Hi recently alot of virus's have been on my computer i am running windows vista, i dont know where they came from Norton internet security 2008 deleted them and blocked them all so i thought i was ok but now when my computer is on internet explorer automaticly opens up and launches a website address the address is http://85.12.43.75/tst20.html the webpage is white black but all these virus's start to come in my computer and norton still removes them this webpage http://85.12.43.75/tst20.html opens regually like every 10 minutes. also i cant use internet explorer or mozzila firefox without right clicking on the icon and opening them as administrator. another problem i have i dont know if its because of the virus's but whenever i boot my computer up it has a black screen and a windows explorer window opens EXAMPLE MY DOCUMENTS. so i cant see the desktop icons or start bar i found i way to go into the computer i hold ctrl alt dlt then click task manager then click run and type in explorer.... that makes the computer desktop and all open do yeah i have alot of problems with my pc.
Hi laxos Sounds like a bad malware. However, the symptons you have are quite common and easily fixed. Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis. Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
Hi, thanks alot for the help i got the log file here it is.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:13 PM, on 6/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\explorer.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\hrmrqeovr.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\James\Desktop\scanner.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\James\Desktop\scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\System Files Updater.exe /S O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\sSMfebxu.dll,#1 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\James\AppData\Local\Temp\iifcCroP.dll,#1 O4 - HKCU\..\Run: [lphc5mqj0en9c] C:\Windows\system32\lphc5mqj0en9c.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\James\AppData\Local\Temp\pmNgffFY.dll,c O4 - HKCU\..\Run: [BM9bb80060] Rundll32.exe "C:\Users\James\AppData\Local\Temp\ayqbnmii.dll",s O4 - HKCU\..\Run: [988b33fc] rundll32.exe "C:\Users\James\AppData\Local\Temp\imdjjsyo.dll",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe O4 - Startup: Windows Explorer.lnk = D:\Windows\explorer.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 9179 bytes
Uh oh... it's a bad case of malware, including at least one rootkit. We'll try to dent it first before removing every single trace of it. Now, please download Combofix. With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the Comobofix window, as it may cause it to stall. After that, post a new HijackThis log. Best Regards
Hi, thank you so much for helping me here is the combofix log... ComboFix 08-09-05.02 - James 2008-09-06 23:51:01.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1300 [GMT 10:00] Running from: C:\Users\James\Desktop\combo-fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\James\AppData\Local\Temp\imdjjsyo.dll C:\Users\James\AppData\Local\Temp\pmNgffFY.dll C:\Windows\system32\sSMfebxu.dll C:\Windows\system32\yAtTljgD.dll . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-05 16:15 . 2008-09-05 16:15 156 --a------ C:\Windows\Twunk001.MTX 2008-09-05 16:15 . 2008-09-05 16:15 2 --a------ C:\Windows\Twain001.Mtx 2008-09-05 16:15 . 2008-09-05 16:15 0 --a------ C:\Windows\Twunk002.MTX 2008-09-03 19:34 . 2008-09-03 19:34 <DIR> d-------- C:\Program Files\PSP Pandora Deluxe 2008-09-03 15:35 . 2008-09-03 15:35 <DIR> d-------- C:\Program Files\Opera 2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\Users\All Users\SpeedBit 2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\ProgramData\SpeedBit 2008-09-01 20:30 . 2008-09-01 20:32 <DIR> d-------- C:\Program Files\DAP 2008-09-01 20:30 . 2008-09-01 20:30 479,298 --a------ C:\Windows\System32\wbocx.ocx 2008-09-01 20:30 . 2008-09-01 20:30 172,032 --a------ C:\Windows\System32\AniGIF.ocx 2008-09-01 20:30 . 2008-09-01 20:30 50,688 --a------ C:\Windows\System32\wbhelp2.dll 2008-08-28 19:46 . 2008-09-06 23:58 65,536 --------- C:\Windows\System32\Ikeext.etl 2008-08-27 17:50 . 2008-09-05 18:49 <DIR> d-------- C:\Users\James\AppData\Roaming\LimeWire 2008-08-27 17:50 . 2008-08-27 17:50 <DIR> d-------- C:\Program Files\LimeWire 2008-08-25 18:46 . 2007-10-26 23:29 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys 2008-08-25 18:46 . 2007-10-26 23:29 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys 2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Program Files\3 Mobile 2008-08-25 03:02 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-25 01:57 . 2008-06-27 11:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-25 01:57 . 2008-06-27 14:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-25 01:57 . 2008-04-10 15:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-25 01:57 . 2008-06-19 13:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-25 01:57 . 2008-04-18 15:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-11 16:39 . 2008-08-11 17:22 <DIR> d-------- C:\Users\James\AppData\Roaming\Download Manager 2008-08-06 20:43 . 2008-08-06 20:43 <DIR> d-------- C:\Team17 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 13:45 --------- d---a-w C:\ProgramData\TEMP 2008-09-06 04:45 --------- d-----w C:\ProgramData\Symantec 2008-09-05 06:09 --------- d-----w C:\Users\James\AppData\Roaming\Any Video Converter 2008-09-04 22:35 --------- d-----w C:\Users\James\AppData\Roaming\uTorrent 2008-08-29 09:57 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-29 09:56 --------- d-----w C:\Program Files\OpenAL 2008-08-29 09:56 --------- d-----w C:\Program Files\Google 2008-08-25 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-24 17:09 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 06:37 --------- d-----w C:\Program Files\Java 2008-08-06 10:43 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-05 09:00 --------- d-----w C:\Program Files\Alex Feinman 2008-07-30 07:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-07-30 07:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-07-30 07:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-10 07:07 --------- d-----w C:\Users\James\AppData\Roaming\DVD Flick 2008-07-09 06:26 --------- d-----w C:\Program Files\Any Video Converter 2008-07-09 06:17 --------- d-----w C:\Program Files\Cucusoft 2008-07-06 07:14 --------- d-----w C:\Program Files\Resource Tuner 2008-07-06 07:04 1,954,304 ----a-w C:\Users\James\authuiff.dll 2008-07-06 07:02 --------- d-----w C:\Users\James\AppData\Roaming\Resource Tuner 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-09 03:38 174 --sha-w C:\Program Files\desktop.ini 2008-06-09 02:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-09 02:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-01-19 07:33 1,985,024 ----a-w C:\Users\James\authui.dll 2006-07-20 08:38 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2006-07-20 08:38 56 ---ha-w C:\ProgramData\ezsidmv.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-15 171448] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "googletalk"="C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 C:\Windows\RtHDVCpl.exe] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ hrmrqeovr.lnk - C:\Windows\System32\hrmrqeovr.exe [2008-05-18 57344] Windows Explorer.lnk - C:\Windows\explorer.exe [2008-06-05 2927104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-09-02 12:58 495616 C:\Program Files\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{185163F3-5BAA-47F7-841E-AE901CAF3060}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{43A7D58C-91E3-43DF-9BAC-91B837C3A930}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{92D1300C-1B02-41FE-B764-A2478805C571}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{5836B5DD-673F-4A40-A043-BDAE6801F7EB}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{8B45BB13-35EF-4CEE-AF8E-61FCC5C51FCC}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{D9495D4F-407D-420B-8D89-202CD2686A3D}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{308754DA-E75D-46F6-AD8D-AD7D6019E0C5}"= UDP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher "{11752CD2-782A-4C7B-9FBA-6F4D1B89A511}"= TCP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher "{9E7A66C3-9D45-4295-A12B-13A9DE1FD82F}"= UDP:C:\Program Files\Sega\The Club\TheClub.exe:The Club "{129A221D-4850-407F-AB15-D1167076D0A6}"= TCP:C:\Program Files\Sega\The Club\TheClub.exe:The Club "{2D664027-7030-4D28-BC4B-DC8F69545AAA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{B95E5F2E-CFAB-4F69-8B6C-FDBCF8D7ECFB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2E554F27-0C46-4C45-9502-63B1B6ADFF33}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 atkdisplf;ATK Kernel Mode Enhanced Driver;C:\Windows\system32\Drivers\atkdisplowfilter.sys [2007-04-26 19968] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.002\IDSvix86.sys [2008-02-14 261680] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864] R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2007-12-20 28672] R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-05-03 256000] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 USB28xxBGA;USB 2860 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-31 479744] S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-31 38656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb8e-74c5-11dd-b7fd-001bfc0e940a}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb95-74c5-11dd-b7fd-001bfc0e940a}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb9c-74c5-11dd-b7fd-001bfc0e940a}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6e1-71ff-11dd-aaef-001bfc0e940a}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6f8-71ff-11dd-aaef-001bfc0e940a}] \shell\AutoRun\command - E:\AutoRun.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-lphc5mqj0en9c - C:\Windows\system32\lphc5mqj0en9c.exe HKLM-Run-System Files Updater - C:\Windows\FlyakiteOSX\System Files Updater.exe HKLM-Run-MSServer - C:\Windows\system32\sSMfebxu.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\matc2jny.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 00:01:13 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\System32\IoctlSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Completion time: 2008-09-07 0:04:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-06 14:04:13 Pre-Run: 178,657,914,880 bytes free Post-Run: 182,167,552,000 bytes free 207 --- E O F --- 2008-08-24 17:03:52 And here is the hijackthis log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:43 AM, on 7/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Users\James\Desktop\scanner.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe O4 - Startup: Windows Explorer.lnk = D:\Windows\explorer.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7820 bytes Thank you so much for helping me!!!!!!
Good. That put a dent in your malware. While I'm looking over your logs, please do the following: Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPWYARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Close all browsers. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
Hi, here is the log for superantispyware, thanks again for helping me SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/07/2008 at 10:42 AM Application Version : 4.21.1004 Core Rules Database Version : 3558 Trace Rules Database Version: 1546 Scan type : Complete Scan Total Scan Time : 01:07:25 Memory items scanned : 578 Memory threats detected : 0 Registry items scanned : 6782 Registry threats detected : 2 File items scanned : 132317 File threats detected : 1 Adware.Tracking Cookie C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\james@clicktorrent[1].txt Trojan.FakeAlert/Desktop HKU\S-1-5-21-443309550-2770032704-453357317-1000\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER HKU\S-1-5-21-443309550-2770032704-453357317-1000\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER
Hey laxos Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe Click on the button Fix checked NOTE:: Close all browsers before fixing anything. Open Notepad and copy/paste the text in the code box below into it: Code: File:: C:\Windows\System32\hrmrqeovr.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb8e-74c5-11dd-b7fd-001bfc0e940a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb95-74c5-11dd-b7fd-001bfc0e940a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb9c-74c5-11dd-b7fd-001bfc0e940a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6e1-71ff-11dd-aaef-001bfc0e940a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6f8-71ff-11dd-aaef-001bfc0e940a}] Save this as CFScript.txt in the same folder as Combofix Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. Also, upload D:\Windows\explorer.exe to www.virustotal.com. Post the results here. Tell me how's your computer doing. Best Regards
Hi here is the combofix log ComboFix 08-09-05.02 - James 2008-09-07 19:42:31.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1079 [GMT 10:00] Running from: C:\Users\James\Desktop\combo-fix.exe Command switches used :: C:\Users\James\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\hrmrqeovr.exe . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 11:45 . 2008-09-07 11:45 <DIR> d-------- C:\Windows\System32\Adobe 2008-09-07 11:42 . 2008-09-01 20:30 251,392 --a------ C:\dapop.dll 2008-09-07 09:27 . 2008-09-07 09:27 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-07 09:27 . 2008-09-07 09:27 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com 2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-05 16:15 . 2008-09-05 16:15 156 --a------ C:\Windows\Twunk001.MTX 2008-09-05 16:15 . 2008-09-05 16:15 2 --a------ C:\Windows\Twain001.Mtx 2008-09-05 16:15 . 2008-09-05 16:15 0 --a------ C:\Windows\Twunk002.MTX 2008-09-03 19:34 . 2008-09-03 19:34 <DIR> d-------- C:\Program Files\PSP Pandora Deluxe 2008-09-03 15:35 . 2008-09-03 15:35 <DIR> d-------- C:\Program Files\Opera 2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\Users\All Users\SpeedBit 2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\ProgramData\SpeedBit 2008-09-01 20:30 . 2008-09-01 20:32 <DIR> d-------- C:\Program Files\DAP 2008-09-01 20:30 . 2008-09-01 20:30 479,298 --a------ C:\Windows\System32\wbocx.ocx 2008-09-01 20:30 . 2008-09-01 20:30 172,032 --a------ C:\Windows\System32\AniGIF.ocx 2008-09-01 20:30 . 2008-09-01 20:30 50,688 --a------ C:\Windows\System32\wbhelp2.dll 2008-08-28 19:46 . 2008-09-07 10:53 65,536 --------- C:\Windows\System32\Ikeext.etl 2008-08-27 17:50 . 2008-09-05 18:49 <DIR> d-------- C:\Users\James\AppData\Roaming\LimeWire 2008-08-27 17:50 . 2008-08-27 17:50 <DIR> d-------- C:\Program Files\LimeWire 2008-08-25 18:46 . 2007-10-26 23:29 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys 2008-08-25 18:46 . 2007-10-26 23:29 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys 2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Program Files\3 Mobile 2008-08-25 03:02 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-25 01:57 . 2008-06-27 11:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-25 01:57 . 2008-06-27 14:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-25 01:57 . 2008-04-10 15:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-25 01:57 . 2008-06-19 13:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-25 01:57 . 2008-04-18 15:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-11 16:39 . 2008-08-11 17:22 <DIR> d-------- C:\Users\James\AppData\Roaming\Download Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 05:08 --------- d-----w C:\ProgramData\Symantec 2008-09-07 01:44 --------- d---a-w C:\ProgramData\TEMP 2008-09-05 06:09 --------- d-----w C:\Users\James\AppData\Roaming\Any Video Converter 2008-09-04 22:35 --------- d-----w C:\Users\James\AppData\Roaming\uTorrent 2008-08-29 09:57 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-29 09:56 --------- d-----w C:\Program Files\OpenAL 2008-08-29 09:56 --------- d-----w C:\Program Files\Google 2008-08-25 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-24 17:09 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 06:37 --------- d-----w C:\Program Files\Java 2008-08-06 10:43 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-05 09:00 --------- d-----w C:\Program Files\Alex Feinman 2008-07-30 07:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-07-30 07:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-07-30 07:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-10 07:07 --------- d-----w C:\Users\James\AppData\Roaming\DVD Flick 2008-07-09 06:26 --------- d-----w C:\Program Files\Any Video Converter 2008-07-09 06:17 --------- d-----w C:\Program Files\Cucusoft 2008-07-06 07:04 1,954,304 ----a-w C:\Users\James\authuiff.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-09 03:38 174 --sha-w C:\Program Files\desktop.ini 2008-06-09 02:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-09 02:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-01-19 07:33 1,985,024 ----a-w C:\Users\James\authui.dll 2006-07-20 08:38 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2006-07-20 08:38 56 ---ha-w C:\ProgramData\ezsidmv.dat 2008-09-01 10:30 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-07_ 0.02.46.94 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-06 23:27:03 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-09-06 23:27:03 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2008-09-06 13:57:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-07 00:52:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-06 13:57:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-07 00:52:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-06 13:58:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-07 00:54:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-07 00:54:07 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-06 13:59:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-07 09:45:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-07 09:45:25 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 + 2008-08-06 06:22:02 114,688 ----a-w C:\Windows\System32\Adobe\Director\np32dsw.dll + 2008-08-06 06:30:48 202,168 ----a-w C:\Windows\System32\Adobe\Director\SwDir.dll + 2008-08-06 06:22:42 499,712 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Control.dll + 2008-08-06 05:45:40 1,798,144 ----a-w C:\Windows\System32\Adobe\Shockwave 11\dirapi.dll + 2008-08-06 06:22:44 9,216 ----a-w C:\Windows\System32\Adobe\Shockwave 11\DynaPlayer.dll + 2008-08-06 05:35:52 706,048 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gi.dll + 2008-08-06 05:35:52 1,145,896 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gt.exe + 2008-08-06 05:35:52 52,288 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gtapi.dll + 2008-08-06 05:42:04 892,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\iml32.dll + 2008-08-06 05:35:52 54,656 ----a-w C:\Windows\System32\Adobe\Shockwave 11\pccuapi.dll + 2008-08-06 06:21:14 266,240 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Plugin.dll + 2008-08-06 06:24:14 446,464 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Proj.dll + 2008-08-06 06:30:30 447,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100465.exe + 2008-08-06 06:24:56 114,688 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwInit.exe + 2008-08-06 06:21:04 94,208 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwMenu.dll + 2008-08-06 05:35:52 50,808 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 2008-09-07 01:47:05 234,872 ----atw C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe + 1999-06-25 00:55:30 149,504 ----a-w C:\Windows\System32\Adobe\Shockwave 11\UNWISE.EXE - 2008-09-06 13:38:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-07 09:15:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-06 13:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-07 09:15:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-06 13:38:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-07 09:15:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-06 13:45:04 105,448 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-07 00:57:38 105,448 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-06 13:45:04 599,942 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-07 00:57:38 599,942 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-06 14:00:25 9,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443309550-2770032704-453357317-1000_UserData.bin + 2008-09-07 00:54:57 9,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443309550-2770032704-453357317-1000_UserData.bin - 2008-09-06 14:00:24 61,010 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-07 00:54:57 61,412 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-06 14:00:16 36,574 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-07 00:54:55 37,082 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-15 171448] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "googletalk"="C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "symPCCheckup"="C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-09-07 234872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{185163F3-5BAA-47F7-841E-AE901CAF3060}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{43A7D58C-91E3-43DF-9BAC-91B837C3A930}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{92D1300C-1B02-41FE-B764-A2478805C571}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{5836B5DD-673F-4A40-A043-BDAE6801F7EB}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{8B45BB13-35EF-4CEE-AF8E-61FCC5C51FCC}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{D9495D4F-407D-420B-8D89-202CD2686A3D}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{308754DA-E75D-46F6-AD8D-AD7D6019E0C5}"= UDP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher "{11752CD2-782A-4C7B-9FBA-6F4D1B89A511}"= TCP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher "{9E7A66C3-9D45-4295-A12B-13A9DE1FD82F}"= UDP:C:\Program Files\Sega\The Club\TheClub.exe:The Club "{129A221D-4850-407F-AB15-D1167076D0A6}"= TCP:C:\Program Files\Sega\The Club\TheClub.exe:The Club "{2D664027-7030-4D28-BC4B-DC8F69545AAA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{B95E5F2E-CFAB-4F69-8B6C-FDBCF8D7ECFB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2E554F27-0C46-4C45-9502-63B1B6ADFF33}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 atkdisplf;ATK Kernel Mode Enhanced Driver;C:\Windows\system32\Drivers\atkdisplowfilter.sys [2007-04-26 19968] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.002\IDSvix86.sys [2008-02-14 261680] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864] R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2007-12-20 28672] R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-05-03 256000] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] S3 USB28xxBGA;USB 2860 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-31 479744] S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-31 38656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 19:45:47 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-07 19:47:41 ComboFix-quarantined-files.txt 2008-09-07 09:47:36 ComboFix2.txt 2008-09-06 14:04:34 Pre-Run: 184,089,485,312 bytes free Post-Run: 184,059,678,720 bytes free 229 --- E O F --- 2008-08-24 17:03:52 And here is the hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:49:32 PM, on 7/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\James\Desktop\scanner.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7845 bytes I will now post to that website, THANKS ALOT AGAIN
Hi uploaded explorer.exe and here are the results, thanks again for all the help Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - FileAdvisor - - - Fortinet - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - - Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - BlockReason.0 Additional information MD5: ffa764631cb70a30065c12ef8e174f9f SHA1: 756d276f00b25b702e54c1568e3a2ccb1c29c5a7 SHA256: b5559af2bb51134acea925ee633eb60d804e57848c1587ce0f9ff026e426d5f1 SHA512: 382441e813a2ca986ee44bf8fb53da3591b684a7d6ee26224033cfce61626e866cf8bbb890820b5eda8b4e14004d7c3ead58c0b9912754f54dc137637d9a4f9f
Hi uploaded the file and got results again because i think i did something wrong the first time cause it didnt come up with as much text but yeah i just trying to be sure im doing everything right heres the 2nd time results.... Antivirus Version Last Update Result AhnLab-V3 2008.9.6.0 2008.09.06 - AntiVir 7.8.1.28 2008.09.05 - Authentium 5.1.0.4 2008.09.06 - Avast 4.8.1195.0 2008.09.06 - AVG 8.0.0.161 2008.09.07 - BitDefender 7.2 2008.09.07 - CAT-QuickHeal 9.50 2008.09.06 - ClamAV 0.93.1 2008.09.07 - DrWeb 4.44.0.09170 2008.09.07 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6072 2008.09.05 - Ewido 4.0 2008.09.06 - F-Prot 4.4.4.56 2008.09.06 - F-Secure 8.0.14332.0 2008.09.07 - Fortinet 3.112.0.0 2008.09.07 - GData 19 2008.09.07 - Ikarus T3.1.1.34.0 2008.09.07 - K7AntiVirus 7.10.443 2008.09.05 - Kaspersky 7.0.0.125 2008.09.07 - McAfee 5378 2008.09.05 - Microsoft 1.3903 2008.09.07 - NOD32v2 3423 2008.09.06 - Norman 5.80.02 2008.09.05 - Panda 9.0.0.4 2008.09.06 - PCTools 4.4.2.0 2008.09.06 - Prevx1 V2 2008.09.07 - Rising 20.60.62.00 2008.09.07 - Sophos 4.33.0 2008.09.07 - Sunbelt 3.1.1610.1 2008.09.05 - Symantec 10 2008.09.07 - TheHacker 6.3.0.8.075 2008.09.06 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.06 - ViRobot 2008.9.5.1365 2008.09.06 - VirusBuster 4.5.11.0 2008.09.06 - Webwasher-Gateway 6.6.2 2008.09.05 - Additional information File size: 2927104 bytes MD5...: ffa764631cb70a30065c12ef8e174f9f SHA1..: 756d276f00b25b702e54c1568e3a2ccb1c29c5a7 SHA256: b5559af2bb51134acea925ee633eb60d804e57848c1587ce0f9ff026e426d5f1 SHA512: 382441e813a2ca986ee44bf8fb53da3591b684a7d6ee26224033cfce61626e86 6cf8bbb890820b5eda8b4e14004d7c3ead58c0b9912754f54dc137637d9a4f9f PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10271b3 timedatestamp.....: 0x47918e5d (Sat Jan 19 05:45:01 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6bef5 0x6c000 6.42 0264ce946997d690218abb5cdcf29bbf .data 0x6d000 0x215c 0x2000 0.84 96e80324a19c078ea177dfb10dea1f46 .rsrc 0x70000 0x2566a0 0x256800 7.04 1d509f2829c8d8d436b27869ab7dc5b6 .reloc 0x2c7000 0x5a30 0x5c00 6.74 81869fc317307f61983fb603a2e18197 ( 19 imports ) > ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid > KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook > GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps > USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync > msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode > ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation > SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, - > SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, -, SHGetFolderLocation, -, -, -, - > ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear > OLEAUT32.dll: -, -, -, -, -, - > SHDOCVW.dll: -, - > UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect > POWRPROF.dll: GetPwrCapabilities > dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail > gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode > slc.dll: SLGetWindowsInformationDWORD > RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW > PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc > BROWSEUI.dll: -, -
My brother-in-law asked me to fix his computer, and it has this exact same virus. Can I follow the instruction that have already been given and fix his laptop? Or do I have to do a brand new thread and post all my logs too? Thanks...
You probobly couldn't because your infection may be located at a different location then mine,but if i were you i would wait for the guy thats helping me, to reply....
Hi cdavfrew, my computer is working perfectly and all but i just want to be sure the malware is completely removed so i dont have to go through this process again, Thanks
hi, i have thesame thing to, i downlade the programme and did what you said. here ae list of my results: (by the way,please dont use this to yor advantage the people looking here) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:57, on 07/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Windows\vVX6000.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\System32\atwtusb.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Dominic Smith\svchost.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\WTMKM.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\cmd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\Dominic Smith\Downloads\Scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B0A795FE-DEE0-4383-9078-9ADC1CC150C1} - C:\Windows\system32\byXPHyaa.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPHyaa.dll,#1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Host Process] C:\Users\Dominic Smith\svchost.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\efcARlii.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\byXRhEWq.dll,#1 O4 - HKCU\..\Run: [acccd2dc] rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\illglryw.dll",b O4 - HKCU\..\Run: [BMafffe140] Rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\bmmjfmhj.dll",s O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe -- End of file - 12760 bytes
coud you please do the sae for mine, if you did i would really be pleased! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:57, on 07/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Windows\vVX6000.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\System32\atwtusb.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Dominic Smith\svchost.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\WTMKM.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\cmd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\Dominic Smith\Downloads\Scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B0A795FE-DEE0-4383-9078-9ADC1CC150C1} - C:\Windows\system32\byXPHyaa.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPHyaa.dll,#1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Host Process] C:\Users\Dominic Smith\svchost.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\efcARlii.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\byXRhEWq.dll,#1 O4 - HKCU\..\Run: [acccd2dc] rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\illglryw.dll",b O4 - HKCU\..\Run: [BMafffe140] Rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\bmmjfmhj.dll",s O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe -- End of file - 12760 bytes
to laxos: You now look squeaky clean. You are good. to everyone else: Woah... I'll get to you, but no point crowding laxos's thread. Open a new thread, and you will be helped. Best Regards
