View Full Version : integrity threats detected virus - please help
jordynorris
2007-09-29, 07:12
I have been hit with the virus "integrity threats detected virus". I have tried virus removal softwares. Below is my hijack this log. Please help!!!
Logfile of HijackThis v1.99.1
Scan saved at 10:05:02 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SCSoft\scsft2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\jordan\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - C:\WINDOWS\system32\avsjc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37E218AA-8664-8AB8-4800-D558100DF194} - C:\WINDOWS\system32\lvjsao.dll (file missing)
O2 - BHO: (no name) - {3CE542FB-D561-DCE9-1B00-D558100DA593} - C:\WINDOWS\system32\gqg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EC1A310-638E-6855-A73B-66E33B9CA8C2} - C:\WINDOWS\system32\glvr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E5E3775-A5B5-AD3C-983D-F6BAAE461196} - C:\WINDOWS\system32\hhhxru.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {974B2718-EFD4-E006-F9AE-BFDEB8C604C3} - C:\WINDOWS\system32\cnrofde.dll (file missing)
O2 - BHO: (no name) - {A135946A-52AC-0628-DD3C-56909CA43F94} - C:\WINDOWS\system32\hhrktnja.dll (file missing)
O2 - BHO: (no name) - {A13DC56B-5AAB-5C2E-DD3C-56909CA43BCE} - C:\WINDOWS\system32\yognpgum.dll (file missing)
O2 - BHO: (no name) - {A469903C-06AF-5D7F-D33C-56909CA439C7} - C:\WINDOWS\system32\tlqsiv.dll (file missing)
O2 - BHO: (no name) - {A56FC63D-5BAB-5D2E-8E3C-56909CA43993} - C:\WINDOWS\system32\rnf.dll (file missing)
O2 - BHO: (no name) - {A835903E-07A9-5C7E-DB3C-56909CA43FC1} - C:\WINDOWS\system32\tuugck.dll (file missing)
O2 - BHO: (no name) - {A938CE66-5AA5-0F2F-DD3C-56909CA43FC1} - C:\WINDOWS\system32\dvp.dll (file missing)
O2 - BHO: (no name) - {AEA8F6F2-3734-3ABD-1940-31C6593E61C2} - C:\WINDOWS\system32\fwg.dll (file missing)
O2 - BHO: (no name) - {C5477B1C-B98E-B45D-A0AE-BFDEB8C604C8} - C:\WINDOWS\system32\xle.dll (file missing)
O2 - BHO: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - C:\WINDOWS\system32\avsjc.dll (file missing)
O2 - BHO: (no name) - {DE04357D-F4E5-F836-CF3D-F6BAAE461196} - C:\WINDOWS\system32\dqm.dll (file missing)
O2 - BHO: (no name) - {e1df3eb0-1dd1-11b2-89cb-cf5379a411fb} - C:\WINDOWS\kxsjmlqh.dll
O2 - BHO: (no name) - {F33F906B-04A9-5D78-883C-56909CA43B92} - C:\WINDOWS\system32\vfshutdi.dll (file missing)
O2 - BHO: (no name) - {F36F973C-06AE-5C7C-DB3C-56909CA439C7} - C:\WINDOWS\system32\pqddtcro.dll (file missing)
O2 - BHO: (no name) - {F568956E-04A5-0E78-D93C-56909CA43BCE} - C:\WINDOWS\system32\twmruz.dll (file missing)
O2 - BHO: (no name) - {F56C946D-5BFC-582F-DF3C-56909CA43BCE} - C:\WINDOWS\system32\oqec.dll (file missing)
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [mzexmbed] rundll32.exe "C:\Program Files\mzexmbed\czstsnon.dll",Init
O4 - HKLM\..\Run: [ovsdqvab] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ovsdqvab.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SCSoft\scsft2.exe
O4 - HKCU\..\Run: [Srda] "C:\PROGRA~1\COMMON~1\SCURIT~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Dchd] C:\Documents and Settings\jordan\My Documents\?icrosoft.NET\w?aclt.exe
O4 - HKCU\..\Run: [Npforej] C:\Program Files\Common Files\a?sembly\?vchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tcai] "C:\WINDOWS\ICROSO~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcewwqo] C:\WINDOWS\?icrosoft.NET\w?nlogon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169519473937
O17 - HKLM\System\CCS\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70F818-8219-44E9-B40C-12E3833C343B}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF94683A-6815-44CB-9194-D3DBB65153F9}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hello and welcome to Safer Networking Forums
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
Since I am still in training, I have to let experts check the content of my fixes before I post them so please be patient.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
I will be back as soon as possible with your first instructions!
