View Full Version : ZEDO & core.cache.dsk HELP!
Irishgemini
2008-03-12, 04:45
Man, when did this come out?
I thought i got rid of it, I had deleted the core.cache.dsk file, and yep it came back again!
I am getting these freaking full windows ads every 1 minute or so.... Ughhhh!
here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:18 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fatherssupportingfathers.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {325745DE-15A7-1C50-2632-0A54B7FB2C46} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZNxpt343YYUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.com/s/v/24.16/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.scribd.com/ImageUploader4.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - http://bobvila.view22.com/view22/View22RTE.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8919 bytes
Hello Irishgemini
Welcome to Safer Networking.
Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Before you proceed , you need to shut down all these programs as they will prevent fixes from taking.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
C:\Program Files\Lavasoft\Ad-aware 6
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Spybot - Search & Destroy
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll (file missing)
O2 - BHO: (no name) - {325745DE-15A7-1C50-2632-0A54B7FB2C46} - (no file)
Download the HostsXpert 4.2.0.0. - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).
Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
1. Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze
2. If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
You did not post the HJT log properly, do it this way.
Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
I need to see the Malwarebytes log, the Combofix log and a New HJT log please
Irishgemini
2008-03-18, 03:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:14 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fatherssupportingfathers.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: SDK Tray Menu.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZNxpt343YYUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe (file missing)
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe (file missing)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mamutu Service (Mamutu) - Unknown owner - C:\Program Files\Mamutu\a2service.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
--
End of file - 8972 bytes
ComboFix 08-03-17.1 - Owner 2008-03-17 20:57:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.564 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\npfss.sys
D:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPFSS
-------\Service_npfss
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-17 20:04 . 2008-03-17 20:04 <DIR> d-------- C:\Program Files\Kodak
2008-03-17 20:04 . 2008-03-17 20:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-17 20:03 . 2008-03-17 20:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 20:03 . 2008-03-17 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 17:26 . 2008-03-17 17:30 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-17 17:13 . 2007-12-06 22:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-17 17:13 . 2007-12-06 22:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-17 17:13 . 2007-12-06 22:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-17 17:12 . 2007-12-06 22:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-17 17:12 . 2007-12-06 22:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-17 17:12 . 2007-12-06 22:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-17 17:12 . 2007-12-06 07:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-16 12:58 . 2008-03-16 12:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Premium Security Suite
2008-03-16 12:57 . 2008-03-16 12:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Premium Security Suite
2008-03-15 23:01 . 2008-03-15 23:01 <DIR> d-------- C:\Program Files\Avira
2008-03-15 23:01 . 2007-08-30 13:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-15 23:01 . 2007-08-30 13:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-15 19:20 . 2001-04-01 17:24 218,112 --a------ C:\WINDOWS\system32\CALLERID.OCX
2008-03-15 19:20 . 2000-03-09 10:46 21,504 --a------ C:\WINDOWS\system32\FT.OCX
2008-03-14 20:25 . 2008-03-14 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-14 16:21 . 2008-03-14 16:29 23,110 --a------ C:\WINDOWS\system32\productregistry
2008-03-14 16:19 . 2008-03-14 16:19 <DIR> d-------- C:\Sun
2008-03-14 15:07 . 2008-03-14 15:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-12 16:08 . 2008-03-10 10:55 281 --ah----- C:\boot.ini.SAB
2008-03-12 09:10 . 2008-03-12 09:10 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-03-11 22:03 . 2008-03-11 22:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 23:23 . 2008-03-10 23:24 <DIR> d-------- C:\Program Files\Meta Tag Builder
2008-03-10 23:23 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-03-10 23:23 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-03-10 11:14 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-10 11:14 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-10 11:14 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-10 11:14 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-10 11:14 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-10 11:14 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-10 11:14 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-10 11:14 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-09 18:27 . 2008-03-09 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-09 18:26 . 2008-03-12 15:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 18:26 . 2008-03-09 18:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-09 16:33 . 2008-03-09 16:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-09 16:33 . 2008-03-09 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-09 16:09 . 2008-03-09 16:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SoftInform
2008-03-09 16:08 . 2008-03-09 16:08 <DIR> d-------- C:\Program Files\SoftInform
2008-03-09 16:08 . 2008-03-09 16:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdsCleaner
2008-03-07 22:59 . 2008-03-07 22:59 83 --a------ C:\WINDOWS\IMSExtract.INI
2008-03-07 22:57 . 2008-03-07 22:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
2008-03-07 22:57 . 2008-03-07 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
2008-03-01 10:40 . 2008-03-04 02:30 <DIR> d--h----- C:\WINDOWS\system32\svcl32
2008-03-01 01:52 . 2004-07-19 16:31 385,024 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-23 13:53 . 2008-02-23 13:53 <DIR> d-------- C:\Program Files\Delphine Software
2008-02-23 13:22 . 2008-02-23 13:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-02-23 13:17 . 2008-02-23 13:19 <DIR> d-------- C:\Program Files\MagicDisc
2008-02-22 13:46 . 2008-03-09 17:19 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2008-02-22 11:17 . 2008-03-15 18:56 <DIR> d-------- C:\Program Files\Ashampoo
2008-02-21 18:19 . 2008-03-17 21:06 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-19 19:27 . 2008-03-11 19:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-19 19:27 . 2008-02-19 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-19 18:50 . 2008-02-19 18:50 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-02-18 23:12 . 2008-02-18 23:12 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-18 11:24 . 2008-03-12 09:56 313 --a------ C:\WINDOWS\wininit.ini
2008-02-18 10:27 . 2008-02-18 10:27 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 10:27 . 2008-02-18 10:27 3,448 --a------ C:\WINDOWS\unins000.dat
.
I have to post the rest of the log's in next reply, too long for thread.
Irishgemini
2008-03-18, 03:32
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 21:34 --------- d-----w C:\Program Files\BOINC
2008-03-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-17 14:09 --------- d-----w C:\Program Files\SMV
2008-03-15 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 00:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-14 19:22 --------- d-----w C:\Program Files\Java
2008-03-14 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-11 23:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-03-11 23:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-03-11 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-09 21:32 --------- d-----w C:\Program Files\Softex
2008-03-09 21:13 --------- d-----w C:\Program Files\MySpace
2008-03-04 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-03-04 06:33 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-02 04:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 16:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-23 17:22 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-18 22:29 96,256 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2008-02-18 14:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 03:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Gearbox Software
2008-02-06 17:15 --------- d-----w C:\Program Files\PDF Editor 2
2008-02-06 17:10 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2008-02-01 16:55 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-30 18:46 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-30 18:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\Gtek
2008-01-30 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-30 06:19 400,864 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-01-30 06:19 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-01-30 04:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2008-01-29 13:00 --------- d-----w C:\Program Files\Realtek AC97
2008-01-29 04:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\ieSpell
2008-01-29 04:25 --------- d-----w C:\Program Files\ieSpell
2008-01-28 01:13 --------- d-----w C:\Program Files\Audio Deck
2005-10-30 14:19 4,702 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-06-30 11:45 37,864 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-03-08 23:13 90 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\ftpfile.dat
2005-02-22 13:47 36 ----a-w C:\Documents and Settings\Compaq_Owner\klextlock.dat
2007-09-26 14:13 80 --sha-r C:\WINDOWS\system32\4547D76120.dll
2007-09-26 14:13 338 --sha-w C:\WINDOWS\system32\msjeto1.dat
2007-09-26 14:13 520 --sha-w C:\WINDOWS\system32\msjeto2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-11 15:30 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 09:02 1877272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 17:44 126976]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 16:27 807440]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50 204800]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-02-12 22:04 392192]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [2008-03-14 16:20:18 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Blocker]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-13 18:41 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Mamutu"=2 (0x2)
"lanmanserver"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Delphine Software\\Darkstone\\Darkstone.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2007-10-02 12:41]
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2007-08-30 13:12]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2007-09-11 15:55]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2007-08-14 13:22]
R2 AppServer9PE;SunJavaSystemAppserver9PE;C:\Sun\SDK\lib\appservService.exe "\"C:\Sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"C:\Sun\SDK\bin\asadmin.bat\" stop-domain domain1\" []
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2007-08-30 13:12]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 17:25]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2007-11-30 22:18]
R3 usbdpfp;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 17:23]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 03:01]
S2 Mamutu;Mamutu Service;"C:\Program Files\Mamutu\a2service.exe" []
S3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys [2001-08-17 14:50]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 09:48]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d540828-b2ee-11dc-b614-00402b67c500}]
\Shell\AutoRun\command - Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3583f76e-6309-11dc-8f30-806d6172696f}]
\Shell\AutoRun\command - Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{badc7694-63e9-11dc-8d84-806d6172696f}]
\Shell\AutoRun\command -
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 04:38:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exeqC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$Registration\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-03-18 01:07:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-14 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 21:06:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\Avira Premium Security Suite\usrreq.exe
.
**************************************************************************
.
Completion time: 2008-03-17 21:10:51 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-03-18 01:10:39
ComboFix2.txt 2008-03-12 19:53:26
.
2008-03-17 22:27:34 --- E O F ---
Malwarebytes' Anti-Malware 1.08
Database version: 499
Scan type: Quick Scan
Objects scanned: 37331
Time elapsed: 8 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dr6 (Adware.Rabio) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ech5 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lows8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nil3 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\typ2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50 (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\lows8\spgdn65.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Uninstall Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\backup.bin (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\ExcludeList.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\results.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmb (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmi (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\nmcuninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
Hello,
You have TWO ANTI VIRUS PROGRAMS RUNNING and this is not recommended as they will use a huge amount of system resources and sometimes conflict with one another, your call but you need to uninstall one of these.
Avira Premium Security Suite
avast! Antivirus
Your HJT log looks like it is not being posted correctly and maybe cut off, I need to see the entire log please, do it this way.
Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.