Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adtrgt.com virus/spyware

Started by Warden , Dec 02 2008 02:51 PM

  • Please log in to reply

#1
Warden
Posted 02 December 2008 - 02:51 PM

Warden

    Member

  • Member
  • PipPipPip
  • 162 posts
Hello, I am unable to download and run HJT or the other programs suggested in the help section. I get a message saying"application failed to start because MSVBVM60.dll was not found. Restsrting app may fix this issue." I have a Compaq nc8430 running Windows XP.

I ended up running ComboFix on the advice of another site. I have that log posted here.

ComboFix 08-12-01.03 - 1032737 2008-12-02 15:32:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.507 [GMT -5:00]
Running from: c:\documents and settings\1032737\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\1032737\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\rmcastt.sys
c:\windows\wininit.ini
.

((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 15:31 . 2008-12-02 15:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 08:36 . 2008-12-02 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-28 10:32 . 2008-11-28 10:31 53,352 --a------ c:\windows\system32\aston.mt
2008-11-28 10:32 . 2008-11-28 10:32 0 --a------ c:\windows\ynh.dx
2008-11-25 12:22 . 2008-11-25 12:22 <DIR> d-------- c:\documents and settings\1032737\Application Data\Blackberry Desktop
2008-11-24 09:51 . 2008-11-24 09:51 <DIR> d-------- c:\program files\iTunes
2008-11-24 09:51 . 2008-11-24 09:51 <DIR> d-------- c:\program files\iPod
2008-11-24 09:51 . 2008-11-24 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 09:48 . 2008-11-24 09:49 <DIR> d-------- c:\program files\QuickTime
2008-11-22 20:59 . 2008-11-22 20:59 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-11 17:29 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:29 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 20:36 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-02 15:56 --------- d-----w c:\program files\PokerStars
2008-12-02 03:08 --------- d-----w c:\documents and settings\1032737\Application Data\uTorrent
2008-11-25 18:47 256 ----a-w c:\documents and settings\1032737\pool.bin
2008-11-24 14:48 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-09 21:46 --------- d-----w c:\program files\Common Files\xing shared
2008-10-09 21:46 --------- d-----w c:\program files\Common Files\Real
2008-10-08 18:22 --------- d-----w c:\documents and settings\1032737\Application Data\Research In Motion
2008-10-08 18:18 --------- d-----w c:\program files\Research In Motion
2008-10-08 18:18 --------- d-----w c:\program files\Common Files\Research In Motion
2008-10-08 18:15 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-08 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-10-08 18:09 --------- d-----w c:\documents and settings\1032737\Application Data\U3
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-05-28 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-28 124656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-29 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-19 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-01 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pgpfs;PGP File Sharing;c:\windows\system32\Drivers\PGPfsfd.sys [2006-12-12 96256]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2006-12-12 164864]
R2 CcmExec;SMS Agent Host;c:\windows\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2006-12-12 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2006-12-12 36352]
R2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-05-28 115952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-17 99376]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-04-14 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
S3 prepdrvr;SMS Process Event Driver;\??\c:\windows\system32\CCM\prepdrv.sys [2006-02-09 20704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f8993f-4071-11dc-ba96-806d6172696f}]
\Shell\AutoRun\command - D:\OSDRUN.EXE /w2kPlus /ShowError OSDICW.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7085c2df-37ca-11dd-81e8-001cbf019b4d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 15:36:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????R??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\windows\system32\PGPserv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\mshearts.exe
.
**************************************************************************
.
Completion time: 2008-12-02 15:38:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 20:38:30
ComboFix2.txt 2008-12-02 20:23:58
ComboFix3.txt 2008-12-02 20:10:37

Pre-Run: 44,668,383,232 bytes free
Post-Run: 44,658,360,320 bytes free

163 --- E O F --- 2008-11-12 08:05:14

The adtrgt.com is no longer an issue, however, the machine still seems to be slow. Any suggestions or ideas? Thanks and have a nice day.
  • 0

Advertisements

#2
Warden
Posted 03 December 2008 - 09:56 PM

Warden

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Hello, I was able to download the suggested programs after getting msvbvm60.dll sucessfully reinstalled on my machine. I believe I have the problem solved at this point so feel free to close this topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP