Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 56

Thread: malware problems; HJT log posted; please help!

  1. 2009-04-15, 13:09 #11
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    ComboFix 09-04-15.08 - Gamer 04/15/2009 6:59.27 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.222 [GMT -4:00]
    Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
    .

    2009-04-08 01:03 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-08 01:03 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-08 01:03 . 2009-04-08 01:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-24 05:48 . 2009-04-08 02:01 32 --s-a-w c:\windows\system32\3430773693.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-19 11:16 . 2009-02-19 11:16 129024 ----a-w c:\windows\system32\dbbfea.dll
    2009-02-19 11:16 . 2009-02-19 11:16 129024 ----a-w c:\windows\system32\htpxrkix.dll
    2009-02-18 23:17 . 2009-02-18 23:17 129024 ----a-w c:\windows\system32\nwpwqs.dll
    2009-02-18 23:17 . 2009-02-18 23:17 129024 ----a-w c:\windows\system32\radtkonu.dll
    2009-02-18 02:10 . 2009-02-18 02:10 129024 ----a-w c:\windows\system32\imicpmlf.dll
    2009-02-18 02:10 . 2009-02-18 02:10 129024 ----a-w c:\windows\system32\ajwwde.dll
    2005-03-12 05:54 . 2004-05-16 18:40 29304 ----a-w c:\documents and settings\Gamer\Application Data\GDIPFONTCACHEV1.DAT
    2005-03-04 22:31 . 2004-05-11 15:36 29304 ----a-w c:\documents and settings\Gamer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2005-02-16 16:06 . 2005-12-26 01:10 218112 ----a-w c:\documents and settings\Gamer\HijackThis.exe
    2005-01-13 22:32 . 2005-01-13 22:32 136 ----a-w c:\documents and settings\Gamer\Local Settings\Application Data\fusioncache.dat
    2004-06-14 02:43 . 2004-06-10 23:51 449 ----a-w c:\documents and settings\Gamer\UpdateReg.reg
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.wmv3"= d:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
    "vidc.tscc"= d:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
    backup=c:\windows\pss\office.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
    backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2003-04-29 02:00 323584 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 07:56 15360 ----a-w c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-22 21:05 81920 ------w d:\program files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 18:29 40960 ----a-w c:\windows\system32\ezSP_Px.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-05-10 00:24 50760 ----a-w c:\program files\Common Files\AOL\1144897544\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2003-04-07 07:07 114688 ----a-w c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
    2006-02-17 16:59 124520 ----a-w c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 18:20 290088 ----a-w D:\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    2002-05-18 16:04 327680 ----a-w c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    2004-11-30 16:36 1945600 ------w d:\program files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 14:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-08-19 01:56 4841472 ----a-w c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 20:09 413696 ----a-w d:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-05 02:32 53248 ------w c:\program files\REGSHAVE\REGSHAVE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
    2005-07-03 07:20 372736 ------w c:\windows\Samsung\ComSMMgr\SSMMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2006-11-10 17:35 90112 ----a-w c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-12-14 01:43 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2007-03-01 23:11 4670968 ----a-w c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-07-22 18:38 88361 ----a-w c:\windows\AGRSMMSG.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "d:\\Gamer\\SteamApps\\philosophize\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\ezSP_Px.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16317:TCP"= 16317:TCP:BitComet 16317 TCP
    "16317:UDP"= 16317:UDP:BitComet 16317 UDP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-04-14 c:\windows\Tasks\XoftSpySE 2.job
    - c:\program files\XoftSpySE\XoftSpy.exe [2008-07-31 19:05]

    2009-04-11 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE\XoftSpy.exe [2008-07-31 19:05]
    .
    - - - - ORPHANS REMOVED - - - -

    SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/m/
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.ddcd.jp/dd3e/sony/cd/faq.html
    uInternet Settings,ProxyServer = gate.temple.edu:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\pw0lcpho.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: d:\mozilla plugins\npitunes.dll
    FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF - plugin: d:\program files\Netscape6\nppl3260.dll
    FF - plugin: d:\program files\Netscape6\nprjplug.dll
    FF - plugin: d:\program files\Netscape6\nprpjplug.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-15 07:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3148)
    c:\windows\system32\msi.dll
    .
    Completion time: 2009-04-15 7:04
    ComboFix-quarantined-files.txt 2009-04-15 11:03
    ComboFix2.txt 2009-04-15 10:57
    ComboFix3.txt 2009-04-10 20:08
    ComboFix4.txt 2009-04-09 02:37
    ComboFix5.txt 2009-04-15 10:59

    Pre-Run: 2,279,714,816 bytes free
    Post-Run: 2,264,342,528 bytes free

    188
  2. 2009-04-15, 13:10 #12
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:07, on 4/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\Gamer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ddcd.jp/dd3e/sony/cd/faq.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.temple.edu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

    --
    End of file - 6950 bytes
  3. 2009-04-15, 13:26 #13
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I see you have run Combofix in the past, this is a very powerfull tool and not to be used for general cleaning, if you use this program on your own and bork your system, this forum, myself and sUbs will not be responsible.

    XoftSpySE<-- Not recommended, if this is still present you should uninstall it via the Add Remove Programs, there are far better programs out there.


    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


    Code:
    File::
c:\windows\system32\dbbfea.dll
c:\windows\system32\htpxrkix.dll
c:\windows\system32\nwpwqs.dll
c:\windows\system32\radtkonu.dll
c:\windows\system32\imicpmlf.dll
c:\windows\system32\ajwwde.dll
c:\documents and settings\Gamer\Application Data\GDIPFONTCACHEV1.DAT
c:\documents and settings\Gamer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  4. 2009-04-16, 00:05 #14
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    ComboFix 09-04-15.08 - Gamer 04/15/2009 17:54.28 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.245 [GMT -4:00]
    Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\documents and settings\Gamer\Application Data\GDIPFONTCACHEV1.DAT
    c:\documents and settings\Gamer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    c:\windows\system32\ajwwde.dll
    c:\windows\system32\dbbfea.dll
    c:\windows\system32\htpxrkix.dll
    c:\windows\system32\imicpmlf.dll
    c:\windows\system32\nwpwqs.dll
    c:\windows\system32\radtkonu.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Gamer\Application Data\GDIPFONTCACHEV1.DAT
    c:\documents and settings\Gamer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    c:\windows\system32\ajwwde.dll
    c:\windows\system32\dbbfea.dll
    c:\windows\system32\htpxrkix.dll
    c:\windows\system32\imicpmlf.dll
    c:\windows\system32\nwpwqs.dll
    c:\windows\system32\radtkonu.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
    .

    2009-04-08 01:03 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-08 01:03 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-08 01:03 . 2009-04-08 01:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-24 05:48 . 2009-04-08 02:01 32 --s-a-w c:\windows\system32\3430773693.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2005-02-16 16:06 . 2005-12-26 01:10 218112 ----a-w c:\documents and settings\Gamer\HijackThis.exe
    2005-01-13 22:32 . 2005-01-13 22:32 136 ----a-w c:\documents and settings\Gamer\Local Settings\Application Data\fusioncache.dat
    2004-06-14 02:43 . 2004-06-10 23:51 449 ----a-w c:\documents and settings\Gamer\UpdateReg.reg
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.wmv3"= d:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
    "vidc.tscc"= d:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
    backup=c:\windows\pss\office.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
    backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2003-04-29 02:00 323584 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 07:56 15360 ----a-w c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-22 21:05 81920 ------w d:\program files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 18:29 40960 ----a-w c:\windows\system32\ezSP_Px.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-05-10 00:24 50760 ----a-w c:\program files\Common Files\AOL\1144897544\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2003-04-07 07:07 114688 ----a-w c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
    2006-02-17 16:59 124520 ----a-w c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 18:20 290088 ----a-w D:\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    2002-05-18 16:04 327680 ----a-w c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    2004-11-30 16:36 1945600 ------w d:\program files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 14:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-08-19 01:56 4841472 ----a-w c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 20:09 413696 ----a-w d:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-05 02:32 53248 ------w c:\program files\REGSHAVE\REGSHAVE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
    2005-07-03 07:20 372736 ------w c:\windows\Samsung\ComSMMgr\SSMMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2006-11-10 17:35 90112 ----a-w c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-12-14 01:43 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w c:\windows\Sonysys\VAIO Recovery\PartSeal.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2007-03-01 23:11 4670968 ----a-w c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-07-22 18:38 88361 ----a-w c:\windows\AGRSMMSG.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "d:\\Gamer\\SteamApps\\philosophize\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\ezSP_Px.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16317:TCP"= 16317:TCP:BitComet 16317 TCP
    "16317:UDP"= 16317:UDP:BitComet 16317 UDP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/m/
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.ddcd.jp/dd3e/sony/cd/faq.html
    uInternet Settings,ProxyServer = gate.temple.edu:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\pw0lcpho.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: d:\mozilla plugins\npitunes.dll
    FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF - plugin: d:\program files\Netscape6\nppl3260.dll
    FF - plugin: d:\program files\Netscape6\nprjplug.dll
    FF - plugin: d:\program files\Netscape6\nprpjplug.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-15 17:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-04-15 18:00
    ComboFix-quarantined-files.txt 2009-04-15 21:59
    ComboFix2.txt 2009-04-15 11:04
    ComboFix3.txt 2009-04-15 10:57
    ComboFix4.txt 2009-04-10 20:08
    ComboFix5.txt 2009-04-15 21:53

    Pre-Run: 2,250,452,992 bytes free
    Post-Run: 2,234,519,552 bytes free

    194
  5. 2009-04-16, 01:32 #15
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:04, on 4/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\Gamer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ddcd.jp/dd3e/sony/cd/faq.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.temple.edu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

    --
    End of file - 6991 bytes
  6. 2009-04-16, 03:44 #16
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello,

    Lets make sure your Java is up to date as outdated versions leave holes for this garbage to sneak in.

    Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 13, if not proceed with the instructions.


    Download the latest version Here save it, do not install it yet.

    JRE 6 Update 13 <--This is what you need

    • Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
    • Reboot your computer
    • Install the latest version

    You can verify the installation Here



    Logs look fine How are things running now???
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2009-04-16, 04:23 #17
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    things havent seem to improved. my comp still freezes after a short while of use and ctrl+alt+del doesnt work. i literally have to unplug comp and start it back up again. also, when i open windows media player or itunes, the application gets stuck and i cant use them. i have to shut them down using ctrl, alt, del.

    i dont know if this changes anything but i deleted all instances of my personal name from the logs i posted and replaced them with "Gamer." would that have affected anything? if so, how can i post the logs to you without my personal name going up?
  8. 2009-04-16, 10:40 #18
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello,

    C:\Program Files\Trend Micro\HijackThis\Gamer.exe <--This is fine


    You can just xxxx out your name on the logs.

    Did you alter your profile at all on your computer?


    Everything looks fine, lets run this free online virus scanner and see if it comes up with anything. Forgot to mention also that I am not looking at any Anti Virus programs installed, pick one here and install it, just one, more is overkill.


    Free Anti Virus Programs






    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2009-04-19, 16:10 #19
    videogamer
    videogamer is offline
    Member
    Join Date
    Apr 2009
    Posts
    69

    Default

    i think my computer is totally shot. i tried the 3 anti virus programs you sent links for and none of them seem to work. the first one, avg, wont allow me to run a scan because something goes wrong when the software tries to install updates. the second one is a dead link. the third one, anti vir, after i download the installation icon to my desktop, i try to run the installation by clicking on the icon and it does nothing.

    also, i cant run ESET because internet explorer doesnt work at all on my computer. when i try opening an IE browser, it just blanks out while the mouse cursor constantly shows the hourglass.
  10. 2009-04-19, 17:43 #20
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    What I would do is a System Repair, this will copy the operating system right on top of the current one and replace any missing or corrupted files.

    Go to one of these sites for help, we just do malware removal on this one. After its completed, post back with a new HJT log and let me know how things are running.

    Windows Tech Support Forums
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules