Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Running Slow Many Viruses [RESOLVED]

Started by botbry , May 06 2008 11:29 PM

  • This topic is locked This topic is locked

#16
botbry
Posted 10 May 2008 - 12:36 AM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much! I finally have access to my windows firewall and security settings. They have been locked down for a good year, because of what i assumed to be a virus that i just couldn't get out. the system is running a little slower than what i once remember, but a good drefrag wont hurt. Are there any other recommendations that you have?
Here is the CF log just in case there is anything else


ComboFix 08-05-01.3 - Owner 2008-05-10 1:43:06.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Owner\My Documents\limewire downloads\give it up kevin aviance.mp3
C:\Downloads\ApacheAirAssault_Setup-dm[1].exe
C:\Downloads\LuftwaffeSetup-dm[1].exe
C:\WINDOWS\system32\dpvoic.6
C:\WINDOWS\system32\dpvoic.7
C:\WINDOWS\system32\dpvoic.8
C:\WINDOWS\system32\dpvoic.9
C:\WINDOWS\system32\drivers\qxnudjns.dat
C:\WINDOWS\system32\drivers\tbeooixi.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\My Documents\limewire downloads\give it up kevin aviance.mp3
C:\Downloads\ApacheAirAssault_Setup-dm[1].exe
C:\Downloads\LuftwaffeSetup-dm[1].exe
C:\WINDOWS\system32\dpvoic.6
C:\WINDOWS\system32\dpvoic.7
C:\WINDOWS\system32\dpvoic.8
C:\WINDOWS\system32\dpvoic.9
C:\WINDOWS\system32\drivers\qxnudjns.dat
C:\WINDOWS\system32\drivers\tbeooixi.sys

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-08 01:50 . 2008-05-08 01:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-08 01:50 . 2008-05-08 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 01:12 . 2008-05-08 01:12 <DIR> d-------- C:\Deckard
2008-05-07 15:50 . 2008-05-10 01:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 15:50 . 2008-05-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 11:29 . 2008-05-05 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 14:17 . 2008-05-06 08:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 14:15 . 2008-05-04 14:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 13:50 . 2008-05-04 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 13:49 . 2008-05-04 13:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 02:18 . 2008-05-04 02:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 02:18 . 2008-05-04 02:18 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-04 02:16 . 2008-05-04 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-04 02:16 . 2008-05-04 02:16 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-03 19:40 . 2008-05-09 11:27 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-03 19:36 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-03 19:36 . 2008-05-03 19:36 <DIR> d-------- C:\Program Files\AVG
2008-05-03 19:36 . 2008-05-03 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-03 19:36 . 2008-05-04 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:36 . 2008-05-03 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-03 19:36 . 2008-05-03 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-03 03:28 . 2008-05-03 03:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-05-03 03:26 . 2008-05-03 03:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-03 03:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-03 03:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-05-03 03:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-05-03 03:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-05-03 03:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-03 03:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-03 03:24 . 2008-05-03 03:24 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 01:22 . 2008-04-27 01:22 <DIR> d-------- C:\Program Files\Red Kawa
2008-04-16 11:38 . 2008-04-16 11:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-16 11:35 . 2008-04-16 11:36 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 17:06 284 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-04 18:48 --------- d-----w C:\Program Files\SmartDraw 7
2008-05-04 18:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 06:39 --------- d-----w C:\Program Files\McAfee.com
2008-05-04 06:37 --------- d-----w C:\Program Files\McAfee
2008-05-04 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 05:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 15:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-27 05:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-16 15:38 --------- d-----w C:\Program Files\iPod
2008-04-16 15:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-10 11:22 --------- d-----w C:\Program Files\Ascentive
2008-04-09 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-03 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-02 17:56 --------- d-----w C:\Program Files\PopCap Games
2008-04-02 17:05 --------- d-----w C:\Program Files\Azureus
2008-03-31 22:40 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 18:02 --------- d-----w C:\Program Files\FT8D91
2008-03-16 01:51 --------- d-----w C:\Program Files\RCA
2008-03-14 06:33 --------- d-----w C:\Program Files\Project64 1.6
2008-03-12 18:13 208,896 ----a-w C:\WINDOWS\system32\ConTest.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 17:40 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-01-23 19:07 1,847,296 -c--a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_15.14.45.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 18:48:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 05:52:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-15 15:52:56 63,732 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-07 21:09:33 63,732 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 15:52:56 406,658 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-07 21:09:34 406,658 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 02:18 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-06 08:51 1481968]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-12 07:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 02:17 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 23:33:37 1757]
HP Digital Imaging Monitor.lnk.disabled [2007-02-10 20:24:52 1808]
Kodak EasyShare software.lnk.disabled [2007-06-06 20:02:19 1837]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-06 08:51 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-04-12 17:44 1187899 C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2006-07-28 11:43 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1131383480\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
"AOLSPScheduler"=C:\Program Files\Common Files\AOL\1131383480\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
"hcsystray"=C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"NWEReboot"=
"ImgTask"=C:\WINDOWS\Imgtask.exe
"LyraUpdates"="C:\Program Files\RCA\Auto Updater\Auto Updater.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-04 02:18]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-03 19:36]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 02:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]
S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-25 02:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:19:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 10:04:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 01:53:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\anotify.exe
.
**************************************************************************
.
Completion time: 2008-05-10 2:23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 06:23:13
ComboFix2.txt 2008-05-10 03:02:08
ComboFix3.txt 2008-05-07 20:11:42
ComboFix4.txt 2008-05-07 19:16:24

Pre-Run: 25,480,818,688 bytes free
Post-Run: 25,466,466,304 bytes free

277 --- E O F --- 2008-04-10 04:32:03
  • 0

Advertisements

#17
Rorschach112
Posted 10 May 2008 - 05:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#18
botbry
Posted 10 May 2008 - 10:46 PM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for all your help! the system is running better but still not great. i am going to defrag it and hopefully that will help. also do you have any other recommendations for me? also here is the CF Log and a new HJT Log. Also could you please explain to me what ctfmon.exe is?

ComboFix 08-05-01.3 - Owner 2008-05-07 14:35:51.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Ringtones\RingtonesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\AlertArchive.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\dunybokh.ini
C:\WINDOWS\system32\enyvdvpl.ini
C:\WINDOWS\system32\iowktyuf.ini
C:\WINDOWS\system32\kbobsyoa.ini
C:\WINDOWS\system32\kebiktwe.ini
C:\WINDOWS\system32\lmgjvtcn.ini
C:\WINDOWS\system32\lxooaxwq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxeqqtcd.ini
C:\WINDOWS\system32\nttmqpfo.ini
C:\WINDOWS\system32\ojttohrf.ini
C:\WINDOWS\system32\otbsodue.ini
C:\WINDOWS\system32\pwhrstmf.ini
C:\WINDOWS\system32\srpupbeg.ini
C:\WINDOWS\system32\sxallijq.ini
C:\WINDOWS\system32\tpydbsro.ini
C:\WINDOWS\system32\tsknweit.ini
C:\WINDOWS\system32\uvwvumqh.ini
C:\WINDOWS\system32\vofhkgde.ini
C:\WINDOWS\system32\wadknbpd.ini
C:\WINDOWS\system32\xommsbxy.ini
C:\WINDOWS\system32\xybay.bak2
C:\WINDOWS\system32\xybay.ini
C:\WINDOWS\system32\xybay.ini2
C:\WINDOWS\system32\xybay.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-05 11:29 . 2008-05-05 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 14:17 . 2008-05-06 08:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 14:15 . 2008-05-04 14:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 13:50 . 2008-05-04 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 13:49 . 2008-05-04 13:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 02:18 . 2008-05-04 02:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 02:18 . 2008-05-04 02:18 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-04 02:16 . 2008-05-04 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-04 02:16 . 2008-05-04 02:16 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-03 19:40 . 2008-05-07 11:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-03 19:36 . 2008-05-07 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-03 19:36 . 2008-05-03 19:36 <DIR> d-------- C:\Program Files\AVG
2008-05-03 19:36 . 2008-05-03 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-03 19:36 . 2008-05-04 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:36 . 2008-05-03 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-03 19:36 . 2008-05-03 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-03 03:28 . 2008-05-03 03:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-05-03 03:26 . 2008-05-03 03:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-03 03:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-03 03:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-05-03 03:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-05-03 03:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-05-03 03:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-03 03:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-03 03:24 . 2008-05-03 03:24 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 01:22 . 2008-04-27 01:22 <DIR> d-------- C:\Program Files\Red Kawa
2008-04-16 11:38 . 2008-04-16 11:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-16 11:35 . 2008-04-16 11:36 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 10:00 . 2008-04-09 10:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-09 09:40 . 2007-10-16 12:33 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-04-09 09:40 . 2007-10-16 12:33 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-09 09:34 . 2007-10-17 12:20 1,066,176 -ra------ C:\WINDOWS\system32\mscoe363.rra
2008-04-09 09:34 . 2007-10-17 12:20 24,576 -ra------ C:\WINDOWS\system32\BAZLib.dll
2008-04-09 09:28 . 2007-10-17 12:20 20,480 -ra------ C:\WINDOWS\system32\SysRestore.dll
2008-04-09 09:05 . 2008-04-10 07:22 <DIR> d-------- C:\Program Files\Ascentive
2008-04-09 09:05 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-04-09 09:05 . 2008-03-12 14:13 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-04-09 09:05 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:48 --------- d-----w C:\Program Files\SmartDraw 7
2008-05-04 18:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 06:39 --------- d-----w C:\Program Files\McAfee.com
2008-05-04 06:37 --------- d-----w C:\Program Files\McAfee
2008-05-04 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 05:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 15:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-27 05:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-16 15:38 --------- d-----w C:\Program Files\iPod
2008-04-16 15:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-03 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-02 17:56 --------- d-----w C:\Program Files\PopCap Games
2008-04-02 17:05 --------- d-----w C:\Program Files\Azureus
2008-03-31 22:40 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 18:02 --------- d-----w C:\Program Files\FT8D91
2008-03-16 01:51 --------- d-----w C:\Program Files\RCA
2008-03-14 06:33 --------- d-----w C:\Program Files\Project64 1.6
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-05 06:16 98,048 ----a-w C:\WINDOWS\system32\dpvoic.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 17:40 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-12-31 22:25 284 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-01-23 19:07 1,847,296 -c--a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ED64A7D-8A76-47F0-81D1-7810D35D3CE4}]
2008-03-05 02:16 98048 --a------ C:\WINDOWS\system32\dpvoic.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 02:18 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92}]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-06 08:51 1481968]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-12 07:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 02:17 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 23:33:37 1757]
HP Digital Imaging Monitor.lnk.disabled [2007-02-10 20:24:52 1808]
Kodak EasyShare software.lnk.disabled [2007-06-06 20:02:19 1837]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-06 08:51 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabyx]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\orsbdypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-04-12 17:44 1187899 C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2006-07-28 11:43 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1131383480\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"6338ca3e.exe"=C:\Documents and Settings\Owner\Local Settings\Application Data\6338ca3e.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"MSI Configuration"=msiconf.exe
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
"AOLSPScheduler"=C:\Program Files\Common Files\AOL\1131383480\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
"hcsystray"=C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"SearchIndexer"=rundll32.exe "C:\WINDOWS\system32\hqmuvwvu.dll",sitypnow
"NWEReboot"=
"ImgTask"=C:\WINDOWS\Imgtask.exe
"LyraUpdates"="C:\Program Files\RCA\Auto Updater\Auto Updater.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-04 02:18]
R0 ulvcsslx;ulvcsslx;C:\WINDOWS\system32\drivers\qxnudjns.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-03 19:36]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 02:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 02:17]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-04 02:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 02:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]
S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-25 02:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:19:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 10:04:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 14:51:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ulvcsslx]
"ImagePath"="system32\drivers\qxnudjns.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\anotify.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-05-07 15:16:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 19:15:46

Pre-Run: 25,961,144,320 bytes free
Post-Run: 25,949,483,008 bytes free

332 --- E O F --- 2008-04-10 04:32:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:24 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pumpeng.music...gmusicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193974951981
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7992 bytes
  • 0

#19
Rorschach112
Posted 11 May 2008 - 04:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hmm seems like the infection respawned

Can you post a new HijackThis log there

ctfmon.exe is legit and used for languages or something like that
  • 0

#20
botbry
Posted 11 May 2008 - 08:32 AM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:40 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pumpeng.music...gmusicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193974951981
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7611 bytes
  • 0

#21
Rorschach112
Posted 11 May 2008 - 09:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#22
botbry
Posted 11 May 2008 - 11:36 AM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
i tried to run DSS and it still does not function.
  • 0

#23
Rorschach112
Posted 11 May 2008 - 12:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run ComboFix.exe again and post the log
  • 0

#24
botbry
Posted 11 May 2008 - 12:45 PM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-05-11.1 - Owner 2008-05-11 14:21:02.5 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 13:32 . 2008-05-11 13:32 <DIR> d-------- C:\Deckard
2008-05-11 02:54 . 2008-05-11 02:54 165 --a------ C:\WINDOWS\srndmix.ini
2008-05-11 02:37 . 2008-05-11 02:55 <DIR> d-------- C:\Program Files\MP3 Stream Editor
2008-05-11 01:59 . 2008-05-11 02:26 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-11 01:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 00:59 . 2008-05-11 00:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 15:50 . 2008-05-11 09:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 15:50 . 2008-05-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 11:29 . 2008-05-11 01:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 14:17 . 2008-05-11 01:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 13:50 . 2008-05-04 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 02:18 . 2008-05-04 02:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 02:18 . 2008-05-04 02:18 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-04 02:16 . 2008-05-04 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-04 02:16 . 2008-05-04 02:16 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-03 19:40 . 2008-05-10 02:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-03 19:36 . 2008-05-11 13:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-03 19:36 . 2008-05-03 19:36 <DIR> d-------- C:\Program Files\AVG
2008-05-03 19:36 . 2008-05-03 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-03 19:36 . 2008-05-04 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:36 . 2008-05-03 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-03 19:36 . 2008-05-03 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-03 03:28 . 2008-05-03 03:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-05-03 03:26 . 2008-05-03 03:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-03 03:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-03 03:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-05-03 03:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-05-03 03:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-05-03 03:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-03 03:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-03 03:24 . 2008-05-03 03:24 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 01:22 . 2008-04-27 01:22 <DIR> d-------- C:\Program Files\Red Kawa
2008-04-16 11:38 . 2008-04-16 11:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-16 11:35 . 2008-04-16 11:36 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-11 05:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-11 05:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-11 05:51 --------- d-----w C:\Program Files\Azureus
2008-05-11 05:16 --------- d-----w C:\Program Files\Java
2008-05-10 13:14 --------- d-----w C:\Program Files\McAfee.com
2008-05-10 06:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-05-10 06:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-08 17:06 284 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-04 18:48 --------- d-----w C:\Program Files\SmartDraw 7
2008-05-04 06:37 --------- d-----w C:\Program Files\McAfee
2008-05-04 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 15:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-16 15:38 --------- d-----w C:\Program Files\iPod
2008-04-16 15:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-10 11:22 --------- d-----w C:\Program Files\Ascentive
2008-04-09 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-03 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-02 17:56 --------- d-----w C:\Program Files\PopCap Games
2008-03-31 22:40 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-16 18:02 --------- d-----w C:\Program Files\FT8D91
2008-03-16 01:51 --------- d-----w C:\Program Files\RCA
2008-03-14 06:33 --------- d-----w C:\Program Files\Project64 1.6
2008-02-18 17:40 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-01-23 19:07 1,847,296 -c--a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 02:18 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-12 07:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 02:17 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 23:33:37 1757]
HP Digital Imaging Monitor.lnk.disabled [2007-02-10 20:24:52 1808]
Kodak EasyShare software.lnk.disabled [2007-06-06 20:02:19 1837]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
C:\Program Files\Common Files\AOL\1131383480\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
"AOLSPScheduler"=C:\Program Files\Common Files\AOL\1131383480\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
"hcsystray"=C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"NWEReboot"=
"ImgTask"=C:\WINDOWS\Imgtask.exe
"LyraUpdates"="C:\Program Files\RCA\Auto Updater\Auto Updater.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-04 02:18]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-03 19:36]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 02:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 02:17]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-04 02:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 02:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]
S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-25 02:36]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:19:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 10:04:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 14:28:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 14:43:14
ComboFix-quarantined-files.txt 2008-05-11 18:42:37
ComboFix2.txt 2008-05-10 06:23:44

Pre-Run: 30,026,514,432 bytes free
Post-Run: 30,123,978,752 bytes free

213 --- E O F --- 2008-04-10 04:32:03
  • 0

#25
Rorschach112
Posted 11 May 2008 - 12:52 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok nothing to worry about

You are clean

Any questions ?
  • 0

Advertisements

#26
botbry
Posted 11 May 2008 - 08:33 PM

botbry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
oh ok. nope no questions. if i start to have any more problems i will be sure to come back. thank you very much!
  • 0

#27
Rorschach112
Posted 12 May 2008 - 07:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP