please help me this is my highjackthis log.

Discussion in 'Windows - Virus and spyware problems' started by alvinjohn, Jul 31, 2008.

  1. alvinjohn

    alvinjohn Member

    Joined:
    Jul 31, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    I have problem about drWatson Postmortem Debugger error and lossing atpqplvi.dll how can I fix it please help me:

    here are my Highjackthis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:59:27 AM, on 8/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: (no name) - {007C0568-5EEB-45A1-BE86-10AA7BEAB6BB} - C:\WINDOWS\system32\vtUnonLC.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5E9F3001-95EA-4933-BF4C-D0AF95D8FF54} - C:\WINDOWS\system32\ddcYqrSM.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [VirtualTextMessenger] "C:\Program Files\Virtual Text Messenger 3.0\VirtualTextMessenger.exe" minimised
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [BMabcac440] Rundll32.exe "C:\WINDOWS\system32\atpqplvi.dll",s
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.alvinjohnf@gmail.com
    O15 - Trusted Zone: *.alvin_john_ferias@yahoo.com
    O15 - Trusted Zone: http://www.downloadtube.com
    O15 - Trusted Zone: alvinj.fabhosting.co.cc
    O15 - Trusted Zone: alvinjohnferias.fabhosting.co.cc
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: vtUnonLC - vtUnonLC.dll (file missing)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
     
    alvinjohn, Jul 31, 2008
    #1
  2. alvinjohn

    alvinjohn Member

    Joined:
    Jul 31, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    I already fixed the problem in
    http://www.hijackthis.de/#anl
    if its ok to fix it in this URL...if there problem in this logfile please help me..thanks:



    Logfile of HijackThis v1.99.1
    Scan saved at 12:09:19 PM, on 8/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [BMabcac440] Rundll32.exe "C:\WINDOWS\system32\atpqplvi.dll",s
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.alvinjohnf@gmail.com
    O15 - Trusted Zone: *.alvin_john_ferias@yahoo.com
    O15 - Trusted Zone: http://www.downloadtube.com
    O15 - Trusted Zone: alvinj.fabhosting.co.cc
    O15 - Trusted Zone: alvinjohnferias.fabhosting.co.cc
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

     
    alvinjohn, Aug 1, 2008
    #2
  3. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi Alvin

    I am not quite sure what type of malware you have, but I have a pretty strong notion it's Vundo.

    To confirm this, please do the following step:

    Open My Computer. Click on Tools on the top, Folder Options, View, and scroll down till you see Hidden Files and Folders. Make sure both Do not show hidden files and folders and Hide protected operating system files (Recommended) are unchecked.

    Now, click on Search, All files and folders, and when you click on More advanced options, everything but Case sensitive is checked. Now, type in atpqplvi.dll, and search for that file. If the file is found, please copy it to your desktop.

    Now, go to VirusTotal.com, and upload the file. Post the results here.

    Best Regards :D
     
    cdavfrew, Aug 1, 2008
    #3
  4. alvinjohn

    alvinjohn Member

    Joined:
    Jul 31, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    I search atpqplvi.dll search is complete but there are no result display.Where I can get atpqpll?What is the posible anti virus for Vundo.?
     
    alvinjohn, Aug 2, 2008
    #4
  5. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey Alvin.

    Sorry for the late reply.

    You are quite right to think that the culprit is Vundo. Indeed, I believe it is.

    Please do the following to try to get rid of your Vundo infection:

    First, download the following three tools: F-Vmonde; Vundofix; Virtumundobegone.

    Please make sure all active windows are closed, all security programs like antimalware and firewalls are disabled, and run these tools in order: F-Vmonde, Vundofix and Virtumundobegone. If your desktop disappears, do not panic. It will be restored. If you are prompted to reboot at the end of each scan, do so. Please post the Vundofix and Virtumundobegone logs here.

    Best Regards :D
     
    cdavfrew, Aug 5, 2008
    #5
  6. alvinjohn

    alvinjohn Member

    Joined:
    Jul 31, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11

    [08/07/2008, 19:07:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Desktop\VirtumundoBeGone.exe" )
    [08/07/2008, 19:08:02] - Detected System Information:
    [08/07/2008, 19:08:02] - Windows Version: 5.1.2600, Service Pack 2
    [08/07/2008, 19:08:02] - Current Username: ALVIN JOHN (Admin)
    [08/07/2008, 19:08:02] - Windows is in NORMAL mode.
    [08/07/2008, 19:08:02] - Searching for Browser Helper Objects:
    [08/07/2008, 19:08:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
    [08/07/2008, 19:08:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [08/07/2008, 19:08:02] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [08/07/2008, 19:08:02] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
    [08/07/2008, 19:08:02] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    [08/07/2008, 19:08:02] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [08/07/2008, 19:08:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [08/07/2008, 19:08:02] - BHO 8: {EEE6C35C-6118-11DC-9C72-001320C79847} (SweetIM Toolbar Helper)
    [08/07/2008, 19:08:02] - Finished Searching Browser Helper Objects
    [08/07/2008, 19:08:02] - Finishing up...
    [08/07/2008, 19:08:02] - Nothing found! Exiting...
     
    alvinjohn, Aug 7, 2008
    #6
  7. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey alvinjohn

    Download both Superantispyware Free and Combofix. With Combofix, at the download window, please rename it to Combo-fix before downloading it.

    Install Superantispyware Free and update it fully. Next, boot your computer into safe mode which you can do by repeatedly typing the F8 key after you press the power button.

    Scan your computer with Superantispyware. Quarantine all detected items, and post the scan log here. After that, right click on the Superantispyware icon in your task bar, and click on Exit.

    Please run Combofix and follow the prompts. Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. Do not click on the Comobofix window, as it may cause it to stall. If it asks for a reboot, do it. Post the log, which is located at C:\ComboFix.txt, here.

    Best Regards :D
     
    cdavfrew, Aug 7, 2008
    #7
  8. alvinjohn

    alvinjohn Member

    Joined:
    Jul 31, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    here are my log in combofix


    ComboFix 08-07-31.01 - ALVIN JOHN 2008-08-08 20:46:44.2 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.797 [GMT -7:00]
    Running from: C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
    .

    2008-08-08 19:21 . 2008-08-08 19:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-08-08 19:21 . 2008-08-08 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-08 19:21 . 2008-08-08 19:21 <DIR> d-------- C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\SUPERAntiSpyware.com
    2008-08-08 19:21 . 2008-08-08 19:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
    2008-08-08 11:49 . 2008-08-08 11:51 <DIR> d-------- C:\Program Files\BitComet
    2008-08-07 18:58 . 2008-08-07 18:58 <DIR> d-------- C:\VundoFix Backups
    2008-08-01 19:30 . 2008-08-01 19:30 <DIR> d-------- C:\Program Files\iTunes
    2008-08-01 19:30 . 2008-08-01 19:30 <DIR> d-------- C:\Program Files\iPod
    2008-08-01 19:24 . 2008-08-01 19:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2008-08-01 11:18 . 2008-08-01 11:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-01 11:18 . 2008-08-01 11:18 <DIR> d-------- C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\Malwarebytes
    2008-08-01 11:18 . 2008-08-01 11:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-08-01 11:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-01 11:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-01 10:39 . 2008-08-01 10:39 <DIR> d-------- C:\Program Files\ToniArts
    2008-08-01 00:09 . 2008-08-01 00:09 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
    2008-07-30 11:55 . 2008-07-30 11:55 <DIR> d-------- C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Parts
    2008-07-30 11:52 . 2008-07-30 12:34 <DIR> d-------- C:\Program Files\Sidebar
    2008-07-30 10:07 . 2008-08-01 12:22 <DIR> d-------- C:\Program Files\Common Files\stardock
    2008-07-30 10:03 . 2008-07-30 10:03 <DIR> d--h-c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
    2008-07-30 09:57 . 2008-07-30 09:57 0 --------- C:\WINDOWS\WB.ini
    2008-07-30 09:51 . 2008-07-30 09:51 <DIR> d-------- C:\Program Files\Stardock
    2008-07-30 09:51 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-07-30 09:24 . 2008-07-30 09:24 <DIR> d-------- C:\WINDOWS\VCP_TEMP
    2008-07-30 09:24 . 2008-07-30 09:24 <DIR> d-------- C:\WINDOWS\VCP_SAVE
    2008-07-30 09:24 . 2008-07-30 09:24 <DIR> d-------- C:\Program Files\Wallpapers
    2008-07-30 09:24 . 2008-07-30 09:24 <DIR> d-------- C:\Program Files\Fonts
    2008-07-30 09:24 . 2005-09-28 02:31 49,152 --a------ C:\WINDOWS\system32\icon.exe
    2008-07-30 08:56 . 2008-07-30 08:56 <DIR> d-------- C:\Program Files\Safari
    2008-07-30 08:38 . 2008-07-30 17:19 <DIR> d-------- C:\Program Files\FlashGet
    2008-07-29 20:22 . 2008-07-29 20:22 <DIR> d-------- C:\Program Files\SweetIM
    2008-07-29 20:22 . 2008-07-29 20:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
    2008-07-29 08:45 . 2003-05-02 15:20 194,048 --a------ C:\WINDOWS\system32\PlayGif.ocx
    2008-07-28 23:22 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-07-28 23:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-07-28 23:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-07-28 23:22 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-07-26 17:00 . 2008-07-26 17:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
    2008-07-25 22:49 . 2008-07-25 22:50 <DIR> d-------- C:\Program Files\EasyPHP 2.0b1
    2008-07-25 18:43 . 2008-08-04 10:48 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-07-25 10:22 . 2008-08-08 08:27 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-07-25 10:22 . 2008-07-25 10:22 <DIR> d-------- C:\Program Files\AVG
    2008-07-25 10:22 . 2008-07-25 10:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2008-07-25 10:22 . 2008-07-28 10:05 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-25 10:22 . 2008-07-28 10:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-25 10:22 . 2008-07-28 10:05 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-07-25 10:22 . 2008-07-28 10:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Program Files\Alwil Software
    2008-07-25 10:17 . 2008-07-25 10:17 95 --a------ C:\WINDOWS\wininit.ini
    2008-07-25 10:04 . 2008-07-25 10:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-25 10:04 . 2008-07-25 10:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-07-23 12:43 . 2008-07-23 12:43 2,251,776 --a------ C:\MAJ.zip
    2008-07-22 13:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-07-16 13:48 . 2008-07-16 13:48 10,828 --a------ C:\Payslip June_16-30_08 Alvin.xlsx

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-06 21:31 --------- d-----w C:\Program Files\Macromedia
    2008-08-06 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-02 02:24 --------- d-----w C:\Program Files\QuickTime
    2008-08-01 20:39 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\Apple Computer
    2008-08-01 08:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-01 00:04 --------- d-----w C:\Program Files\Google
    2008-07-30 15:56 --------- d-----w C:\Program Files\Bonjour
    2008-07-26 17:56 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-07-25 17:17 --------- d-----w C:\Program Files\Enigma Software Group
    2008-07-22 22:57 --------- d-----w C:\Program Files\CSS Tab Designer 2
    2008-07-16 02:31 --------- d-----w C:\Program Files\Java
    2008-07-11 00:57 --------- d-----w C:\Program Files\Notepad++
    2008-07-11 00:57 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\Notepad++
    2008-06-30 17:43 --------- d-----w C:\Program Files\Easy Icon Maker
    2008-06-25 01:36 --------- d-----w C:\Program Files\Flickr Uploadr
    2008-06-22 22:36 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\TeamViewer
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 14:55 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\TigerPlayer
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 20:45 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\CyberLink
    2008-06-19 20:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
    2008-06-18 06:26 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-06-18 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
    2008-06-18 06:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
    2008-06-18 06:14 --------- d-----w C:\Program Files\CyberLink
    2008-06-18 06:13 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-18 06:06 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\dvdcss
    2008-06-18 01:47 --------- d-----w C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\Flickr
    2008-06-13 20:10 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 19:05 --------- d-----w C:\Program Files\SpecialBook
    2008-06-11 17:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-05-20 21:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-01_12.37.03.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-02 02:30:52 102,400 ----a-r C:\WINDOWS\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe
    + 2008-08-09 02:21:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-08-09 02:21:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2008-01-29 19:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    + 2008-07-23 03:32:44 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
    + 2008-01-29 19:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-07-06 12:44 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 12:44 1164600]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 12:44 1164600]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 09:20 171448]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [BU]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 00:23 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-09 00:23 81920]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
    "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 10:06 1235736]
    "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 12:32 111928]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 07:38 78008]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 15:56 158208]
    "nwiz"="nwiz.exe" [2008-01-09 00:23 1626112 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-01-31 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-17 11:04 2879488 C:\WINDOWS\SkyTel.exe]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16204:TCP"= 16204:TCP:BitComet 16204 TCP
    "16204:UDP"= 16204:UDP:BitComet 16204 UDP
    "11751:TCP"= 11751:TCP:BitComet 11751 TCP
    "11751:UDP"= 11751:UDP:BitComet 11751 UDP
    "11997:TCP"= 11997:TCP:BitComet 11997 TCP
    "11997:UDP"= 11997:UDP:BitComet 11997 UDP

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-28 10:05]
    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35]
    S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 10:05]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 10:05]
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 10:06]
    S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 10:06]

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Application Data\Mozilla\Firefox\Profiles\x7ik5xrf.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-08 20:50:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-08 20:52:32
    ComboFix-quarantined-files.txt 2008-08-09 03:52:27
    ComboFix2.txt 2008-08-01 19:37:26

    Pre-Run: 38,221,221,888 bytes free
    Post-Run: 38,321,115,136 bytes free

    221 --- E O F --- 2008-07-10 06:49:15



    ____________________________________________________-

    this is for superantispywre
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/08/2008 at 08:42 PM

    Application Version : 4.15.1000

    Core Rules Database Version : 3530
    Trace Rules Database Version: 1520

    Scan type : Complete Scan
    Total Scan Time : 01:00:46

    Memory items scanned : 163
    Memory threats detected : 0
    Registry items scanned : 6168
    Registry threats detected : 0
    File items scanned : 27972
    File threats detected : 6

    Adware.Tracking Cookie
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Cookies\alvin john@adinterax[2].txt
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Cookies\alvin john@serving-sys[1].txt
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Cookies\alvin john@ad.yieldmanager[2].txt
    C:\Documents and Settings\ALVIN JOHN.ALVINJOHN\Cookies\alvin john@bs.serving-sys[1].txt

    Adware.180solutions/Seekmo/Zango
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CD00BD4-D5B7-4EF2-A498-A36DCB45E561}\RP59\A0018748.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CD00BD4-D5B7-4EF2-A498-A36DCB45E561}\RP59\A0018750.EXE


     
    alvinjohn, Aug 8, 2008
    #8
  9. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey alvinjohn

    Tell me if the same problem still occurs, and whether or not there are any variations. Your logs look squeaky clean.

    Best Regards :D
     
    cdavfrew, Aug 9, 2008
    #9

Share This Page