gerhardvdm28
2008-08-23, 02:42
Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:27:24, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
E:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\GERHARD\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O3 - Toolbar: rafbsvnx - {44EFD459-3C89-49CA-BA3A-32138E140A42} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [e0c072f3] rundll32.exe "C:\WINDOWS\system32\kikynghq.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: GIGABYTE Gamer HUD.exe.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0B357F8-EAFC-4561-AFC0-853C82959ADF}: NameServer = 196.207.36.251 196.207.36.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6989 bytes
gerhardvdm28
2008-08-23, 16:11
ComboFix 08-08-21.02 - Administrator 2008-08-23 15:54:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2840 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\Adobe\crc.dat
C:\Documents and Settings\Administrator\Application Data\Adobe\Manager.exe
C:\Documents and Settings\Administrator\Application Data\AntispywareBot
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080823005733312.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\edsw.exe
C:\WINDOWS\system32\kikynghq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnMFuu.dll
C:\WINDOWS\system32\qhgnykik.ini
C:\WINDOWS\system32\qoMcyATL.dll
C:\WINDOWS\system32\uuFMnnnn.ini
C:\WINDOWS\system32\uuFMnnnn.ini2
C:\WINDOWS\twmxbsqrbat.dll
----- BITS: Possible infected sites -----
http://hqsextube08.com
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 01:58 . 2008-08-23 02:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-23 01:53 . 2008-08-23 01:54 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-08-23 01:27 . 2008-08-23 01:27 2,686 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-23 01:20 . 2008-08-23 01:27 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-23 01:16 . 2008-08-23 01:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-23 01:16 . 2008-08-23 01:16 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-23 01:16 . 2008-08-23 01:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-23 01:16 . 2008-08-23 01:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-23 00:57 . 2008-08-23 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-23 00:24 . 2008-08-23 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-22 23:42 . 2008-08-22 23:43 139 --a------ C:\WINDOWS\wininit.ini
2008-08-22 23:39 . 2008-08-22 23:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-22 23:33 . 2008-08-22 23:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-22 23:33 . 2008-08-23 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 23:20 . 2008-08-22 23:20 126,976 --a------ C:\WINDOWS\kx58432.dll
2008-08-22 22:04 . 2008-08-22 18:20 86,016 --a------ C:\WINDOWS\tqwolser.exe
2008-08-22 22:03 . 2008-08-22 22:03 126,976 --a------ C:\WINDOWS\kx49840.dll
2008-08-18 21:46 . 2008-08-18 21:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-14 20:08 . 2008-08-14 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-14 19:57 . 2008-08-14 19:57 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-14 19:57 . 2008-08-14 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-14 19:52 . 2008-08-14 19:52 <DIR> d-------- C:\DVDVideoSoft
2008-08-14 19:51 . 2008-08-14 19:51 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-14 19:51 . 2008-08-14 19:52 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-14 19:51 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-08-08 22:46 . 2008-08-08 22:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-08 22:46 . 2008-08-08 22:46 <DIR> d-------- C:\7c4567a88b2e0ffd5d51c064ea
2008-08-08 22:45 . 2008-08-08 22:46 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 22:45 . 2008-08-08 22:45 <DIR> d-------- C:\43d66f9cfe5388bd96b215cf
2008-08-07 19:14 . 2008-08-07 19:17 <DIR> d-------- C:\SUZAAN
2008-08-02 19:29 . 2008-08-02 19:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-30 21:00 . 2008-08-08 21:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-07-28 22:32 . 2008-08-07 22:07 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-27 20:03 . 2008-07-27 20:03 <DIR> d-------- C:\Program Files\DNA
2008-07-27 20:03 . 2008-07-27 20:03 <DIR> d-------- C:\Program Files\BitTorrent
2008-07-27 20:03 . 2008-08-23 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-27 20:03 . 2008-08-18 21:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-07-26 16:29 . 2007-09-14 06:21 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-07-26 16:29 . 2007-09-14 06:21 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-26 16:29 . 2007-09-14 06:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-26 16:25 . 2008-07-26 16:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-25 23:24 . 2008-07-25 23:26 <DIR> d-------- C:\WINDOWS\NV40642804.TMP
2008-07-25 22:36 . 2008-07-25 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-25 22:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-07-25 22:35 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-25 22:35 . 2008-07-25 22:35 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-07-25 22:35 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-25 22:35 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-25 22:35 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-07-25 22:35 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-07-25 22:35 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-07-25 22:35 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-07-25 21:48 . 2008-07-25 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 21:29 . 2008-07-25 21:29 <DIR> d-------- C:\Program Files\AVG
2008-07-25 21:11 . 2008-08-08 22:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-25 21:11 . 2008-08-22 21:07 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-25 21:11 . 2008-08-22 21:07 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-25 21:11 . 2008-07-26 18:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-25 21:11 . 2008-07-26 18:04 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-07-25 21:11 . 2008-07-25 21:11 281 --a------ C:\WINDOWS\game.ini
2008-07-25 20:59 . 2008-07-25 20:59 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-25 19:15 . 2008-08-20 23:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-25 19:02 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-25 19:02 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-25 18:54 . 2008-07-25 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Macrovision
2008-07-25 18:54 . 2008-07-25 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FaxCtr
2008-07-25 18:50 . 2008-07-25 18:54 <DIR> d-------- C:\WINDOWS\NV23404024.TMP
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\NVIDIA
2008-07-25 18:49 . 2008-08-14 23:10 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-25 18:49 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-25 18:41 . 2008-07-25 18:41 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-25 18:41 . 2008-07-25 18:41 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-07-25 18:39 . 2008-07-25 18:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-07-25 18:38 . 2008-07-25 18:38 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-25 18:33 . 2008-08-03 21:01 <DIR> d-------- C:\TANIA
2008-07-25 18:32 . 2008-08-23 02:27 <DIR> d-------- C:\GERHARD
2008-07-25 18:28 . 2008-07-25 18:28 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-07-25 18:28 . 2008-08-23 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 18:28 . 2008-07-25 18:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Program Files\QuickTime
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Program Files\iTunes
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Program Files\iPod
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Program Files\Bonjour
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-25 18:26 . 2008-07-25 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-25 18:26 . 2008-07-31 22:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-25 18:26 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-25 18:25 . 2008-07-25 18:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-25 18:25 . 2008-07-25 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-25 18:20 . 2008-07-25 18:20 <DIR> d-------- C:\Program Files\Vodafone
2008-07-25 18:20 . 2008-07-25 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-25 18:20 . 2007-10-15 16:27 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-07-25 18:19 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-25 18:17 . 2008-07-25 18:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-25 18:17 . 2008-07-25 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-25 18:17 . 2008-08-22 23:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-25 18:16 . 2008-07-25 18:17 <DIR> d-------- C:\Program Files\Skype
2008-07-25 18:14 . 2008-07-25 18:14 <DIR> d-------- C:\TempEI4
2008-07-25 18:14 . 2008-07-25 18:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-25 18:07 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-25 18:07 . 2008-04-14 00:09 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-25 18:06 . 2008-07-25 18:06 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-25 18:06 . 2005-04-12 19:09 159,744 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-07-25 18:06 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-07-25 18:06 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-07-25 18:06 . 2004-04-14 11:08 14,432 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-07-25 18:06 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-07-25 18:06 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-07-25 18:05 . 2008-07-25 18:05 <DIR> d-------- C:\Program Files\Logitech
2008-07-25 18:03 . 2008-07-25 18:03 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-25 18:02 . 2008-07-25 18:02 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-07-25 18:02 . 2008-07-25 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-07-25 18:02 . 2003-03-11 19:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-07-25 18:02 . 2003-03-11 19:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-07-25 18:02 . 2003-03-11 19:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-07-25 18:02 . 2003-03-11 19:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-07-25 18:02 . 2003-03-11 19:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-07-25 18:02 . 2005-07-12 11:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-07-25 18:02 . 2008-07-25 18:03 22,971 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-07-25 18:02 . 2005-07-12 11:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-07-25 18:02 . 2005-07-12 11:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-07-25 18:01 . 2008-07-29 20:55 <DIR> d-------- C:\Program Files\Lx_cats
2008-07-25 18:01 . 2008-07-25 18:54 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-07-25 18:00 . 2008-07-25 18:54 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-07-25 18:00 . 2008-07-25 18:56 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 23:32 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-23 22:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0D1F6C-3809-3746-B0CF-8762D16BBE0D}]
2008-08-22 23:20 126976 --a------ C:\WINDOWS\kx58432.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-27 20:03 341824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 15:05 20480]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 01:16 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD.exe.lnk - C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{B2BE514B-F1B3-43AB-84DD-3377ADBA1A7F}\HUD.exe1_CC5DF1A2468043D58FABB63B71468005.exe [2008-07-25 17:29:50 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-07-25 17:22:54 1183744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\GERHARD\\GAMES\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\GERHARD\\GAMES\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\GERHARD\\GAMES\\Vegas2\\Binaries\\RainbowSixVegas2_SADS.exe"=
"C:\\GERHARD\\GAMES\\COD4\\iw3mp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\GERHARD\\GAMES\\MotoGP 2007\\motogp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-23 01:16]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-23 01:16]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-23 01:16]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-23 01:16]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-08-23 16:01]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 11:49]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08aad76e-5a62-11dd-bb8d-101111111111}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08aad9e5-5a62-11dd-bb8d-101111111111}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d14da01e-5b1d-11dd-bb96-101111111111}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d14da01f-5b1d-11dd-bb96-101111111111}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
*Newly Created Service* - MARKFUN_NT
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{44EFD459-3C89-49CA-BA3A-32138E140A42} - (no file)
HKLM-Run-e0c072f3 - C:\WINDOWS\system32\kikynghq.dll
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 16:00:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal
C:\WINDOWS\system32\GVTunner.ref 4 bytes
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5Pro\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\GIGABYTE\ET5Pro\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\GIGABYTE\Gamer GIGABYTE Gamer HUD\HUD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-23 16:02:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 14:02:11
Pre-Run: 189,722,419,200 bytes free
Post-Run: 189,767,921,664 bytes free
288 --- E O F --- 2008-08-20 21:58:48
------------------------------------------------
Do NOT run 'FIXES' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806 )
File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
Particularly post #4, http://forums.spybot.info/showpost.php?p=218503&postcount=4
pskelley
2008-08-28, 00:56
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I apologize for the wait, but you are creating this situation yourself.
Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
If you issues are not resolved, post a new HJT log and I will take a look.
Thanks
gerhardvdm28
2008-08-29, 12:32
error1058, please help virus is still on pc (many Trojan virus)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:36, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
E:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\GERHARD\SOFTWARE\SpyWareSoftware\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: D - {C0EF3CAB-41EB-392B-BD80-9C4711E186E8} - C:\WINDOWS\kx90817.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: GIGABYTE Gamer HUD.exe.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0B357F8-EAFC-4561-AFC0-853C82959ADF}: NameServer = 196.207.36.251 196.207.36.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7316 bytes
pskelley
2008-08-29, 12:53
Not a lot showing in the HJT log and the combofix log:
ComboFix 08-08-21.02 - Administrator 2008-08-23 15:54:46.1
is almost a week old. Delete that copy of combofix completely from your computer and follow these directions.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks
pskelley
2008-09-06, 02:31
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.