Step # 1: Move Hijackthis
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to your 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
Step # 2: Download and Run ComboFix
Download this file from either of the two below listed places :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Step # 3: Download and Run FixWareout
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Step # 4: Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O17 - HKLM\System\CCS\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70F818-8219-44E9-B40C-12E3833C343B}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF94683A-6815-44CB-9194-D3DBB65153F9}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Now lets check some settings on your system.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.
Post the contents of the logfile C:\fixwareout\report.txt
Step # 5: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Step # 6 Post Logs
In your next post/reply, I'd like to see the following:
1. ComboFix Log (Combofix.txt)
2. FixWareOut Report (C:\fixwareout\report.txt)
3. A fresh HiJackThis Log
4. Uninstall List
If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
jordynorris
2007-09-30, 08:35
Username "jordan" - 09/29/2007 23:14:01 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.69 85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1063F7C7-6504-4BF0-A710-6B7B501D5B34}
"nameserver"="85.255.114.69,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4C70F818-8219-44E9-B40C-12E3833C343B}
"nameserver"="85.255.114.69,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DF94683A-6815-44CB-9194-D3DBB65153F9}
"nameserver"="85.255.114.69,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4C70F818-8219-44E9-B40C-12E3833C343B}
"DhcpNameServer"="85.255.114.69,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{845FC292-D476-4745-9074-4FC07EA7A05C}
"DhcpNameServer"="85.255.114.69,85.255.112.167" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "vpxsc" Value deleted
HKCR\CLSID\{2D8E50C3-F72D-4865-84B7-506E51E1132E}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"TPSMain"="TPSMain.exe"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"ACU"="\"C:\\Program Files\\Atheros\\ACU.exe\" -nogui"
"ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DXDllRegExe"="dxdllreg.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"T-Mobile Connection Manager"="\"C:\\Program Files\\T-Mobile\\Connection Manager\\TMobileCM.exe\" -a"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srda"="\"C:\\PROGRA~1\\COMMON~1\\SCURIT~1\\mmc.exe\" -vt ndrv"
"Dchd"="C:\\Documents and Settings\\jordan\\My Documents\\?icrosoft.NET\\w?aclt.exe"
"Npforej"="C:\\Program Files\\Common Files\\a?sembly\\?vchost.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Tcai"="\"C:\\WINDOWS\\ICROSO~1\\cmd.exe\" -vt ndrv"
"Pcewwqo"="C:\\WINDOWS\\?icrosoft.NET\\w?nlogon.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
ComboFix 07-09-21.2 - "jordan" 2007-09-29 23:03:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.101 [GMT 7:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\ovsdqvab.dll
C:\DOCUME~1\jordan\APPLIC~1\ASKS~1
C:\DOCUME~1\jordan\MYDOCU~1\CROSOF~1
C:\DOCUME~1\jordan\MYDOCU~1\ICROSO~1.NET
C:\DOCUME~1\jordan\MYDOCU~1\MBOLS~1
C:\DOCUME~1\jordan\MYDOCU~1\PPATCH~1
C:\DOCUME~1\jordan\MYDOCU~1\RACLE~1
C:\DOCUME~1\jordan\MYDOCU~1\SMBOLS~1
C:\DOCUME~1\jordan\MYDOCU~1\YMANTE~1
C:\Program Files\dobe~1
C:\WINDOWS\system32\enfcsblf
C:\WINDOWS\system32\enfcsblf\bg1.gif
C:\WINDOWS\system32\enfcsblf\bgtop.gif
C:\WINDOWS\system32\enfcsblf\bottom1.gif
C:\WINDOWS\system32\enfcsblf\enfcsblf1.exe
C:\WINDOWS\system32\enfcsblf\enfcsblf2.exe
C:\WINDOWS\system32\enfcsblf\enfcsblf3.exe
C:\WINDOWS\system32\enfcsblf\essentials.gif
C:\WINDOWS\system32\enfcsblf\icon1.ico
C:\WINDOWS\system32\enfcsblf\install1.gif
C:\WINDOWS\system32\enfcsblf\left1.gif
C:\WINDOWS\system32\enfcsblf\li.gif
C:\WINDOWS\system32\enfcsblf\logo.gif
C:\WINDOWS\system32\enfcsblf\main.htm
C:\WINDOWS\system32\enfcsblf\mainframe.htm
C:\WINDOWS\system32\enfcsblf\reinstall1.gif
C:\WINDOWS\system32\enfcsblf\right1.gif
C:\WINDOWS\system32\enfcsblf\s1.htm
C:\WINDOWS\system32\enfcsblf\s2.htm
C:\WINDOWS\system32\enfcsblf\s3.htm
C:\WINDOWS\system32\enfcsblf\SMTop1.gif
C:\WINDOWS\system32\enfcsblf\SMTop2.gif
C:\WINDOWS\system32\enfcsblf\SMTop3.gif
C:\WINDOWS\system32\enfcsblf\SMTop4.gif
C:\WINDOWS\system32\enfcsblf\soft1_off.gif
C:\WINDOWS\system32\enfcsblf\soft1_off_ext.gif
C:\WINDOWS\system32\enfcsblf\soft1_on.gif
C:\WINDOWS\system32\enfcsblf\soft1_on_ext.gif
C:\WINDOWS\system32\enfcsblf\soft2_off.gif
C:\WINDOWS\system32\enfcsblf\soft2_off_ext.gif
C:\WINDOWS\system32\enfcsblf\soft2_on.gif
C:\WINDOWS\system32\enfcsblf\soft2_on_ext.gif
C:\WINDOWS\system32\enfcsblf\soft3_off.gif
C:\WINDOWS\system32\enfcsblf\soft3_off_ext.gif
C:\WINDOWS\system32\enfcsblf\soft3_on.gif
C:\WINDOWS\system32\enfcsblf\soft3_on_ext.gif
C:\WINDOWS\system32\enfcsblf\softbottom_off.gif
C:\WINDOWS\system32\enfcsblf\softbottom_on.gif
C:\WINDOWS\system32\enfcsblf\softleft_off.gif
C:\WINDOWS\system32\enfcsblf\softleft_on.gif
C:\WINDOWS\system32\enfcsblf\top1.gif
C:\WINDOWS\system32\enfcsblf\top2.gif
C:\WINDOWS\system32\enfcsblf\turnoff1.gif
C:\WINDOWS\system32\enfcsblf\turnon1.gif
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.
2007-09-29 23:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 19:37 98,304 --a------ C:\WINDOWS\kxsjmlqh.dll
2007-09-28 19:37 <DIR> d-------- C:\Program Files\SCSoft
2007-09-28 19:37 <DIR> d-------- C:\Program Files\mzexmbed
2007-09-26 22:07 1,409 --a------ C:\WINDOWS\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 13:08 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\Skype
2007-09-23 17:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-23 11:40 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\uTorrent
2007-08-19 13:48 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\DBUpdater
2007-08-19 13:40 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\T-Mobile
2007-08-19 13:39 --------- d-------- C:\Program Files\T-Mobile
2007-08-19 13:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\T-Mobile
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2005-06-03 19:49 9600 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TPwSav.sys
2005-06-03 19:32 28672 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\EBLib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E218AA-8664-8AB8-4800-D558100DF194}]
C:\WINDOWS\system32\lvjsao.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CE542FB-D561-DCE9-1B00-D558100DA593}]
C:\WINDOWS\system32\gqg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EC1A310-638E-6855-A73B-66E33B9CA8C2}]
C:\WINDOWS\system32\glvr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E3775-A5B5-AD3C-983D-F6BAAE461196}]
C:\WINDOWS\system32\hhhxru.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{974B2718-EFD4-E006-F9AE-BFDEB8C604C3}]
C:\WINDOWS\system32\cnrofde.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A135946A-52AC-0628-DD3C-56909CA43F94}]
C:\WINDOWS\system32\hhrktnja.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A13DC56B-5AAB-5C2E-DD3C-56909CA43BCE}]
C:\WINDOWS\system32\yognpgum.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A469903C-06AF-5D7F-D33C-56909CA439C7}]
C:\WINDOWS\system32\tlqsiv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56FC63D-5BAB-5D2E-8E3C-56909CA43993}]
C:\WINDOWS\system32\rnf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A835903E-07A9-5C7E-DB3C-56909CA43FC1}]
C:\WINDOWS\system32\tuugck.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A938CE66-5AA5-0F2F-DD3C-56909CA43FC1}]
C:\WINDOWS\system32\dvp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEA8F6F2-3734-3ABD-1940-31C6593E61C2}]
C:\WINDOWS\system32\fwg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5477B1C-B98E-B45D-A0AE-BFDEB8C604C8}]
C:\WINDOWS\system32\xle.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D76425B1-B07D-B8A3-0054-E01BC47044CE}]
C:\WINDOWS\system32\avsjc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE04357D-F4E5-F836-CF3D-F6BAAE461196}]
C:\WINDOWS\system32\dqm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e1df3eb0-1dd1-11b2-89cb-cf5379a411fb}]
2007-09-28 19:37 98304 --a------ C:\WINDOWS\kxsjmlqh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F33F906B-04A9-5D78-883C-56909CA43B92}]
C:\WINDOWS\system32\vfshutdi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F36F973C-06AE-5C7C-DB3C-56909CA439C7}]
C:\WINDOWS\system32\pqddtcro.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F568956E-04A5-0E78-D93C-56909CA43BCE}]
C:\WINDOWS\system32\twmruz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F56C946D-5BFC-582F-DF3C-56909CA43BCE}]
C:\WINDOWS\system32\oqec.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 08:16]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-21 23:10 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"TPSMain"="TPSMain.exe" [2005-05-31 17:16 C:\WINDOWS\system32\TPSMain.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 21:40]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-03-28 14:28]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 18:50]
"DXDllRegExe"="dxdllreg.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"T-Mobile Connection Manager"="C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" [2007-05-25 13:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srda"="C:\PROGRA~1\COMMON~1\SCURIT~1\mmc.exe" []
"Dchd"="C:\Documents and Settings\jordan\My Documents\?icrosoft.NET\w?aclt.exe" []
"Npforej"="C:\Program Files\Common Files\a?sembly\?vchost.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Tcai"="C:\WINDOWS\ICROSO~1\cmd.exe" []
"Pcewwqo"="C:\WINDOWS\?icrosoft.NET\w?nlogon.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:07]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
C:\DOCUME~1\jordan\STARTM~1\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-21 00:57:16]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-03 01:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-09 06:44:07 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1176100811.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 23:07:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-09-29 23:10:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 23:09
C:\ComboFix2.txt ... 2007-04-12 10:01
.
--- E O F ---
jordynorris
2007-09-30, 08:36
µTorrent
ACDSee 5.0 Standard
Ad-Aware SE Personal
Adobe Flash Player 9
Adobe Reader 8.1.0
Adobe Shockwave Player
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
CD/DVD Drive Acoustic Silencer
DVD-RAM Driver
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
iTunes
J2SE Runtime Environment 5.0 Update 6
McAfee VirusScan Enterprise
MediaMonkey 2.5
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Premium
Nero Sipps
PodUtil 3.0.3
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Shockwave
Skype 3.2
Spybot - Search & Destroy 1.4
T-Mobile Connection Manager
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
XviD 1.1 final uninstall
Yahoo! Widgets
Logfile of HijackThis v1.99.1
Scan saved at 11:36:03 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\jordan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - C:\WINDOWS\system32\avsjc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37E218AA-8664-8AB8-4800-D558100DF194} - C:\WINDOWS\system32\lvjsao.dll (file missing)
O2 - BHO: (no name) - {3CE542FB-D561-DCE9-1B00-D558100DA593} - C:\WINDOWS\system32\gqg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EC1A310-638E-6855-A73B-66E33B9CA8C2} - C:\WINDOWS\system32\glvr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E5E3775-A5B5-AD3C-983D-F6BAAE461196} - C:\WINDOWS\system32\hhhxru.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {974B2718-EFD4-E006-F9AE-BFDEB8C604C3} - C:\WINDOWS\system32\cnrofde.dll (file missing)
O2 - BHO: (no name) - {A135946A-52AC-0628-DD3C-56909CA43F94} - C:\WINDOWS\system32\hhrktnja.dll (file missing)
O2 - BHO: (no name) - {A13DC56B-5AAB-5C2E-DD3C-56909CA43BCE} - C:\WINDOWS\system32\yognpgum.dll (file missing)
O2 - BHO: (no name) - {A469903C-06AF-5D7F-D33C-56909CA439C7} - C:\WINDOWS\system32\tlqsiv.dll (file missing)
O2 - BHO: (no name) - {A56FC63D-5BAB-5D2E-8E3C-56909CA43993} - C:\WINDOWS\system32\rnf.dll (file missing)
O2 - BHO: (no name) - {A835903E-07A9-5C7E-DB3C-56909CA43FC1} - C:\WINDOWS\system32\tuugck.dll (file missing)
O2 - BHO: (no name) - {A938CE66-5AA5-0F2F-DD3C-56909CA43FC1} - C:\WINDOWS\system32\dvp.dll (file missing)
O2 - BHO: (no name) - {AEA8F6F2-3734-3ABD-1940-31C6593E61C2} - C:\WINDOWS\system32\fwg.dll (file missing)
O2 - BHO: (no name) - {C5477B1C-B98E-B45D-A0AE-BFDEB8C604C8} - C:\WINDOWS\system32\xle.dll (file missing)
O2 - BHO: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - C:\WINDOWS\system32\avsjc.dll (file missing)
O2 - BHO: (no name) - {DE04357D-F4E5-F836-CF3D-F6BAAE461196} - C:\WINDOWS\system32\dqm.dll (file missing)
O2 - BHO: (no name) - {e1df3eb0-1dd1-11b2-89cb-cf5379a411fb} - C:\WINDOWS\kxsjmlqh.dll
O2 - BHO: (no name) - {F33F906B-04A9-5D78-883C-56909CA43B92} - C:\WINDOWS\system32\vfshutdi.dll (file missing)
O2 - BHO: (no name) - {F36F973C-06AE-5C7C-DB3C-56909CA439C7} - C:\WINDOWS\system32\pqddtcro.dll (file missing)
O2 - BHO: (no name) - {F568956E-04A5-0E78-D93C-56909CA43BCE} - C:\WINDOWS\system32\twmruz.dll (file missing)
O2 - BHO: (no name) - {F56C946D-5BFC-582F-DF3C-56909CA43BCE} - C:\WINDOWS\system32\oqec.dll (file missing)
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKCU\..\Run: [Srda] "C:\PROGRA~1\COMMON~1\SCURIT~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Dchd] C:\Documents and Settings\jordan\My Documents\?icrosoft.NET\w?aclt.exe
O4 - HKCU\..\Run: [Npforej] C:\Program Files\Common Files\a?sembly\?vchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tcai] "C:\WINDOWS\ICROSO~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcewwqo] C:\WINDOWS\?icrosoft.NET\w?nlogon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169519473937
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
µTorrent
I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.
Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\kxsjmlqh.dll
C:\WINDOWS\system32\lvjsao.dll
C:\WINDOWS\system32\gqg.dll
C:\WINDOWS\system32\glvr.dll
C:\WINDOWS\system32\hhhxru.dll
C:\WINDOWS\system32\cnrofde.dll
C:\WINDOWS\system32\hhrktnja.dll
C:\WINDOWS\system32\yognpgum.dll
C:\WINDOWS\system32\tlqsiv.dll
C:\WINDOWS\system32\rnf.dll
C:\WINDOWS\system32\tuugck.dll
C:\WINDOWS\system32\dvp.dll
C:\WINDOWS\system32\fwg.dll
C:\WINDOWS\system32\xle.dll
C:\WINDOWS\system32\avsjc.dll
C:\WINDOWS\system32\dqm.dll
C:\WINDOWS\system32\vfshutdi.dll
C:\WINDOWS\system32\pqddtcro.dll
C:\WINDOWS\system32\twmruz.dll
C:\WINDOWS\system32\oqec.dll
Folder::
C:\Program Files\mzexmbed
C:\PROGRA~1\COMMON~1\SCURIT~1
C:\Program Files\Common Files\a?sembly
C:\Documents and Settings\jordan\My Documents\?icrosoft.NET
C:\WINDOWS\ICROSO~1
C:\WINDOWS\?icrosoft.NET
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E218AA-8664-8AB8-4800-D558100DF194}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CE542FB-D561-DCE9-1B00-D558100DA593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EC1A310-638E-6855-A73B-66E33B9CA8C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E3775-A5B5-AD3C-983D-F6BAAE461196}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{974B2718-EFD4-E006-F9AE-BFDEB8C604C3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A135946A-52AC-0628-DD3C-56909CA43F94}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A13DC56B-5AAB-5C2E-DD3C-56909CA43BCE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A469903C-06AF-5D7F-D33C-56909CA439C7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56FC63D-5BAB-5D2E-8E3C-56909CA43993}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A835903E-07A9-5C7E-DB3C-56909CA43FC1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A938CE66-5AA5-0F2F-DD3C-56909CA43FC1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEA8F6F2-3734-3ABD-1940-31C6593E61C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5477B1C-B98E-B45D-A0AE-BFDEB8C604C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D76425B1-B07D-B8A3-0054-E01BC47044CE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE04357D-F4E5-F836-CF3D-F6BAAE461196}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e1df3eb0-1dd1-11b2-89cb-cf5379a411fb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F33F906B-04A9-5D78-883C-56909CA43B92}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F36F973C-06AE-5C7C-DB3C-56909CA439C7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F568956E-04A5-0E78-D93C-56909CA43BCE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F56C946D-5BFC-582F-DF3C-56909CA43BCE}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srda"=-
"Dchd"=-
"Npforej"=-
"Tcai"=-
"Pcewwqo"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Step # 2 Post Logs
In your next post/reply, I'd like to see the following:
1. ComboFix Log (ComboFix.txt)
2. A fresh HijackThis Log
If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
jordynorris
2007-10-02, 05:36
ComboFix 07-09-21.2 - "jordan" 2007-10-01 20:21:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.161 [GMT 7:00]
Command switches used :: C:\Documents and Settings\jordan\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\kxsjmlqh.dll
C:\WINDOWS\system32\lvjsao.dll
C:\WINDOWS\system32\gqg.dll
C:\WINDOWS\system32\glvr.dll
C:\WINDOWS\system32\hhhxru.dll
C:\WINDOWS\system32\cnrofde.dll
C:\WINDOWS\system32\hhrktnja.dll
C:\WINDOWS\system32\yognpgum.dll
C:\WINDOWS\system32\tlqsiv.dll
C:\WINDOWS\system32\rnf.dll
C:\WINDOWS\system32\tuugck.dll
C:\WINDOWS\system32\dvp.dll
C:\WINDOWS\system32\fwg.dll
C:\WINDOWS\system32\xle.dll
C:\WINDOWS\system32\avsjc.dll
C:\WINDOWS\system32\dqm.dll
C:\WINDOWS\system32\vfshutdi.dll
C:\WINDOWS\system32\pqddtcro.dll
C:\WINDOWS\system32\twmruz.dll
C:\WINDOWS\system32\oqec.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\mzexmbed
C:\Program Files\mzexmbed\czstsnon.dll
C:\WINDOWS\kxsjmlqh.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-01 to 2007-10-01 )))))))))))))))))))))))))))))))
.
2007-09-29 23:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 19:37 <DIR> d-------- C:\Program Files\SCSoft
2007-09-26 22:07 1,409 --a------ C:\WINDOWS\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 13:08 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\Skype
2007-09-23 17:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-23 11:40 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\uTorrent
2007-08-19 13:48 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\DBUpdater
2007-08-19 13:40 --------- d-------- C:\DOCUME~1\jordan\APPLIC~1\T-Mobile
2007-08-19 13:39 --------- d-------- C:\Program Files\T-Mobile
2007-08-19 13:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\T-Mobile
2005-06-03 19:49 9600 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TPwSav.sys
2005-06-03 19:32 28672 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\EBLib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 08:16]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-21 23:10 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"TPSMain"="TPSMain.exe" [2005-05-31 17:16 C:\WINDOWS\system32\TPSMain.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 21:40]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-03-28 14:28]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 18:50]
"DXDllRegExe"="dxdllreg.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"T-Mobile Connection Manager"="C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" [2007-05-25 13:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:07]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
C:\DOCUME~1\jordan\STARTM~1\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-21 00:57:16]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-03 01:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-09 06:44:07 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1176100811.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 20:25:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-01 20:28:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-01 20:27
C:\ComboFix2.txt ... 2007-09-29 23:10
C:\ComboFix3.txt ... 2007-04-12 10:01
.
--- E O F ---
jordynorris
2007-10-02, 05:37
Logfile of HijackThis v1.99.1
Scan saved at 8:35:07 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jordan\Desktop\New Folder\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169519473937
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Step # 1 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u2 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 2 Run AVG Anti-Spyware
Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.
It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (http://downloads.ewido.net/avgas-signatures-full-current.exe) (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
Click the Shield icon at the top and under Resident shield is... click active. This should now
change to inactive.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? - make sure that Quarantine is selected.
Under How to scan? - All checkboxes should be ticked.
Under Possibly unwanted software - All checkboxes should be ticked.
Under Reports - Select Do not automatically generate reports.
Under What to scan? - Select Scan every file.
Close all open windows.
Do not run a scan yet.
Step # 3: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step # 4: Remove Hijackthis Entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R3 - URLSearchHook: (no name) - {D76425B1-B07D-B8A3-0054-E01BC47044CE} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 5 Run AVG Anti-Spyware
Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
Make sure that Set all elements to: shows Quarantine
Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
When the program has finished, it will display the message All actions have been applied.
Then click the Save Scan Report button.
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.
Reboot your computer.
Now copy the report back to this topic.
Step # 6 Post Logs
In your next post/reply, I'd like to see the following:
1. AVG AntiSpyware Report (located on your desktop)
2. A fresh HijackThis Log
If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
Jordynorris?
Do you still need help? If any of my instructions are unclear, please let me know.
jordynorris,
Due to lack of a response to your helper, this topic has been archived.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you km2357