Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

addware/trojan [RESOLVED]

Started by SatanicSarahX , Aug 27 2008 05:57 AM

  • This topic is locked This topic is locked

#1
SatanicSarahX
Posted 27 August 2008 - 05:57 AM

SatanicSarahX

    Member

  • Member
  • PipPip
  • 85 posts
there are a ton of popups
slow peformance
i cant acces system restore and anything in my start menu or even in my computer.




here is a hijack this log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\MSA\MSA.exe
C:\Documents and Settings\Sarah\Local Settings\Temp\.tt4BC.tmp.exe
C:\Windows\System32\VIE7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\Sarah\LOCALS~1\Temp\a..exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Sarah\LOCALS~1\Temp\c.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\Sarah\LOCALS~1\Temp\Rar$EX01.406\Norton 360 v2.1.0.5 + Key Generator\Keygen\keygen.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCUW.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [\VIE4B2.exe] C:\Windows\System32\VIE4B2.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [inrhccosj0e32l] C:\Documents and Settings\Sarah\Local Settings\Temp\.tt4BC.tmp.exe
O4 - HKLM\..\Run: [\VIE4C2.exe] C:\Windows\System32\VIE4C2.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Sarah\LOCALS~1\Temp\a..exe
O4 - HKCU\..\Run: [\VIE4B0.exe] C:\Windows\System32\VIE4B0.exe
O4 - HKCU\..\Run: [\VIE4B1.exe] C:\Windows\System32\VIE4B1.exe
O4 - HKCU\..\Run: [\VIE4B2.exe] C:\Windows\System32\VIE4B2.exe
O4 - HKCU\..\Run: [\VIE4B3.exe] C:\Windows\System32\VIE4B3.exe
O4 - HKCU\..\Run: [\VIE4C2.exe] C:\Windows\System32\VIE4C2.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKCU\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218613219343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218635530421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: pdoskegl - {56C1DE9A-8DBC-456C-AB67-65FE30A97765} - C:\WINDOWS\pdoskegl.dll (file missing)
O21 - SSODL: rqbmvpso - {65FCEAE5-E260-40EB-84E1-63D24CC369ED} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9810 bytes
  • 0

Advertisements

#2
Essexboy
Posted 27 August 2008 - 06:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then lets get you cleaned up.. This is a long fix so I would recommend copying to a text file for reference

THis is where you were infected as you have a cracked copy of Norton C:\DOCUME~1\Sarah\LOCALS~1\Temp\Rar$EX01.406\Norton 360 v2.1.0.5 + Key Generator\Keygen\keygen.exe This is illegal... Uninstall it and install one of the many free antivirus products

Avast
Avira

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [\VIE4B2.exe] C:\Windows\System32\VIE4B2.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [inrhccosj0e32l] C:\Documents and Settings\Sarah\Local Settings\Temp\.tt4BC.tmp.exe
O4 - HKLM\..\Run: [\VIE4C2.exe] C:\Windows\System32\VIE4C2.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Sarah\LOCALS~1\Temp\a..exe
O4 - HKCU\..\Run: [\VIE4B0.exe] C:\Windows\System32\VIE4B0.exe
O4 - HKCU\..\Run: [\VIE4B1.exe] C:\Windows\System32\VIE4B1.exe
O4 - HKCU\..\Run: [\VIE4B2.exe] C:\Windows\System32\VIE4B2.exe
O4 - HKCU\..\Run: [\VIE4B3.exe] C:\Windows\System32\VIE4B3.exe
O4 - HKCU\..\Run: [\VIE4C2.exe] C:\Windows\System32\VIE4C2.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKCU\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O21 - SSODL: pdoskegl - {56C1DE9A-8DBC-456C-AB67-65FE30A97765} - C:\WINDOWS\pdoskegl.dll (file missing)
O21 - SSODL: rqbmvpso - {65FCEAE5-E260-40EB-84E1-63D24CC369ED} - C:\WINDOWS\rqbmvpso.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\System32\VIE4B2.exe
C:\Program Files\MSA
C:\Documents and Settings\Sarah\Local Settings\Temp\.tt4BC.tmp.exe
C:\Windows\System32\VIE4C2.exe
C:\Windows\System32\VIE1.exe
C:\Windows\System32\VIE7.exe
C:\Windows\System32\VIE9.exe
C:\DOCUME~1\Sarah\LOCALS~1\Temp\a..exe
C:\Windows\System32\VIE4B0.exe
C:\Windows\System32\VIE4B1.exe
C:\Windows\System32\VIE4B2.exe
C:\Windows\System32\VIE4B3.exe
C:\Windows\System32\VIE4C2.exe
C:\Windows\System32\VIE1.exe
C:\Windows\System32\VIE7.exe
C:\Windows\System32\VIE9.exe
C:\WINDOWS\pdoskegl.dll 
C:\WINDOWS\rqbmvpso.dll 
C:\DOCUME~1\Sarah\LOCALS~1\Temp\c.exe
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Logs required : OTMoveit, Combofix and a new Hijackthis
  • 0

#3
SatanicSarahX
Posted 27 August 2008 - 07:25 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts


File/Folder C:\Windows\System32\VIE4B2.exe not found.
C:\Program Files\MSA moved successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\.tt4BC.tmp.exe moved successfully.
File/Folder C:\Windows\System32\VIE4C2.exe not found.
File/Folder C:\Windows\System32\VIE1.exe not found.
C:\Windows\System32\VIE7.exe moved successfully.
C:\Windows\System32\VIE9.exe moved successfully.
C:\DOCUME~1\Sarah\LOCALS~1\Temp\a..exe moved successfully.
File/Folder C:\Windows\System32\VIE4B0.exe not found.
File/Folder C:\Windows\System32\VIE4B1.exe not found.
File/Folder C:\Windows\System32\VIE4B2.exe not found.
File/Folder C:\Windows\System32\VIE4B3.exe not found.
File/Folder C:\Windows\System32\VIE4C2.exe not found.
File/Folder C:\Windows\System32\VIE1.exe not found.
File/Folder C:\Windows\System32\VIE7.exe not found.
File/Folder C:\Windows\System32\VIE9.exe not found.
File/Folder C:\WINDOWS\pdoskegl.dll not found.
File/Folder C:\WINDOWS\rqbmvpso.dll not found.
C:\DOCUME~1\Sarah\LOCALS~1\Temp\c.exe moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_230657




when using hijackthis

a few boxes came up saying regestery editing has been disabled by your admin

here is another hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\Sarah\LOCALS~1\Temp\c.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218613219343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218635530421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

--
End of file - 6202 bytes






I CANNOT contine as i cant acces the cd drive or run.


this is what it looks like i took this a few hours b4 i got help here so dont mind the pop ups just the start menu

Posted Image

and when i click on the d drive it says please insert a cd.
  • 0

#4
Essexboy
Posted 27 August 2008 - 08:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you run Combofix as I will need that to see what drivers are running

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#5
SatanicSarahX
Posted 27 August 2008 - 04:07 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ComboFix 08-08-26.03 - Sarah 2008-08-28 7:40:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631 [GMT 10:00]
Running from: C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sarah\Application Data\macromedia\Flash Player\#SharedObjects\B3Q3HEB7\bin.clearspring.com
C:\Documents and Settings\Sarah\Application Data\macromedia\Flash Player\#SharedObjects\B3Q3HEB7\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Sarah\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Sarah\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Sarah\Cookies\sarah@adsfac[2].txt
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\system32\blphc9osj0e32l.scr
C:\WINDOWS\system32\phc9osj0e32l.bmp
C:\WINDOWS\system32\rsrYaccf.ini
C:\WINDOWS\system32\rsrYaccf.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-28 07:43 . 2008-08-28 07:43 268 --ah----- C:\sqmdata00.sqm
2008-08-28 07:43 . 2008-08-28 07:43 244 --ah----- C:\sqmnoopt00.sqm
2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\_OTMoveIt
2008-08-27 22:56 . 2008-08-27 22:56 123 --a------ C:\WINDOWS\system32\msexcr.ini
2008-08-27 21:51 . 2008-08-27 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-27 20:23 . 2008-08-27 20:24 295 ---hs---- C:\WINDOWS\system32\atyqlbyn.ini
2008-08-27 20:21 . 2008-08-27 20:23 103,552 --a------ C:\WINDOWS\system32\nyblqyta.dll
2008-08-27 20:10 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl
2008-08-27 20:01 . 2008-08-27 23:19 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-27 20:00 . 2008-08-27 20:08 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Symantec
2008-08-27 19:44 . 2008-08-27 19:44 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\AdobeUM
2008-08-27 19:40 . 2008-08-27 19:40 <DIR> d-------- C:\Program Files\NCH Software
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\NCH Swift Sound
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-27 18:54 . 2008-08-27 18:54 <DIR> d-------- C:\Codemasters
2008-08-27 18:48 . 2008-08-27 18:48 <DIR> d-------- C:\Program Files\Activision
2008-08-27 18:45 . 2008-08-27 18:45 32,768 --a------ C:\WINDOWS\_ds2F1.tmp
2008-08-27 18:28 . 2008-08-27 18:28 <DIR> d-------- C:\UbiSoft
2008-08-27 18:27 . 2008-08-27 18:31 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-08-26 09:52 . 2008-08-26 09:52 <DIR> d-------- C:\Program Files\PowerISO
2008-08-25 14:27 . 2008-08-26 12:28 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-08-23 11:45 . 2008-04-14 10:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-23 11:45 . 2008-04-14 10:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-23 11:45 . 2008-04-14 10:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-23 11:45 . 2008-04-14 10:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-23 11:45 . 2008-04-14 10:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-23 11:45 . 2008-04-14 10:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-23 11:37 . 2008-08-23 11:37 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-08-23 11:27 . 2002-07-08 08:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-08-23 11:27 . 2006-06-20 18:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-08-23 11:26 . 2008-08-23 11:26 <DIR> d-------- C:\Program Files\Outsim
2008-08-23 11:24 . 2008-08-23 11:37 <DIR> d-------- C:\Program Files\Image-Line
2008-08-22 22:32 . 2008-08-22 22:32 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Sony
2008-08-22 22:28 . 2008-08-22 22:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Publish Providers
2008-08-22 22:28 . 2008-08-22 22:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\NetMedia Providers
2008-08-22 22:26 . 2008-08-23 11:27 <DIR> d-------- C:\Program Files\Vstplugins
2008-08-22 22:24 . 2008-08-22 22:24 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-22 22:23 . 2008-08-22 22:25 <DIR> d-------- C:\Program Files\Sony
2008-08-22 00:03 . 2008-08-22 00:03 <DIR> d-------- C:\Program Files\Proxy Switcher Standard
2008-08-22 00:03 . 2008-08-22 00:03 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\WNR
2008-08-21 20:10 . 2008-08-13 20:04 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2008-08-21 20:09 . 2008-08-21 20:09 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-08-21 20:02 . 2008-08-21 20:02 <DIR> d-------- C:\Program Files\iolo
2008-08-21 20:02 . 2008-08-21 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-21 20:02 . 2008-06-19 17:15 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-08-21 20:02 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-08-21 20:02 . 2008-06-06 16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-08-21 20:00 . 2008-08-21 20:13 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\iolo
2008-08-21 20:00 . 2008-08-21 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-21 20:00 . 2008-08-21 20:00 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-21 15:48 . 2008-04-14 04:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-21 15:48 . 2008-04-14 04:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-19 16:51 . 2008-08-19 16:52 <DIR> d-------- C:\Program Files\LimeWire
2008-08-18 17:02 . 2008-08-18 17:02 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-18 14:11 . 2008-08-19 21:47 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\U3
2008-08-18 14:11 . 2008-08-18 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 17:10 . 2008-04-14 10:12 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-08-17 17:10 . 2008-04-14 10:12 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-08-17 17:10 . 2008-04-14 10:12 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-08-16 16:41 . 2008-08-16 16:41 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-16 16:30 . 2008-08-16 16:30 <DIR> d-------- C:\WINDOWS\ShellNew
2008-08-16 16:29 . 2008-08-16 16:29 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Microsoft Web Folders
2008-08-14 18:39 . 2008-08-14 18:39 <DIR> d-------- C:\Program Files\Ventrilo
2008-08-14 18:39 . 2008-08-14 18:48 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Ventrilo
2008-08-14 17:38 . 2008-08-14 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-14 17:27 . 2008-08-14 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-14 16:37 . 2008-08-14 16:37 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Nexon
2008-08-14 13:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-14 13:22 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-14 02:13 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-08-14 02:12 . 2008-04-14 04:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-14 02:12 . 2008-04-14 10:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-14 02:11 . 2008-04-14 10:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-14 02:10 . 2008-08-27 20:53 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-08-14 02:08 . 2008-08-27 23:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-14 02:01 . 2008-08-13 16:24 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-08-14 00:34 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 00:32 . 2008-08-20 11:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 00:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-14 00:29 . 2008-08-14 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\SUPERAntiSpyware.com
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-14 00:28 . 2008-08-14 00:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Malwarebytes
2008-08-14 00:28 . 2008-08-14 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 23:16 . 2008-08-27 12:36 <DIR> d-------- C:\Documents and Settings\Sarah\Contacts
2008-08-13 23:15 . 2008-08-13 23:15 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-13 20:49 . 2008-08-13 20:49 <DIR> d-------- C:\Nexon
2008-08-13 20:07 . 2008-08-13 20:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 20:06 . 2008-08-13 20:06 <DIR> d-------- C:\Program Files\Windows Live
2008-08-13 20:06 . 2008-08-13 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-13 20:04 . 2008-08-13 20:04 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-08-13 19:51 . 2008-08-24 02:08 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-13 19:51 . 2008-08-13 22:13 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\IDM
2008-08-13 19:51 . 2008-08-28 07:45 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\DMCache
2008-08-13 19:08 . 2008-08-27 17:55 <DIR> d-------- C:\Program Files\Paint Shop Pro 6
2008-08-13 19:08 . 1999-08-13 06:00 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-08-13 19:08 . 1999-06-23 11:46 54,272 --a------ C:\WINDOWS\system32\Serial.ocx
2008-08-13 19:08 . 1999-06-23 11:46 53,760 --a------ C:\WINDOWS\system32\Infrared.ocx
2008-08-13 19:08 . 1999-06-23 11:46 51,712 --a------ C:\WINDOWS\system32\USB.ocx
2008-08-13 19:08 . 1999-08-13 06:00 47,104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2008-08-13 19:00 . 2008-08-26 18:11 <DIR> d-------- C:\Program Files\uTorrent
2008-08-13 19:00 . 2008-08-28 07:43 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\uTorrent
2008-08-13 18:46 . 2008-08-13 18:46 <DIR> d-------- C:\Program Files\Hamachi
2008-08-13 18:46 . 2008-08-26 23:49 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Hamachi
2008-08-13 18:46 . 2008-08-13 18:46 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-13 18:35 . 2008-08-13 18:35 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-13 18:34 . 2008-08-13 18:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-13 18:34 . 2008-08-18 08:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-13 18:21 . 2008-05-02 00:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:20 . 2008-04-12 05:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 18:19 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-13 18:19 . 2008-05-09 00:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-13 18:10 . 2008-08-13 18:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 17:59 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-13 17:47 . 2008-08-13 17:48 <DIR> d-------- C:\Program Files\Google
2008-08-13 17:42 . 2008-08-13 18:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-13 17:39 . 2008-08-13 17:39 <DIR> d--hs---- C:\Documents and Settings\Sarah\UserData
2008-08-13 17:36 . 2008-08-13 17:36 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-13 17:00 . 2008-08-13 17:00 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 06:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-14 07:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 06:50 --------- d-----w C:\Program Files\BigPond
2008-08-13 06:41 --------- d-----w C:\Program Files\Netropa
2008-08-13 06:40 --------- d-----w C:\Program Files\NASDAK
2008-08-13 06:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-13 06:36 --------- d-----w C:\Program Files\ASUS
2008-08-13 06:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-13 06:33 --------- d-----w C:\Program Files\Realtek
2008-08-13 06:31 --------- d-----w C:\Program Files\Intel
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-11 03:15 802816]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"PSwitch"="C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" [2008-08-14 14:14 4431360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 23:11 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 23:13 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 23:10 94208]
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE" [2001-11-09 16:47 356352]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-06-04 01:32 163840]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 10:05 200704]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 17:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 19:22 1822720 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:12 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 20:33]
S3 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-08-17 15:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c306fa22-6a88-11dd-b344-0018c08e2ba9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 07:45:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netropa\Multimedia Keyboard\Traymon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Inetkb\iNetKb.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-28 7:51:35 - machine was rebooted [Sarah]
ComboFix-quarantined-files.txt 2008-08-27 21:51:32

Pre-Run: 50,477,723,648 bytes free
Post-Run: 51,096,268,800 bytes free

275 --- E O F --- 2008-08-27 21:49:51










ive also just installed the recovery console

Edited by SatanicSarahX, 27 August 2008 - 04:09 PM.

  • 0

#6
Essexboy
Posted 28 August 2008 - 04:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could be on the final stretch now :) You will need to install an Anti-virus. Use one of the free links in my previous post

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\msexcr.ini
C:\WINDOWS\system32\atyqlbyn.ini
C:\WINDOWS\system32\nyblqyta.dll
C:\WINDOWS\system32\MSA.cpl
C:\WINDOWS\_ds2F1.tmp

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : Combofix, MBAM and a new Hijackthis log.. Plus how is your computer now
  • 0

#7
SatanicSarahX
Posted 28 August 2008 - 05:33 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ComboFix 08-08-26.03 - Sarah 2008-08-28 20:43:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494 [GMT 10:00]
Running from: C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sarah\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\_ds2F1.tmp
C:\WINDOWS\system32\atyqlbyn.ini
C:\WINDOWS\system32\MSA.cpl
C:\WINDOWS\system32\msexcr.ini
C:\WINDOWS\system32\nyblqyta.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\_ds2F1.tmp
C:\WINDOWS\system32\MSA.cpl

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 19:38 . 2008-08-28 19:39 213 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-08-28 14:12 . 2008-08-28 19:38 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-28 07:51 . 2008-08-28 07:51 268 --ah----- C:\sqmdata01.sqm
2008-08-28 07:51 . 2008-08-28 07:51 244 --ah----- C:\sqmnoopt01.sqm
2008-08-28 07:43 . 2008-08-28 07:43 268 --ah----- C:\sqmdata00.sqm
2008-08-28 07:43 . 2008-08-28 07:43 244 --ah----- C:\sqmnoopt00.sqm
2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\_OTMoveIt
2008-08-27 21:51 . 2008-08-27 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-27 20:01 . 2008-08-27 23:19 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-27 20:00 . 2008-08-27 20:08 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Symantec
2008-08-27 19:44 . 2008-08-27 19:44 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\AdobeUM
2008-08-27 19:40 . 2008-08-27 19:40 <DIR> d-------- C:\Program Files\NCH Software
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\NCH Swift Sound
2008-08-27 19:39 . 2008-08-27 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-27 18:54 . 2008-08-27 18:54 <DIR> d-------- C:\Codemasters
2008-08-27 18:48 . 2008-08-27 18:48 <DIR> d-------- C:\Program Files\Activision
2008-08-27 18:28 . 2008-08-27 18:28 <DIR> d-------- C:\UbiSoft
2008-08-27 18:27 . 2008-08-27 18:31 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-08-26 09:52 . 2008-08-26 09:52 <DIR> d-------- C:\Program Files\PowerISO
2008-08-25 14:27 . 2008-08-26 12:28 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-08-23 11:45 . 2008-04-14 10:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-23 11:45 . 2008-04-14 10:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-23 11:45 . 2008-04-14 10:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-23 11:45 . 2008-04-14 10:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-23 11:45 . 2008-04-14 10:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-23 11:45 . 2008-04-14 10:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-23 11:37 . 2008-08-23 11:37 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-08-23 11:27 . 2002-07-08 08:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-08-23 11:27 . 2006-06-20 18:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-08-23 11:26 . 2008-08-23 11:26 <DIR> d-------- C:\Program Files\Outsim
2008-08-23 11:24 . 2008-08-23 11:37 <DIR> d-------- C:\Program Files\Image-Line
2008-08-22 22:32 . 2008-08-22 22:32 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Sony
2008-08-22 22:28 . 2008-08-22 22:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Publish Providers
2008-08-22 22:28 . 2008-08-22 22:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\NetMedia Providers
2008-08-22 22:26 . 2008-08-23 11:27 <DIR> d-------- C:\Program Files\Vstplugins
2008-08-22 22:24 . 2008-08-22 22:24 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-22 22:23 . 2008-08-22 22:25 <DIR> d-------- C:\Program Files\Sony
2008-08-22 00:03 . 2008-08-22 00:03 <DIR> d-------- C:\Program Files\Proxy Switcher Standard
2008-08-22 00:03 . 2008-08-22 00:03 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\WNR
2008-08-21 20:10 . 2008-08-13 20:04 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2008-08-21 20:09 . 2008-08-21 20:09 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-08-21 20:02 . 2008-08-21 20:02 <DIR> d-------- C:\Program Files\iolo
2008-08-21 20:02 . 2008-08-21 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-21 20:02 . 2008-06-19 17:15 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-08-21 20:02 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-08-21 20:02 . 2008-06-06 16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-08-21 20:00 . 2008-08-21 20:13 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\iolo
2008-08-21 20:00 . 2008-08-21 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-21 20:00 . 2008-08-21 20:00 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-21 15:48 . 2008-04-14 04:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-21 15:48 . 2008-04-14 04:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-19 16:51 . 2008-08-19 16:52 <DIR> d-------- C:\Program Files\LimeWire
2008-08-18 17:02 . 2008-08-18 17:02 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-18 14:11 . 2008-08-19 21:47 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\U3
2008-08-18 14:11 . 2008-08-18 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 17:10 . 2008-04-14 10:12 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-08-17 17:10 . 2008-04-14 10:12 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-08-17 17:10 . 2008-04-14 10:12 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-08-16 16:41 . 2008-08-16 16:41 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-16 16:30 . 2008-08-16 16:30 <DIR> d-------- C:\WINDOWS\ShellNew
2008-08-16 16:29 . 2008-08-16 16:29 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Microsoft Web Folders
2008-08-14 18:39 . 2008-08-14 18:39 <DIR> d-------- C:\Program Files\Ventrilo
2008-08-14 18:39 . 2008-08-14 18:48 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Ventrilo
2008-08-14 17:38 . 2008-08-14 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-14 17:27 . 2008-08-14 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-14 16:37 . 2008-08-14 16:37 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Nexon
2008-08-14 13:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-14 13:22 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-14 02:13 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-08-14 02:12 . 2008-04-14 04:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-14 02:12 . 2008-04-14 10:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-14 02:11 . 2008-04-14 10:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-14 02:10 . 2008-08-27 20:53 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-08-14 02:08 . 2008-08-28 07:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-14 02:01 . 2008-08-13 16:24 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-08-14 00:34 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 00:32 . 2008-08-20 11:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 00:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-14 00:29 . 2008-08-14 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\SUPERAntiSpyware.com
2008-08-14 00:29 . 2008-08-14 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-14 00:28 . 2008-08-14 00:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Malwarebytes
2008-08-14 00:28 . 2008-08-14 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 23:16 . 2008-08-27 12:36 <DIR> d-------- C:\Documents and Settings\Sarah\Contacts
2008-08-13 23:15 . 2008-08-13 23:15 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-13 20:49 . 2008-08-13 20:49 <DIR> d-------- C:\Nexon
2008-08-13 20:07 . 2008-08-13 20:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 20:06 . 2008-08-13 20:06 <DIR> d-------- C:\Program Files\Windows Live
2008-08-13 20:06 . 2008-08-13 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-13 20:04 . 2008-08-13 20:04 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-08-13 19:51 . 2008-08-24 02:08 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-13 19:51 . 2008-08-13 22:13 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\IDM
2008-08-13 19:51 . 2008-08-28 20:44 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\DMCache
2008-08-13 19:08 . 2008-08-27 17:55 <DIR> d-------- C:\Program Files\Paint Shop Pro 6
2008-08-13 19:08 . 1999-08-13 06:00 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-08-13 19:08 . 1999-06-23 11:46 54,272 --a------ C:\WINDOWS\system32\Serial.ocx
2008-08-13 19:08 . 1999-06-23 11:46 53,760 --a------ C:\WINDOWS\system32\Infrared.ocx
2008-08-13 19:08 . 1999-06-23 11:46 51,712 --a------ C:\WINDOWS\system32\USB.ocx
2008-08-13 19:08 . 1999-08-13 06:00 47,104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2008-08-13 19:00 . 2008-08-26 18:11 <DIR> d-------- C:\Program Files\uTorrent
2008-08-13 19:00 . 2008-08-28 07:43 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\uTorrent
2008-08-13 18:46 . 2008-08-13 18:46 <DIR> d-------- C:\Program Files\Hamachi
2008-08-13 18:46 . 2008-08-26 23:49 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Hamachi
2008-08-13 18:46 . 2008-08-13 18:46 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-13 18:35 . 2008-08-13 18:35 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-13 18:34 . 2008-08-13 18:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-13 18:34 . 2008-08-18 08:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-13 18:21 . 2008-05-02 00:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:20 . 2008-04-12 05:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 18:19 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-13 18:19 . 2008-05-09 00:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-13 18:12 . 2008-08-13 18:12 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-13 18:10 . 2008-08-13 18:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 17:59 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-13 17:47 . 2008-08-28 08:01 <DIR> d-------- C:\Program Files\Google
2008-08-13 17:42 . 2008-08-28 19:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-13 17:39 . 2008-08-13 17:39 <DIR> d--hs---- C:\Documents and Settings\Sarah\UserData
2008-08-13 17:36 . 2008-08-13 17:36 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-13 17:00 . 2008-08-13 17:00 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-08-13 17:00 . 2006-10-05 23:09 155,648 -ra------ C:\WINDOWS\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 06:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-14 07:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 06:50 --------- d-----w C:\Program Files\BigPond
2008-08-13 06:41 --------- d-----w C:\Program Files\Netropa
2008-08-13 06:40 --------- d-----w C:\Program Files\NASDAK
2008-08-13 06:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-13 06:36 --------- d-----w C:\Program Files\ASUS
2008-08-13 06:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-13 06:33 --------- d-----w C:\Program Files\Realtek
2008-08-13 06:31 --------- d-----w C:\Program Files\Intel
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 00:57 3,592,192 ----a-w C:\WINDOWS\system32\SET6E.tmp
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-28_ 7.51.20.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 08:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 08:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 08:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 08:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 08:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 08:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 08:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 08:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 08:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 07:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-02-12 06:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 02:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 08:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 08:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 08:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 08:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 08:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 08:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 08:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 08:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 08:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 08:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 08:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 08:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 08:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 08:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 08:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 08:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 08:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 08:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 08:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2006-11-01 08:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-26 12:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-07-30 09:19:20 92,504 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll
+ 2007-07-30 09:19:36 549,720 ----a-w C:\WINDOWS\LastGood\system32\wuapi.dll
+ 2007-07-30 09:19:16 53,080 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe
+ 2007-07-30 09:19:42 1,712,984 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll
+ 2007-07-30 09:19:32 325,976 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll
+ 2007-07-30 09:18:40 33,624 ----a-w C:\WINDOWS\LastGood\system32\wups.dll
+ 2007-07-30 09:19:12 43,352 ----a-w C:\WINDOWS\LastGood\system32\wups2.dll
+ 2007-07-30 09:19:46 203,096 ----a-w C:\WINDOWS\LastGood\system32\wuweb.dll
+ 2001-07-14 07:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2007-08-13 08:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-07-30 09:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 12:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-08-13 08:35:46 346,624 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 08:35:38 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 08:54:10 131,584 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-13 08:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 08:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 08:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 07:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-13 08:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 08:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-13 08:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 08:54:10 27,136 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 08:54:12 3,578,368 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 00:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 08:54:10 475,648 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 08:44:26 192,000 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-18 11:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 06:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-08-13 08:54:10 670,720 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 08:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 08:36:12 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-11-01 08:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-26 12:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-08-13 08:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 08:54:10 1,162,240 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 08:54:10 765,952 -c----w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-13 08:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 08:54:10 818,688 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-18 11:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 07:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-10-18 11:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-11 13:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2007-07-30 09:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 12:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 09:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 12:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 09:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 12:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 09:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 12:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 09:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 12:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-08-13 08:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 08:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 08:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 08:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 07:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-13 08:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 08:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 08:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 08:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 08:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-13 08:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-07-18 12:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 12:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-11 03:15 802816]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"PSwitch"="C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" [2008-08-14 14:14 4431360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-28 08:01 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 23:11 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 23:13 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 23:10 94208]
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE" [2001-11-09 16:47 356352]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-06-04 01:32 163840]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 10:05 200704]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 17:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 19:22 1822720 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:12 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:12 15360]

