0

Advertisements

#2
greyknight17
Posted 30 June 2008 - 06:41 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
123
File::
C:\WINDOWS\system32\blphc9s7j0eg65.scr
C:\WINDOWS\system32\phc9s7j0eg65.bmp
C:\WINDOWS\system32\wcgninph.exe
C:\WINDOWS\system32\lphc9s7j0eg65.exe
C:\WINDOWS\Fonts\selfish.zip
C:\WINDOWS\Fonts\adine_kirnberg.zip
C:\WINDOWS\Fonts\gabrielle.zip
C:\WINDOWS\Fonts\adorable.zip
C:\WINDOWS\Fonts\old_script.zip
C:\WINDOWS\Fonts\renaissance.zip
C:\WINDOWS\Fonts\english.zip
C:\WINDOWS\Fonts\today.zip
C:\WINDOWS\DUMP7bd7.tmp
C:\WINDOWS\system32\help.exe.tmp
C:\WINDOWS\DUMPca83.tmp
C:\WINDOWS\system32\amvo4.dll
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo2.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\avpo.exe
Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Kontiki\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{843DAEB1-A153-4F65-8475-0B53A505931C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc9s7j0eg65"=-
"4oD"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"=-
"qegbdmwf"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkhFvT]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
greyknight17
Posted 04 July 2008 - 01:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP