Can Not Remove "Win32.Joleee.K", Need Help.

I followed the instructions, the "hide extensions" box was already uncheck.
I checked it clicked apply and then unchecked it again and applied, nothing the icon still remains the same "unkown".
 
Hi
Finished the scan and saved the log to a txt file but it wont let me paste it here, everything just goes into ultra slow motion when I try and I end up control alt deleting to close this down.
Can I attached the log ?
 
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
c:\windows\system32\mdtivac.dll

NetSvc::
Applogon

Driver::
Applogon
cusbohcn
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with a fresh HijackThis log.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
Below is the now ComboFix log.
I will post the new HIghjack log in a following responce.



ComboFix 09-04-19.05 - System Administrator 19/04/2009 19:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.255.42 [GMT 1:00]
Running from: c:\documents and settings\System Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\System Administrator\Desktop\CFScript.txt

FILE ::
c:\windows\system32\mdtivac.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdtivac.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLOGON
-------\Legacy_CUSBOHCN
-------\Service_Applogon
-------\Service_cusbohcn


((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 16:21 . 2009-04-19 16:58 -------- d-----w C:\gmer
2009-04-17 20:31 . 2009-04-17 20:33 -------- d-----w C:\AVG Update
2009-04-16 08:22 . 2009-04-19 18:24 91936 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-16 08:22 . 2009-04-19 18:21 7617824 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 08:22 . 2009-04-19 18:18 107180 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-16 08:22 . 2009-04-19 18:18 10640 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-16 08:20 . 2009-04-16 08:20 3708 ----a-w C:\rollback.ini
2009-04-16 07:55 . 2009-04-16 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-01 11:59 . 2009-04-11 13:00 311 ----a-w c:\windows\wininit.ini
2009-03-30 12:54 . 2009-04-13 16:20 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-30 12:54 . 2009-03-30 12:54 1409 ----a-w c:\windows\QTFont.for
2009-03-25 15:23 . 2009-03-25 15:23 56492 ---ha-w c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 15:41 . 2007-03-15 17:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 13:44 . 2007-03-14 10:05 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 13:39 . 2007-03-14 10:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-18 12:49 . 2009-04-18 12:49 -------- d-----w c:\program files\Trend Micro
2009-04-16 18:01 . 2007-04-16 21:36 268 ---ha-w C:\sqmdata04.sqm
2009-04-16 18:01 . 2007-04-16 21:36 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-16 12:12 . 2009-04-16 07:55 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-16 11:59 . 2008-02-21 18:22 -------- d-----w c:\program files\DVDVideoSoft
2009-04-16 11:58 . 2008-02-21 18:22 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-15 21:30 . 2009-04-15 21:30 -------- d-----w c:\program files\AVG
2009-04-14 13:24 . 2007-04-16 19:04 268 ---ha-w C:\sqmdata03.sqm
2009-04-14 13:24 . 2007-04-16 19:04 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-12 13:31 . 2009-04-12 13:31 -------- d-----w c:\program files\Safer Networking
2009-04-07 15:29 . 2009-04-07 15:29 -------- d-----w c:\program files\WinPcap
2009-04-06 15:07 . 2008-06-03 08:48 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 10:06 . 2007-03-14 11:39 -------- d-----w c:\program files\Google
2009-04-03 10:04 . 2008-06-03 08:51 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-03 10:04 . 2007-03-14 17:29 -------- d-----w c:\program files\QuickTime
2009-04-03 10:03 . 2008-02-23 09:56 -------- d-----w c:\program files\DivX
2009-04-03 10:03 . 2008-02-07 17:19 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-01 13:24 . 2007-04-16 17:07 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-01 13:24 . 2007-04-16 17:07 232 ---ha-w C:\sqmdata02.sqm
2009-04-01 13:24 . 2007-04-15 22:27 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-01 13:24 . 2007-04-15 22:27 232 ---ha-w C:\sqmdata01.sqm
2009-04-01 13:22 . 2007-03-31 23:24 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-01 13:22 . 2007-03-31 23:24 232 ---ha-w C:\sqmdata00.sqm
2009-04-01 13:22 . 2007-06-03 12:08 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-01 13:22 . 2007-06-03 12:08 232 ---ha-w C:\sqmdata19.sqm
2009-04-01 13:21 . 2007-06-02 22:19 232 ---ha-w C:\sqmdata18.sqm
2009-04-01 13:21 . 2007-06-02 22:19 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-01 13:21 . 2007-05-19 16:13 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-01 13:21 . 2007-05-19 16:13 232 ---ha-w C:\sqmdata17.sqm
2009-04-01 13:20 . 2007-05-05 11:25 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-01 13:20 . 2007-05-05 11:25 232 ---ha-w C:\sqmdata16.sqm
2009-04-01 13:20 . 2007-05-04 16:19 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-01 13:20 . 2007-05-04 16:19 232 ---ha-w C:\sqmdata15.sqm
2009-04-01 13:18 . 2007-05-04 14:59 232 ---ha-w C:\sqmdata14.sqm
2009-04-01 13:18 . 2007-05-04 14:59 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-01 11:56 . 2007-05-04 14:15 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-01 11:56 . 2007-05-04 14:15 232 ---ha-w C:\sqmdata13.sqm
2009-04-01 11:43 . 2007-05-04 14:09 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-01 11:43 . 2007-05-04 14:09 232 ---ha-w C:\sqmdata12.sqm
2009-04-01 11:42 . 2007-04-18 20:37 232 ---ha-w C:\sqmdata11.sqm
2009-04-01 11:42 . 2007-04-18 20:36 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-01 11:42 . 2007-04-17 21:15 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-01 11:42 . 2007-04-17 21:15 232 ---ha-w C:\sqmdata10.sqm
2009-04-01 11:41 . 2007-04-17 19:29 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-01 11:41 . 2007-04-17 19:29 232 ---ha-w C:\sqmdata09.sqm
2009-04-01 11:40 . 2007-04-17 18:10 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-01 11:40 . 2007-04-17 18:10 232 ---ha-w C:\sqmdata08.sqm
2009-04-01 11:40 . 2007-04-17 16:59 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-01 11:40 . 2007-04-17 16:59 232 ---ha-w C:\sqmdata07.sqm
2009-04-01 11:38 . 2007-04-17 11:09 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-01 11:38 . 2007-04-17 11:09 232 ---ha-w C:\sqmdata06.sqm
2009-04-01 11:37 . 2007-04-17 10:01 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-01 11:37 . 2007-04-17 10:01 232 ---ha-w C:\sqmdata05.sqm
2008-10-30 17:05 . 2007-03-13 18:47 68848 -c--a-w c:\documents and settings\System Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-29 20:03 . 2008-03-29 20:03 1980156 -c--a-w c:\documents and settings\All Users\SPL17.tmp
2007-04-05 16:38 . 2007-04-05 16:38 114856 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2003-12-18 10:33 . 2008-09-23 17:20 20102 -c--a-w c:\program files\Readme.txt
2003-09-03 06:46 . 2008-09-23 17:20 10960 -c--a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-04-19_13.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 16:23 . 2009-04-19 16:23 68961 c:\windows\system32\drivers\gmer.sys
+ 2009-04-19 16:17 . 2006-11-28 14:23 573440 c:\windows\gmer.exe
+ 2009-04-19 16:17 . 2009-04-19 16:17 565311 c:\windows\gmer.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-11-15 34064]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - lxdi_device
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Applogon]
"ServiceDll"="c:\windows\system32\mdtivac.dll"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cusbohcn]
"ImagePath"="\??\c:\docume~1\SYSTEM~1\LOCALS~1\Temp\cusbohcn.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gmer]
"ImagePath"="System32\DRIVERS\gmer.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1580818891-854245398-1003\Software\SecuROM\License information*]
"datasecu"=hex:76,94,e4,52,69,97,2c,d8,dc,79,1f,b7,0f,84,89,68,a5,41,9d,61,b5,
e6,4b,bc,b9,44,c0,b0,b8,0e,98,0d,7a,37,3e,8e,af,4f,48,1a,8b,3e,14,d3,34,2a,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-19 19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 18:33
ComboFix2.txt 2009-04-19 13:10

Pre-Run: 29,660,712,960 bytes free
Post-Run: 29,576,699,904 bytes free

255 --- E O F --- 2007-06-15 06:23
 
Below is the new Highjack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:48, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212415489758
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212415474667
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2_12-windows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7310 bytes
 
Wahoo..... I can for the first time in a while.
Does this mean it's fixed ?

I also just recieved a pop up box saying, "generic serives for win32 has failed and needs to shut" or something along those lines.
 
Well at least it is better :)

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh HijackThis log.
 
Thanks for your help most gratfull.
Are my logs that are displaced a security issue, (ie need removing from pulic view) or are they ok.
 
We are not done yet :)

Please install some antivirus, post back a fresh hijackthis log and we will continue.
 
You must log in or register to reply here.
Back
Top