C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 20:33]
S3 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-08-17 15:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c306fa22-6a88-11dd-b344-0018c08e2ba9}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 20:44:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-28 20:46:07
ComboFix-quarantined-files.txt 2008-08-28 10:45:53
ComboFix2.txt 2008-08-27 21:51:36

Pre-Run: 50,906,820,608 bytes free
Post-Run: 50,991,112,192 bytes free

394 --- E O F --- 2008-08-28 09:40:11




Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 3

9:30:14 PM 28/08/2008
mbam-log-08-28-2008 (21-30-14).txt

Scan type: Quick Scan
Objects scanned: 37072
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\qalkfxor.bgrm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218613219343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218635530421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

--
End of file - 5826 bytes








and one i did prior this but the scan interupted

Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 3

8:04:44 PM 28/08/2008
mbam-log-08-28-2008 (20-04-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 26732
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nyblqyta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atyqlbyn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.



if or when the last step you give me. is there one last scan i can do to check my pc to make 110% sure there is nothing?



i also feel like something is slowing down my internet, as its not the same as it use to be even tho its dial up i have troulbe loading pages i normallay diddnt

Edited by SatanicSarahX, 28 August 2008 - 05:45 AM.

  • 0

#8
Essexboy
Posted 28 August 2008 - 06:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this should be the last scan, are you clear of popups etc. ?

Please download ATF Cleaner by Atribune.
This program is for XP, Vista and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

THEN

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
SatanicSarahX
Posted 28 August 2008 - 07:35 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
i attached it =]

Attached Files


  • 0

#10
Essexboy
Posted 28 August 2008 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok just a smidgeon to kill there

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> dxwnd.dll -> %UserProfile%\Desktop\dxwnd.dll
NY -> DXwnd.exe -> %UserProfile%\Desktop\DXwnd.exe
NY -> dxwnd.ini -> %UserProfile%\Desktop\dxwnd.ini
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

You really do need to get an anti virus otherwise you will get infected again
  • 0

Advertisements

#11
SatanicSarahX
Posted 28 August 2008 - 03:09 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
[Files Created - Additional Folder Scans - Non-Microsoft Only]
DllUnregisterServer procedure not found in C:\Documents and Settings\Sarah\Desktop\dxwnd.dll
C:\Documents and Settings\Sarah\Desktop\dxwnd.dll NOT unregistered.
C:\Documents and Settings\Sarah\Desktop\dxwnd.dll moved successfully.
C:\Documents and Settings\Sarah\Desktop\DXwnd.exe moved successfully.
C:\Documents and Settings\Sarah\Desktop\dxwnd.ini moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Sarah\Local Settings\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sarah\Local Settings\temp\~DFBA6A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sarah\Local Settings\temp\~DFBA75.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\fb_448.lck scheduled to be deleted on reboot.
Windows Temp folder emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.17.0 fix logfile created on 08292008_070322

Files moved on Reboot...
File C:\Documents and Settings\Sarah\Local Settings\temp\Perflib_Perfdata_734.dat not found!
File C:\Documents and Settings\Sarah\Local Settings\temp\~DFBA6A.tmp not found!
File C:\Documents and Settings\Sarah\Local Settings\temp\~DFBA75.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\fb_448.lck not found!






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09, on 29/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218613219343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218635530421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

--
End of file - 5677 bytes
  • 0

#12
Essexboy
Posted 28 August 2008 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So how is it running now ?

If you need instructions on how to set up an Anti virus (Free) I can help
  • 0

#13
SatanicSarahX
Posted 28 August 2008 - 03:21 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
yeah sure that be nice i need a good one, that has a guard or something. basically a rly tough one =D
(i have school soon) ><


yes its running better than b4 TY

is there anylast scan i can do to check it?

Edited by SatanicSarahX, 28 August 2008 - 03:25 PM.

  • 0

#14
Essexboy
Posted 28 August 2008 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is the AV I use, it will protect IM, P2P, E-Mail and has a web shield

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose
  • Scan all local disks
  • scan archive files
  • click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system had infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I am expecting a clean report on this :)

Once you are done let me know and I will then clean up my tools
  • 0

#15
SatanicSarahX
Posted 28 August 2008 - 05:54 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
08/29/2008 08:52
Scan of all local drives

File C:\QooBox\Quarantine\C\WINDOWS\system32\blphc9osj0e32l.scr.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 3533
Number of tested files: 56747
Number of infected files: 1
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP