Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: ldcore.dll, maybe others

  1. 2007-11-27, 11:17 #11
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Your log looks fine but there are some entries on the Combofix log that I need to look into.

    I wanted to ask you about Cool, try removing it via the Add Remove Programs in the Control Panel. Let me know if it would not delete.



    Please download ATF Cleaner by Atribune to your desktop.
    • This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.


    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


    I'll be back a little later
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  2. 2007-11-27, 13:18 #12
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    This is what we need to do. Part of this fix is going to make changes to your registry so download this program first , it will back it up for you and you can restore if there is a problem.


    Backup Your Registry with ERUNT:
    • Download erunt.zip to your Desktop from here:
      http://aumha.org/downloads/erunt.zip
    • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
    • Inside the new folder, double-click ERUNT.exe to start the program
    • OK all the prompts to back up your registry to the default location.
    Note: to restore your registry, go to the backup folder and start ERDNT.exe




    Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

    File::
    C:\Program Files\installer.js
    C:\WINDOWS\system32\artchker.exe
    C:\WINDOWS\TEMP\4T7DCm0H.exe
    C:\WINDOWS\TEMP\4T7DCm0H.exe
    C:\WINDOWS\system32\artchker.exe
    C:\WINDOWS\io43mvuiw4kj.exe
    C:\WINDOWS\wvtusp.dll
    C:\WINDOWS\winshow.exe
    C:\Documents and Settings\Jared\Local Settings\Temp\T0CHD001.exe

    Folder::
    C:\Program Files\Cool
    C:\Program Files\Web Buying
    C:\WINDOWS\dXNlcg

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtChk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\io43mvuiw4kj]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{EE-E6-64-4B-ZN}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2A9795-B130-4622-B036-BDCAD28602DC}]
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.





    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2007-11-27, 19:30 #13
    jcflyguy
    jcflyguy is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default Logs

    Thank you again for your time. Here are the logs.

    ComboFix 07-11-19.3 - Corey 2007-11-27 13:17:24.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.92 [GMT -5:00]
    Running from: C:\Documents and Settings\Corey\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Corey\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\Documents and Settings\Jared\Local Settings\Temp\T0CHD001.exe
    C:\Program Files\installer.js
    C:\WINDOWS\io43mvuiw4kj.exe
    C:\WINDOWS\system32\artchker.exe
    C:\WINDOWS\TEMP\4T7DCm0H.exe
    C:\WINDOWS\winshow.exe
    C:\WINDOWS\wvtusp.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Cool
    C:\Program Files\Cool\Cool.dll
    C:\Program Files\Cool\Cool.dll.intermediate.manifest
    C:\Program Files\Cool\cool.exe
    C:\Program Files\Cool\cool.info
    C:\Program Files\Cool\cool.original
    C:\Program Files\Cool\info.dll
    C:\Program Files\Cool\un_CoolSetup_15849.exe
    C:\Program Files\Cool\un_CoolSetup_15849.txt
    C:\Program Files\Cool\X_Cool.dll
    C:\Program Files\Cool\X_cool.exe
    C:\Program Files\Cool\X_cool.log
    C:\Program Files\installer.js
    C:\WINDOWS\dXNlcg
    C:\WINDOWS\dXNlcg\xrh5w0.vbs

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
    .

    2007-11-27 01:02 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-11-27 01:01 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-11-27 01:01 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
    2007-11-27 00:55 <DIR> d-------- C:\Program Files\CCleaner
    2007-11-26 20:09 <DIR> d-------- C:\VundoFix Backups
    2007-11-26 13:08 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-25 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-25 20:19 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\HPAppData
    2007-11-25 17:22 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-25 13:28 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Talkback
    2007-11-24 00:28 <DIR> d-------- C:\Program Files\GiPo@Utilities
    2007-11-24 00:28 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
    2007-11-23 22:15 <DIR> d-------- C:\Documents and Settings\Corey\.housecall6.6
    2007-11-23 13:36 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-11-20 06:37 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2007-11-20 06:37 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2007-11-20 06:37 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2007-11-20 06:37 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2007-11-20 06:37 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2007-11-20 06:36 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
    2007-11-20 06:36 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
    2007-11-19 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2007-11-17 13:16 <DIR> d-------- C:\Program Files\EA Games
    2007-11-04 15:59 <DIR> d-------- C:\Program Files\Google
    2007-11-03 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
    2007-11-03 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2007-11-03 17:37 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-11-03 17:36 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
    2007-11-03 17:31 <DIR> d-------- C:\Documents and Settings\Corey\Application Data\HPAppData
    2007-11-03 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
    2007-11-03 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2007-11-03 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
    2007-11-03 17:27 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-11-03 17:27 <DIR> d-------- C:\Program Files\Common Files\HP
    2007-11-03 17:26 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-11-03 17:24 <DIR> d-------- C:\Program Files\HP
    2007-11-03 17:23 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-11-03 17:23 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-11-03 17:21 141,199 --a------ C:\WINDOWS\hpoins14.dat
    2007-11-03 17:21 2,000 --------- C:\WINDOWS\hpomdl14.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-27 18:14 --------- d-----w C:\Program Files\mIRC
    2007-11-27 06:02 --------- d-----w C:\Program Files\Java
    2007-11-27 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-27 05:42 --------- d-----w C:\Program Files\Viewpoint
    2007-11-24 03:15 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-11-18 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-17 19:33 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-17 18:14 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-11-11 16:41 --------- d-----w C:\Program Files\Warcraft III
    2007-10-16 17:03 --------- d-----w C:\Documents and Settings\Corey\Application Data\fltk.org
    2007-10-04 01:33 1,099,693 --sh--w C:\WINDOWS\psutvw.ini2
    2007-09-30 19:41 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-27 03:42 --------- d-----w C:\Program Files\Jnes 0.6
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-24_ 1.57.19.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\11-27-2007\ERDNT.EXE
    + 2007-11-27 18:16:14 2,719,744 ----a-w C:\WINDOWS\erdnt\11-27-2007\Users\00000001\ntuser.dat
    + 2007-11-27 18:16:14 147,456 ----a-w C:\WINDOWS\erdnt\11-27-2007\Users\00000002\UsrClass.dat
    + 2007-11-23 18:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-26 18:09:02 2,703,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2007-11-26 18:09:02 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-23 18:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-26 18:08:54 2,703,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2007-11-26 18:08:54 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2007-03-14 04:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-03-14 04:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-03-14 06:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-11-27 18:22:26 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_668.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 21:50]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 14:10]
    "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 23:26]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    C:\Documents and Settings\user\Start Menu\Programs\Startup\
    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 03:00:00]
    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 03:00:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jared^Start Menu^Programs^Startup^Cool - Auto Update.lnk]
    path=C:\Documents and Settings\Jared\Start Menu\Programs\Startup\Cool - Auto Update.lnk
    backup=C:\WINDOWS\pss\Cool - Auto Update.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jared^Start Menu^Programs^Startup^TA_Start.lnk]
    path=C:\Documents and Settings\Jared\Start Menu\Programs\Startup\TA_Start.lnk
    backup=C:\WINDOWS\pss\TA_Start.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    C:\Program Files\Free Download Manager\fdm.exe -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Spooler"=2 (0x2)

    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
    S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt hpqcxs08 hpqddsvc

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-22 19:09:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-27 13:23:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-27 13:27:18 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-27 00:54
    C:\ComboFix3.txt ... 2007-11-26 20:07
    .
    --- E O F ---



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:30:05 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f502.mail.yahoo.com/ym/log...=b601a0ngo0jjt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6994 bytes
  4. 2007-11-28, 00:34 #14
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Have not forgot you, be back in a bit. Your log looks fine, just a couple of entries in Combofix I am looking into.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2007-11-28, 03:20 #15
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Again,

    Go to My Computer> C:\ Drive> Documents and Settings> Jared>Start Menu>Programs>Startup> ( and delete anything related to Cool )


    Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

    File::
    C:\WINDOWS\psutvw.ini2
    C:\WINDOWS\mrofinu572.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  6. 2007-11-28, 03:42 #16
    jcflyguy
    jcflyguy is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default

    Thank you again. There was nothing in the C:\Documents and Settings\Jared\Start Menu\Programs folder. Here are the logs.

    ComboFix 07-11-19.3 - Corey 2007-11-27 21:32:53.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.84 [GMT -5:00]
    Running from: C:\Documents and Settings\Corey\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Corey\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\psutvw.ini2
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\psutvw.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
    .

    2007-11-27 01:02 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-11-27 01:01 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-11-27 01:01 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
    2007-11-27 00:55 <DIR> d-------- C:\Program Files\CCleaner
    2007-11-26 20:09 <DIR> d-------- C:\VundoFix Backups
    2007-11-26 13:08 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-25 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-25 20:19 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\HPAppData
    2007-11-25 17:22 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-25 13:28 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Talkback
    2007-11-24 00:28 <DIR> d-------- C:\Program Files\GiPo@Utilities
    2007-11-24 00:28 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
    2007-11-23 22:15 <DIR> d-------- C:\Documents and Settings\Corey\.housecall6.6
    2007-11-23 13:36 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-11-20 06:37 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2007-11-20 06:37 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2007-11-20 06:37 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2007-11-20 06:37 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2007-11-20 06:37 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2007-11-20 06:36 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
    2007-11-20 06:36 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
    2007-11-19 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2007-11-17 13:16 <DIR> d-------- C:\Program Files\EA Games
    2007-11-04 15:59 <DIR> d-------- C:\Program Files\Google
    2007-11-03 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
    2007-11-03 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2007-11-03 17:37 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-11-03 17:36 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
    2007-11-03 17:31 <DIR> d-------- C:\Documents and Settings\Corey\Application Data\HPAppData
    2007-11-03 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
    2007-11-03 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2007-11-03 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
    2007-11-03 17:27 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-11-03 17:27 <DIR> d-------- C:\Program Files\Common Files\HP
    2007-11-03 17:26 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-11-03 17:24 <DIR> d-------- C:\Program Files\HP
    2007-11-03 17:23 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-11-03 17:23 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-11-03 17:21 141,199 --a------ C:\WINDOWS\hpoins14.dat
    2007-11-03 17:21 2,000 --------- C:\WINDOWS\hpomdl14.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-28 02:27 --------- d-----w C:\Program Files\mIRC
    2007-11-27 06:02 --------- d-----w C:\Program Files\Java
    2007-11-27 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-27 05:42 --------- d-----w C:\Program Files\Viewpoint
    2007-11-24 03:15 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-11-18 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-17 19:33 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-17 18:14 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-11-11 16:41 --------- d-----w C:\Program Files\Warcraft III
    2007-10-16 17:03 --------- d-----w C:\Documents and Settings\Corey\Application Data\fltk.org
    2007-10-12 17:20 45,056 ----a-w C:\WINDOWS\system32\katzpdrbp.exe
    2007-10-12 17:20 44,922 ----a-w C:\WINDOWS\system32\IKatzuUninstall.exe
    2007-10-12 17:20 421,888 ----a-w C:\WINDOWS\system32\bkinpqrh.dll
    2007-10-12 17:20 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2007-09-30 19:41 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-24_ 1.57.19.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\11-27-2007\ERDNT.EXE
    + 2007-11-27 18:16:14 2,719,744 ----a-w C:\WINDOWS\erdnt\11-27-2007\Users\00000001\ntuser.dat
    + 2007-11-27 18:16:14 147,456 ----a-w C:\WINDOWS\erdnt\11-27-2007\Users\00000002\UsrClass.dat
    + 2007-11-23 18:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-26 18:09:02 2,703,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2007-11-26 18:09:02 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-23 18:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-26 18:08:54 2,703,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2007-11-26 18:08:54 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2007-03-14 04:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-03-14 04:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-03-14 06:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-11-27 18:22:26 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_668.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 21:50]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 14:10]
    "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 23:26]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    C:\Documents and Settings\user\Start Menu\Programs\Startup\
    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 03:00:00]
    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 03:00:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jared^Start Menu^Programs^Startup^Cool - Auto Update.lnk]
    path=C:\Documents and Settings\Jared\Start Menu\Programs\Startup\Cool - Auto Update.lnk
    backup=C:\WINDOWS\pss\Cool - Auto Update.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jared^Start Menu^Programs^Startup^TA_Start.lnk]
    path=C:\Documents and Settings\Jared\Start Menu\Programs\Startup\TA_Start.lnk
    backup=C:\WINDOWS\pss\TA_Start.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    C:\Program Files\Free Download Manager\fdm.exe -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Spooler"=2 (0x2)

    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
    S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt hpqcxs08 hpqddsvc

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-22 19:09:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-27 21:36:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-27 21:37:06
    C:\ComboFix2.txt ... 2007-11-27 13:27
    C:\ComboFix3.txt ... 2007-11-27 00:54
    .
    --- E O F ---



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:39:54 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f502.mail.yahoo.com/ym/log...=b601a0ngo0jjt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6916 bytes
  7. 2007-11-28, 03:59 #17
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Things are looking good How is everything running now???
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  8. 2007-11-28, 05:45 #18
    jcflyguy
    jcflyguy is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default Thank you

    Things are running perfectly. Thank you for all the help you've given me.
  9. 2007-11-28, 10:37 #19
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    That's Great


    I am providing links and free tools to install to help keep you more secure. Keep in mind as you go through the list that only ONE Anti Virus and Firewall are recommended, more is overkill and can cause problems.
    You want to flush out your System Restore because all the garbage we just removed is backed up in there.

    System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

    Turn off System Restore.

    • Right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.



    Reboot your computer


    Turn ON System Restore.

    • Right-click My Computer.
    • ClickProperties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.



    Create a new Restore Point <-- Very Important

    • Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
      You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point

    System Restore Tutorial <-- If you need it




    Malware Complaints
    Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.




    Here are some free programs to install, these are must haves to help keep you secure
    • Spybot Search and Destroy 1.5
      Check for Updates/ Immunize and run a Full System Scan on a regular basis.
    • Spyware Blaster It will prevent most spyware from ever being installed.
    • Spyware Guard It offers realtime protection from spyware installation attempts.
    • Win Patrol This program will warn you when any changes are being made to your system and give
      you the option to deny the change.
    • IE-Spyad
      IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
      (cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
      painless download and install, it will no way interfere with IE, you can use them both.
    • Zone Alarm Here is a free Firewall from Zone Labs, I
      wouldn't access the internet without it.



    Glad we could help

    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules