View Full Version : vrtumonde,prx,antivirus 2009
tankedsecondchance
2008-07-31, 13:11
help!
thanks in advance for your help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25: VIRUS ALERT!, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: fdkowvbp - {CC62551A-9113-48E1-936F-27ABC255A8B4} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sys2E.exe] C:\Windows\Sys2E.exe
O4 - HKCU\..\Run: [Sys2F.exe] C:\Windows\Sys2F.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZJxdm158YYEG
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56259AB-1438-4B9C-BD58-C12B4E7DE525}: NameServer = 163.121.128.134 163.121.128.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wnslvxtf - {95975EE5-0393-40CF-AB15-C72C2DF9B4A6} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {9EAB2B21-651D-4153-9E27-BF2AAC8E42B0} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
--
End of file - 7970 bytes
tankedsecondchance
2008-08-03, 16:29
:hair:forgive me i have sinned big big time...:oops:
let me say, I have been reading over many of the threads. and i really want to say a big thank you to the team of experts that try to lead us. "less-smart ones" back into the light of a safer cyber land...lots of real solid good advice here
i needed to use my kids, home machine which the hjt log above is for.. and I will run a new hjt log later today when i return home and post it.
my sins follow I added and ran sdfix,spywareblaster,avast,winpatrol,atfcleaner, msvp host file update,cccleaner,malewarebytes,java6.7 .reset many of the ieexplorer settings as some of the fine experts recommend. have set everything to auto update twice weekly. and turned on the firewall and have been able to reset the windows security tools. which i will update and replace later after the machine is really clean.
I have also removed many old programs games and files you name it I dumed it. and keep the trash cans empty using the tools.
im sure some stuff remains as avast and spybot picks up one every now and then and the dog even barks.which im guessing was most likely due to the firewall along with what ever is hidden. and a few spyware ads pop up
winpatrol is a nice tool.
I wont do any more till I hear from and expert.:popcorn:
I await your orders following the new hjt log, for this computer. which i can use again but will try to keep it offline through the fix/cleaning process.
I have also done the same for my other computer and man what a big improvement it made.:2thumb:
tankedsecondchance
2008-08-04, 01:24
i just ran spybot,malewarebytes,ccleaner,and found 0 items ,issues.
here is the new hjtlog, i hope i am free of problems, and that im bug free.
i have read and understand all actions taken are at my own risk.
thanks again for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:31 AM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {10B50878-C49B-42F7-B27E-2BEE6DBF32EE} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C547A20-A2EA-41C4-9C5D-54C33ACE34A2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8341A021-06E8-4A94-A43B-B18AEE646510} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F54C77A0-84C6-44AF-A536-7209A09A19E7} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZJxdm158YYEG
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56259AB-1438-4B9C-BD58-C12B4E7DE525}: NameServer = 163.121.128.134 163.121.128.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbXPjHAQ - cbXPjHAQ.dll (file missing)
O20 - Winlogon Notify: ddcATmjj - ddcATmjj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
--
End of file - 7763 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
If you still require help please post a fresh HJT log along with the following
Installed Programs
Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
tankedsecondchance
2008-08-05, 17:10
Dont be sorry as i do understand ,yes still need help the waits not a problem. the avast tool located some stuff in system restore files. I left it intact "will follow your lead" you ask, and we shall try to comply with any and all request.
im on another computer and will run the log file and programs list and post them both as soon as i return home.
tankedsecondchance
2008-08-05, 22:26
heres the program list first
Aargon Deluxe Shareware vS2.S2.S
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AirStrike 3D: Operation W.A.T. DEMO
AirStrike II Gulf Thunder
AL_Bokhary
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
avast! Antivirus
BookWorm Deluxe
BOOMING
Bugatron 1.11
C???EEE C???E?E
C???EEE C???E?E ??I?E?? ?C?? C????IC?
Carnivores - www.classic-gaming.net
CCleaner (remove only)
Conflict:Desert Storm Demo
Coup de Pouce Maternelle 2 v1.0
Crazy Lunch
Darker - www.classic-gaming.net
DDD Pool
Deer Hunter 2 Demo
Desktop Notifier
Diamond Drop
Dora Carnival Screen Saver
Eagle Red
EAX Unified
Evil Invasion
Evolva Demo
F-22 Lightning 3 Demo
Fisher-Price® Pet Shop
Gold Miner Special Edition
Golden Axe - www.classic-gaming.net
GTA San Andreas
Half-Life
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
House Of The Dead III
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
ieSpell
Indiana Jones and the Fate of Atlantis - www.classic-gaming.net
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD
Java(TM) 6 Update 7
Legacy of Kain: Soul Reaver
Legend of Kyrandia 2 - www.classic-gaming.net
Lemonade Tycoon
London Racer Police Madness
Luxor
Malwarebytes' Anti-Malware
MaxGammon
Medal of Honor Allied Assault
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Musikapa
Network Play System (Patching)
Ocean Discovery(TM)
OpenOffice.org Installer 1.0
Perfect Chess
Pinky and The Brain(tm) World Conquest(tm) Demo
Pirates of the Caribbean
Power Rangers Ninja Storm
QuickTime
Raptor
Redisruption
Roulette 1.0.0
Samurai
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Sega Smash Pack
Skype™ 3.8
SoundMAX
SpeedTouch 330
Spin & Win
Spybot - Search & Destroy
SpywareBlaster 4.1
Stan Skateboarding
Surfs Up
Tales of Pirates Online 1.37
The Battle for Middle-earth (tm) II
The Corporate Machine DEMO
The Sims
The Sims 2
Tomb Raider III (Demo)
TRUST 120 SPACEC@M
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPatrol 2008
WinRAR archiver
WorldCraft
hjt log as requested
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:39 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {10B50878-C49B-42F7-B27E-2BEE6DBF32EE} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C547A20-A2EA-41C4-9C5D-54C33ACE34A2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8341A021-06E8-4A94-A43B-B18AEE646510} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F54C77A0-84C6-44AF-A536-7209A09A19E7} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZJxdm158YYEG
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56259AB-1438-4B9C-BD58-C12B4E7DE525}: NameServer = 163.121.128.134 163.121.128.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbXPjHAQ - cbXPjHAQ.dll (file missing)
O20 - Winlogon Notify: ddcATmjj - ddcATmjj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
--
End of file - 7845 bytes
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
tankedsecondchance
2008-08-07, 05:23
I was away all day yesterday and most likely wont make it home today but when i do i will run the programs you indicated
thanks tim
tankedsecondchance
2008-08-08, 17:26
im sorry for the delay,but work called and here are the requested log reports
Im not sure it ran correctly as some of the messages never came up on screen it did restart ok
combofix log
ComboFix 08-08-08.01 - owner 2008-08-08 16:52:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.71 [GMT 3:00]
Running from: C:\Documents and Settings\owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system\msvbvm60.dll
C:\WINDOWS\system32\eppcgjey.ini
C:\WINDOWS\system32\ffeMlUtv.ini
C:\WINDOWS\system32\ffeMlUtv.ini2
C:\WINDOWS\system32\jtepleqk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ogvtkyko.ini
C:\WINDOWS\system32\OWHhOXyb.ini
C:\WINDOWS\system32\OWHhOXyb.ini2
C:\WINDOWS\system32\owphsyre.ini
C:\WINDOWS\system32\pxljthat.ini
C:\WINDOWS\system32\tudorkdv.ini
C:\WINDOWS\system32\vxsrvbix.dll
C:\WINDOWS\system32\xqgnyuml.ini
C:\WINDOWS\system32\ynebwmnt.ini
D:\X.EXE
.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.
2008-08-05 00:07 . 2008-08-05 00:08 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-02 01:51 . 2008-08-02 01:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-01 21:19 . 2008-08-01 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-01 19:37 . 2008-08-01 19:37 <DIR> d-------- C:\Documents and Settings\owner\Application Data\Malwarebytes
2008-08-01 19:08 . 2008-08-01 19:08 <DIR> d-------- C:\Documents and Settings\owner\Application Data\WinPatrol
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\Malwarebytes
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 17:10 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 17:10 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 16:41 . 2008-08-01 16:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-01 16:27 . 2008-08-01 04:33 <DIR> d-------- C:\SDFix
2008-08-01 13:08 . 2008-08-01 13:08 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\WinPatrol
2008-08-01 13:07 . 2008-08-01 13:07 <DIR> d-------- C:\Program Files\BillP Studios
2008-07-31 12:24 . 2008-07-31 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 02:59 . 2008-07-31 02:59 <DIR> d-------- C:\Documents and Settings\owner\.housecall6.6
2008-07-30 17:25 . 2008-07-30 17:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-26 19:37 . 2008-08-01 23:42 487 --a------ C:\WINDOWS\wininit.ini
2008-07-26 16:25 . 2008-07-26 16:25 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-25 20:56 . 2008-07-25 21:06 23 --a------ C:\Documents and Settings\owner\jagex_runescape_preferences.dat
2008-07-23 22:30 . 2008-07-23 22:30 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-07-22 22:58 . 2008-07-22 22:58 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\InterVideo
2008-07-21 22:54 . 2008-07-21 22:54 0 --a------ C:\Documents and Settings\Apollo\jagex_runescape_preferences.dat
2008-07-21 22:53 . 2008-07-21 22:53 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 14:07 . 2008-07-10 14:07 <DIR> d-------- C:\Program Files\HPQ
2008-07-10 14:01 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP28595.SYS
2008-07-10 13:58 . 2008-07-10 13:58 <DIR> d-------- C:\system.sav
2008-07-10 13:58 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP28790.SYS
2008-07-10 13:53 . 2001-09-26 15:17 50,520 --a------ C:\WINDOWS\system32\SP25942.SYS
2008-07-10 13:31 . 2008-07-10 13:31 <DIR> d-------- C:\Program Files\Intel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 15:30 --------- d-----w C:\Documents and Settings\Apollo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-07 15:27 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-07 15:01 --------- d-----w C:\Program Files\NOS
2008-07-07 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-06 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 10:26 --------- d-----w C:\Program Files\Google
2008-07-04 10:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-02 15:55 --------- d-----w C:\Documents and Settings\Apollo\Application Data\HP
2008-07-01 19:22 --------- d-----w C:\Documents and Settings\Apollo\Application Data\GetRightToGo
2008-06-28 20:12 --------- d-----w C:\Documents and Settings\Apollo\Application Data\skypePM
2008-06-28 20:08 --------- d-----w C:\Documents and Settings\Apollo\Application Data\Skype
2008-06-28 20:07 --------- d-----w C:\Program Files\Skype
2008-06-28 20:07 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-28 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 23:20 --------- d-----w C:\Program Files\Starfield
2008-06-14 22:59 --------- d-----w C:\Documents and Settings\Apollo\Application Data\Media Player Classic
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 --------- d-----w C:\Documents and Settings\Apollo\Application Data\ieSpell
2008-06-10 07:57 --------- d-----w C:\Program Files\Sun
2008-06-10 07:55 --------- d-----w C:\Program Files\Java
2008-06-10 07:47 --------- d-----w C:\Program Files\Common Files\Java
2008-06-04 13:28 493 ----a-w C:\ma478.bin
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-04-09 13:21 12 ----a-w C:\Documents and Settings\owner\PREF.DAT
2002-03-17 14:29 786,432 ----a-w C:\Documents and Settings\owner\PhantasyStar2.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"diagnostics"="C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2008-05-13 18:25 557149]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 19:58 333120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.L3codecp"= L3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty26.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\SERVICE\\st330service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Drengin.net\\The Corporate Machine\\machine.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R3 CCCP106;TRUST 120 SPACEC@M;C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 11:17]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-03-20 18:38]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-03-20 18:38]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-03-20 18:38]
S0 Winek72;Winek72;C:\WINDOWS\system32\Drivers\Winek72.sys []
S0 Winsy73;Winsy73;C:\WINDOWS\system32\Drivers\Winsy73.sys []
S0 Winty26;Winty26;C:\WINDOWS\system32\Drivers\Winty26.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fead6fde-8b61-11da-9310-ba5ae5f068b5}]
\Shell\AutoRun\command - F:\UFDLaunch.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8D00839-5BF3-4F5D-9086-337D17A8BE00}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
2008-08-08 C:\WINDOWS\Tasks\Spybot - Search & Destroy.job
- D:\PROGRA~1\SPYBOT~1\SpybotSD.exe [2008-07-07 09:42]
2008-08-01 C:\WINDOWS\Tasks\CCleaner.job
- D:\Program Files\CCleaner\CCleaner.exe [2008-07-29 16:41]
2008-08-07 C:\WINDOWS\Tasks\avast! Antivirus.job
- C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe [2008-07-19 17:28]
2008-08-04 C:\WINDOWS\Tasks\SpywareBlaster.job
- D:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE [2008-06-11 01:58]
2008-08-04 C:\WINDOWS\Tasks\Adobe Reader 9.job
- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2008-07-07 18:40]
.
- - - - ORPHANS REMOVED - - - -
Notify-cbXPjHAQ - cbXPjHAQ.dll
Notify-ddcATmjj - ddcATmjj.dll
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Search - ?p=ZJxdm158YYEG
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 16:58:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\THOMSON SPEEDTOUCH\ST330\SERVICE\ST330SERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-08-08 17:00:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-08 14:00:20
Pre-Run: 7,526,252,544 bytes free
Post-Run: 7,680,049,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
227 --- E O F --- 2008-07-12 00:12:59
hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:34 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm158YYEG
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56259AB-1438-4B9C-BD58-C12B4E7DE525}: NameServer = 163.121.128.134 212.103.160.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
--
End of file - 6802 bytes
and thanks for the help
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
tankedsecondchance
2008-08-08, 18:33
wow thats some data base for kaspersky its downloading now. im in egypt and will post the report when its done its about 6:30pm here I guess your a couple hours ahead of us as i recall..
tankedsecondchance
2008-08-08, 21:27
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 17:03:27
Records in database: 1069743
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 108224
Threat name: 12
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 02:06:36
File name / Threat name / Threats count
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP565\A0210848.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aelq 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209506.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209517.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209566.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209577.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209591.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209610.dll Infected: Trojan.Win32.Monder.byf 1
C:\System Volume Information\_restore{C99C3E26-2992-4B22-B6A9-D9ED874631B6}\RP560\A0209614.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vxsrvbix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aelq 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Vapsup.jpf 1
C:\SDFix\backups_old\backups.zip Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\SDFix\backups_old\backups.zip Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 2
C:\SDFix\backups_old\backups.zip Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\SDFix\backups_old\backups.zip Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\SDFix\backups_old\backups.zip Infected: Hoax.HTML.Secureinvites.d 1
C:\SDFix\backups_old\backups.zip Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Mutant.atp 1
D:\Program Files\EA Games\MOHAA\monopoly_1.2.3.rar Infected: Trojan.Win32.Monderc.gen 1
D:\Program Files\EA Games\MOHAA\monopoly_1.2.3.rar Infected: Email-Worm.Win32.Zhelatin.yu 1
The selected area was scanned.
Do you know what these are in your uninstall log ?
C???EEE C???E?E
C???EEE C???E?E ??I?E?? ?C?? C????IC?
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total
Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
C:\WINDOWS\system32\SP28595.SYS
Click Submit/Send File
Please post back, to let me know the results.
Please do the same for the following file
C:\ma478.bin
If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\wininit.ini
Folder::
C:\SDFix
Driver::
Winek72
Winsy73
Winty26
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek72.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty26.sys]
File::
D:\Program Files\EA Games\MOHAA\monopoly_1.2.3.rar
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O8 - Extra context menu item: &Search - ?p=ZJxdm158YYEG
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Virus Total Logs
ComboFix Log
A Fresh HJT Log
How are things running now ?
tankedsecondchance
2008-08-08, 23:25
no i dont know what C???EEE C???E?E
C???EEE C???E?E ??I?E?? ?C?? C????IC? is, it does not show up under add\remove programs.
and here are the reports from the two uploads
File SP28595.SYS received on 08.08.2008 22:03:21 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.08 -
AVG 8.0.0.156 2008.08.08 -
BitDefender 7.2 2008.08.08 -
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.08 -
DrWeb 4.44.0.09170 2008.08.08 -
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 -
F-Secure 7.60.13501.0 2008.08.08 -
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 -
Ikarus T3.1.1.34.0 2008.08.08 -
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 -
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.08 -
NOD32v2 3340 2008.08.08 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.08 -
PCTools 4.4.2.0 2008.08.08 -
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 -
Sophos 4.32.0 2008.08.08 -
Sunbelt 3.1.1537.1 2008.08.08 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.08 -
Webwasher-Gateway 6.6.2 2008.08.08 -
Additional information
File size: 50520 bytes
MD5...: 286c93191d49e24fc78b27e993f44b16
SHA1..: 08dfb37a6f949ace07a59262e496d42971510e44
SHA256: 86ecb19eb32f293095e080d10b185279af5f853613207590f745c3cf6a8b5e7f
SHA512: 72abee3508cc4ca6f6b953b9a582ef7d3f35c15db1bba60a0cd381272ae82d2f
a052ffef9f8af39f31c6840f77e12c527075f276696c26d82e7367bc8ce874a3
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x17774
timedatestamp.....: 0x385a4ff8 (Fri Dec 17 15:00:08 1999)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x677c 0x6780 6.24 4328adaf12c91c0b1db51603a0440daa
page 0x6a40 0x898 0x8a0 5.93 4ed58864e3016960f2fb6e4c0f41fd9d
.data 0x72e0 0x41c 0x420 0.65 3154a1a91121d3d6a56a52be64b068b3
INIT 0x7700 0x914 0x920 5.90 35b1cd0b99bd3abeaf4629cfc4444aeb
.rsrc 0x8020 0x3c0 0x3c0 3.32 5d9fea01ccf370bc9b75502b10b2db6a
.reloc 0x83e0 0x4d8 0x4e0 6.06 449baf831bdd9fd061d636b49ca7dfa9
( 2 imports )
> ntoskrnl.exe: IoDeleteSymbolicLink, DbgPrint, strncmp, KeNumberProcessors, RtlQueryRegistryValues, RtlAppendUnicodeStringToString, RtlWriteRegistryValue, RtlCreateRegistryKey, RtlCheckRegistryKey, IoFreeMdl, MmUnlockPages, MmMapLockedPages, MmProbeAndLockPages, IoAllocateMdl, MmUnmapIoSpace, MmMapIoSpace, KeInitializeSpinLock, MmIsAddressValid, READ_REGISTER_UCHAR, wcscpy, IofCompleteRequest, WRITE_REGISTER_USHORT, KeI386ReleaseGdtSelectors, KeI386AllocateGdtSelectors, KeI386SetGdtSelector, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeI386Call16BitFunction, RtlCompareMemory, KeQuerySystemTime, KeDelayExecutionThread, KeInitializeTimer, KeCancelTimer, KeSetTimer, KeReadStateTimer, MmGetPhysicalAddress, MmAllocateContiguousMemory, MmFreeContiguousMemory, RtlUnwind, ExAllocatePoolWithTag, memmove, _wcsnicmp, wcscat, RtlInitUnicodeString, ExFreePool, IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR
> HAL.dll: KeStallExecutionProcessor, WRITE_PORT_USHORT, WRITE_PORT_UCHAR, HalTranslateBusAddress, READ_PORT_USHORT, READ_PORT_UCHAR, HalSetBusData, HalGetBusData, KfAcquireSpinLock, KfRaiseIrql, KfLowerIrql, KfReleaseSpinLock
( 0 exports )
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
the second report
Antivirus Version Last Update Result
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.08 -
AVG 8.0.0.156 2008.08.08 -
BitDefender 7.2 2008.08.08 -
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.08 -
DrWeb 4.44.0.09170 2008.08.08 -
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 -
F-Secure 7.60.13501.0 2008.08.08 -
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 -
Ikarus T3.1.1.34.0 2008.08.08 -
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 -
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.08 -
NOD32v2 3340 2008.08.08 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.08 -
PCTools 4.4.2.0 2008.08.08 -
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 -
Sophos 4.32.0 2008.08.08 -
Sunbelt 3.1.1537.1 2008.08.08 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.08 -
Webwasher-Gateway 6.6.2 2008.08.08 -
Additional information
File size: 493 bytes
MD5...: c8ecb64a05d6ef7af036bd3a8852111f
SHA1..: 8acad088024ea9b0830da220a1b0e80c518f8861
SHA256: ebf1d5017fa9ebcb538b5c761ff28949242995b17a11cae9dc89b528caff91cf
SHA512: 44c4eb2c179d27f6a634e99186e658b53bfed94313275b7855a052c6adc8fdb5
cefc430d0d3bd06c5a3504faebfd4fdc5604398b38afa639d155ca892bdad9eb
PEiD..: -
PEInfo: -
tankedsecondchance
2008-08-08, 23:57
here is the combofix log
ComboFix 08-08-08.01 - owner 2008-08-08 23:28:47.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.58 [GMT 3:00]
Running from: C:\Documents and Settings\owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\wininit.ini
D:\Program Files\EA Games\MOHAA\monopoly_1.2.3.rarSave this as CFScript.txt and place it on your desktop.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\RemLat.TXT
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\backups_old\backupreg.zip
C:\SDFix\backups_old\backups.zip
C:\SDFix\backups_old\catchme.log
C:\SDFix\backups_old\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINSY73
-------\Legacy_WINTY26
-------\Service_Winek72
-------\Service_Winsy73
-------\Service_Winty26
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.
2008-08-08 17:54 . 2008-08-08 17:54 <DIR> d-------- C:\Program Files\COMODO
2008-08-08 17:54 . 2008-08-08 17:54 <DIR> d-------- C:\Documents and Settings\owner\Application Data\Comodo
2008-08-08 17:54 . 2008-08-08 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 17:54 . 2008-08-08 17:54 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-08 17:54 . 2008-08-08 17:54 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-08 17:54 . 2008-08-08 17:54 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-05 00:07 . 2008-08-05 00:08 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-02 01:51 . 2008-08-02 01:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-01 21:19 . 2008-08-01 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-01 19:37 . 2008-08-01 19:37 <DIR> d-------- C:\Documents and Settings\owner\Application Data\Malwarebytes
2008-08-01 19:08 . 2008-08-01 19:08 <DIR> d-------- C:\Documents and Settings\owner\Application Data\WinPatrol
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\Malwarebytes
2008-08-01 17:10 . 2008-08-01 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 17:10 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 17:10 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 16:41 . 2008-08-01 16:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-01 13:08 . 2008-08-01 13:08 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\WinPatrol
2008-08-01 13:07 . 2008-08-01 13:07 <DIR> d-------- C:\Program Files\BillP Studios
2008-07-31 12:24 . 2008-07-31 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 02:59 . 2008-07-31 02:59 <DIR> d-------- C:\Documents and Settings\owner\.housecall6.6
2008-07-30 17:25 . 2008-07-30 17:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-26 16:25 . 2008-07-26 16:25 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-25 20:56 . 2008-07-25 21:06 23 --a------ C:\Documents and Settings\owner\jagex_runescape_preferences.dat
2008-07-23 22:30 . 2008-07-23 22:30 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-07-22 22:58 . 2008-07-22 22:58 <DIR> d-------- C:\Documents and Settings\Apollo\Application Data\InterVideo
2008-07-21 22:54 . 2008-07-21 22:54 0 --a------ C:\Documents and Settings\Apollo\jagex_runescape_preferences.dat
2008-07-21 22:53 . 2008-07-21 22:53 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 14:07 . 2008-07-10 14:07 <DIR> d-------- C:\Program Files\HPQ
2008-07-10 14:01 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP28595.SYS
2008-07-10 13:58 . 2008-07-10 13:58 <DIR> d-------- C:\system.sav
2008-07-10 13:58 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP28790.SYS
2008-07-10 13:53 . 2001-09-26 15:17 50,520 --a------ C:\WINDOWS\system32\SP25942.SYS
2008-07-10 13:31 . 2008-07-10 13:31 <DIR> d-------- C:\Program Files\Intel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 15:30 --------- d-----w C:\Documents and Settings\Apollo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-07 15:27 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-07 15:01 --------- d-----w C:\Program Files\NOS
2008-07-07 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-06 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 10:26 --------- d-----w C:\Program Files\Google
2008-07-04 10:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-02 15:55 --------- d-----w C:\Documents and Settings\Apollo\Application Data\HP
2008-07-01 19:22 --------- d-----w C:\Documents and Settings\Apollo\Application Data\GetRightToGo
2008-06-28 20:12 --------- d-----w C:\Documents and Settings\Apollo\Application Data\skypePM
2008-06-28 20:08 --------- d-----w C:\Documents and Settings\Apollo\Application Data\Skype
2008-06-28 20:07 --------- d-----w C:\Program Files\Skype
2008-06-28 20:07 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-28 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 23:20 --------- d-----w C:\Program Files\Starfield
2008-06-14 22:59 --------- d-----w C:\Documents and Settings\Apollo\Application Data\Media Player Classic
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 --------- d-----w C:\Documents and Settings\Apollo\Application Data\ieSpell
2008-06-10 07:57 --------- d-----w C:\Program Files\Sun
2008-06-10 07:55 --------- d-----w C:\Program Files\Java
2008-06-10 07:47 --------- d-----w C:\Program Files\Common Files\Java
2008-06-04 13:28 493 ----a-w C:\ma478.bin
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-04-09 13:21 12 ----a-w C:\Documents and Settings\owner\PREF.DAT
2002-03-17 14:29 786,432 ----a-w C:\Documents and Settings\owner\PhantasyStar2.bin
.
((((((((((((((((((((((((((((( snapshot@2008-08-08_16.59.45.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-08 14:54:04 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2008-08-08 20:35:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"diagnostics"="C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2008-05-13 18:25 557149]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 19:58 333120]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-08 17:53 1655552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.L3codecp"= L3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\SERVICE\\st330service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Drengin.net\\The Corporate Machine\\machine.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-08 17:54]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-08 17:54]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R3 CCCP106;TRUST 120 SPACEC@M;C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 11:17]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-03-20 18:38]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-03-20 18:38]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-03-20 18:38]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fead6fde-8b61-11da-9310-ba5ae5f068b5}]
\Shell\AutoRun\command - F:\UFDLaunch.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8D00839-5BF3-4F5D-9086-337D17A8BE00}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
2008-08-08 C:\WINDOWS\Tasks\Spybot - Search & Destroy.job
- D:\PROGRA~1\SPYBOT~1\SpybotSD.exe [2008-07-07 09:42]
2008-08-08 C:\WINDOWS\Tasks\CCleaner.job
- D:\Program Files\CCleaner\CCleaner.exe [2008-07-29 16:41]
2008-08-07 C:\WINDOWS\Tasks\avast! Antivirus.job
- C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe [2008-07-19 17:28]
2008-08-04 C:\WINDOWS\Tasks\SpywareBlaster.job
- D:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE [2008-06-11 01:58]
2008-08-04 C:\WINDOWS\Tasks\Adobe Reader 9.job
- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2008-07-07 18:40]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 23:36:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\THOMSON SPEEDTOUCH\ST330\SERVICE\ST330SERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-08-08 23:40:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-08 20:40:06
ComboFix2.txt 2008-08-08 14:00:32
Pre-Run: 7,393,198,080 bytes free
Post-Run: 7,540,326,400 bytes free
299 --- E O F --- 2008-07-12 00:12:59
the new hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:53 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56259AB-1438-4B9C-BD58-C12B4E7DE525}: NameServer = 163.121.128.134 212.103.160.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
--
End of file - 6561 bytes
Those logs look fine, how are things running now ?
Let's have another look at that install list, see if those entries still show up.
Installed Programs
Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
tankedsecondchance
2008-08-09, 00:18
i tried to resend the one of the files and this time it found it heres the correct report..
the screen color has greatly improved and the nasty popups have stoped.
will run hjt tool now to see if the file remains
File SP28595.SYS received on 08.08.2008 22:03:21 (CET)
Current status: finished
Result: 0/36 (0.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.08 -
AVG 8.0.0.156 2008.08.08 -
BitDefender 7.2 2008.08.08 -
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.08 -
DrWeb 4.44.0.09170 2008.08.08 -
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 -
F-Secure 7.60.13501.0 2008.08.08 -
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 -
Ikarus T3.1.1.34.0 2008.08.08 -
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 -
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.08 -
NOD32v2 3340 2008.08.08 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.08 -
PCTools 4.4.2.0 2008.08.08 -
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 -
Sophos 4.32.0 2008.08.08 -
Sunbelt 3.1.1537.1 2008.08.08 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.08 -
Webwasher-Gateway 6.6.2 2008.08.08 -
Additional information
File size: 50520 bytes
MD5...: 286c93191d49e24fc78b27e993f44b16
SHA1..: 08dfb37a6f949ace07a59262e496d42971510e44
SHA256: 86ecb19eb32f293095e080d10b185279af5f853613207590f745c3cf6a8b5e7f
SHA512: 72abee3508cc4ca6f6b953b9a582ef7d3f35c15db1bba60a0cd381272ae82d2f
a052ffef9f8af39f31c6840f77e12c527075f276696c26d82e7367bc8ce874a3
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x17774
timedatestamp.....: 0x385a4ff8 (Fri Dec 17 15:00:08 1999)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x677c 0x6780 6.24 4328adaf12c91c0b1db51603a0440daa
page 0x6a40 0x898 0x8a0 5.93 4ed58864e3016960f2fb6e4c0f41fd9d
.data 0x72e0 0x41c 0x420 0.65 3154a1a91121d3d6a56a52be64b068b3
INIT 0x7700 0x914 0x920 5.90 35b1cd0b99bd3abeaf4629cfc4444aeb
.rsrc 0x8020 0x3c0 0x3c0 3.32 5d9fea01ccf370bc9b75502b10b2db6a
.reloc 0x83e0 0x4d8 0x4e0 6.06 449baf831bdd9fd061d636b49ca7dfa9
( 2 imports )
> ntoskrnl.exe: IoDeleteSymbolicLink, DbgPrint, strncmp, KeNumberProcessors, RtlQueryRegistryValues, RtlAppendUnicodeStringToString, RtlWriteRegistryValue, RtlCreateRegistryKey, RtlCheckRegistryKey, IoFreeMdl, MmUnlockPages, MmMapLockedPages, MmProbeAndLockPages, IoAllocateMdl, MmUnmapIoSpace, MmMapIoSpace, KeInitializeSpinLock, MmIsAddressValid, READ_REGISTER_UCHAR, wcscpy, IofCompleteRequest, WRITE_REGISTER_USHORT, KeI386ReleaseGdtSelectors, KeI386AllocateGdtSelectors, KeI386SetGdtSelector, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeI386Call16BitFunction, RtlCompareMemory, KeQuerySystemTime, KeDelayExecutionThread, KeInitializeTimer, KeCancelTimer, KeSetTimer, KeReadStateTimer, MmGetPhysicalAddress, MmAllocateContiguousMemory, MmFreeContiguousMemory, RtlUnwind, ExAllocatePoolWithTag, memmove, _wcsnicmp, wcscat, RtlInitUnicodeString, ExFreePool, IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR
> HAL.dll: KeStallExecutionProcessor, WRITE_PORT_USHORT, WRITE_PORT_UCHAR, HalTranslateBusAddress, READ_PORT_USHORT, READ_PORT_UCHAR, HalSetBusData, HalGetBusData, KfAcquireSpinLock, KfRaiseIrql, KfLowerIrql, KfReleaseSpinLock
( 0 exports )
tankedsecondchance
2008-08-09, 00:22
hjt still shows the odd file......?? under add/remove
tankedsecondchance
2008-08-09, 00:26
Aargon Deluxe Shareware vS2.S2.S
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AirStrike 3D: Operation W.A.T. DEMO
AirStrike II Gulf Thunder
AL_Bokhary
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
avast! Antivirus
BookWorm Deluxe
BOOMING
Bugatron 1.11
C???EEE C???E?E
C???EEE C???E?E ??I?E?? ?C?? C????IC?
Carnivores - www.classic-gaming.net
CCleaner (remove only)
COMODO Firewall Pro
Conflict:Desert Storm Demo
Coup de Pouce Maternelle 2 v1.0
Crazy Lunch
Darker - www.classic-gaming.net
DDD Pool
Deer Hunter 2 Demo
Desktop Notifier
Diamond Drop
Dora Carnival Screen Saver
Eagle Red
EAX Unified
Evil Invasion
Evolva Demo
F-22 Lightning 3 Demo
Fisher-Price® Pet Shop
Gold Miner Special Edition
Golden Axe - www.classic-gaming.net
GTA San Andreas
Half-Life
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
House Of The Dead III
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
ieSpell
Indiana Jones and the Fate of Atlantis - www.classic-gaming.net
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD
Java(TM) 6 Update 7
Legacy of Kain: Soul Reaver
Legend of Kyrandia 2 - www.classic-gaming.net
Lemonade Tycoon
London Racer Police Madness
Luxor
Malwarebytes' Anti-Malware
MaxGammon
Medal of Honor Allied Assault
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Musikapa
Network Play System (Patching)
Ocean Discovery(TM)
OpenOffice.org Installer 1.0
Perfect Chess
Pinky and The Brain(tm) World Conquest(tm) Demo
Pirates of the Caribbean
Power Rangers Ninja Storm
QuickTime
Raptor
Redisruption
Roulette 1.0.0
Samurai
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Sega Smash Pack
Skype™ 3.8
SoundMAX
SpeedTouch 330
Spin & Win
Spybot - Search & Destroy
SpywareBlaster 4.1
Stan Skateboarding
Surfs Up
Tales of Pirates Online 1.37
The Battle for Middle-earth (tm) II
The Corporate Machine DEMO
The Sims
The Sims 2
Tomb Raider III (Demo)
TRUST 120 SPACEC@M
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPatrol 2008
WinRAR archiver
WorldCraft
Find Uninstall Command
Open Hijack This
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Highlight
C???EEE C???E?E ??I?E?? ?C?? C????IC?
Copy the contents of the box marked Uninstall Command
Paste the contents in your reply
Do the same for this one as well.
C???EEE C???E?E
tankedsecondchance
2008-08-09, 00:42
its a empty box...blank, nothing to copy
It looks like they are old corrupt entries, let's remove them
Open Hijack This
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Highlight
C???EEE C???E?E ??I?E?? ?C?? C????IC?
Now click Delete This Entry
Click Yes at the prompt
Do the same for this one as well.
C???EEE C???E?E
You can now close HJT
We will now reset Teatimer snapshot
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Enable Teatimer
RIGHT click Link >>> HERE <<< Link (http://downloads.subratam.org/ResetTeaTimer.bat) and select "save as" and save it to your desktop
Double click ResetTeaTimer.bat
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
check the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
You can now delete ResetTeaTimer.bat
Congratulations your logs look clean :D
Let's see if I can help you keep it that way
First lets tidy up :D
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You can also delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
tankedsecondchance
2008-08-10, 00:01
Dr Katana
you did good. i really really thank you all for your efforts
everything seems good its loading a weeee bit slow guess from dumping the preload files will give it a couple of days to see if it picks up a bit. the hard drive can hardly be heard vs spinning out of control.
the two files would not delete with hjt will try tracking them down over the next couple of days..
will update you later when i post a new log for the other machine which im sure has some things tucked away in some old restore files..
i made my son read every step instruction and he ran about half of the steps.
hes already looking around for other host file updates and was wondering what safe sources are available I told him my bet was the one linked here!