MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Virus infection, I think
November 17, 2019, 03:37:40 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 17, 2019, 03:37:40 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Virus infection, I think  (Read 1655 times)
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« on: May 30, 2008, 02:29:42 AM »

I started up my computer the other day and was greeted my some very weird visual pixalation / weirdness. SpybotSD, AdAware, and Trend Micro havent been able to help me much either. Any help would be greatly appreciated! My HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:08 PM, on 5/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steven Collins\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] D:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.vistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206317448968
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 30, 2008, 03:49:19 AM »

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
Logged

An Australian Member of

EDDY
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: June 07, 2008, 07:58:30 PM »

I did what you said and here is the ComboFix log:

ComboFix 08-06-03.4 - Steven Collins 2008-06-07 15:46:06.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1543 [GMT -4:00]
Running from: C:\Documents and Settings\Steven Collins\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\Downloaded Program Files\setup.inf

.
(((((((((((((((((((((((((   Files Created from 2008-05-07 to 2008-06-07  )))))))))))))))))))))))))))))))
.

2008-05-29 11:22 . 2007-08-01 22:47   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 11:07 . 2008-05-29 12:30   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-05-28 16:10 . 2008-06-06 05:31   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-05-28 16:10 . 2008-05-28 16:10   <DIR>   d--------   C:\Program Files\AVG
2008-05-28 16:10 . 2008-05-28 21:31   <DIR>   d--------   C:\Documents and Settings\Steven Collins\Application Data\AVGTOOLBAR
2008-05-28 16:10 . 2008-05-28 16:10   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 16:10 . 2008-05-28 16:10   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 16:10 . 2008-05-28 16:10   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-05-18 03:08 . 2001-08-17 22:36   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2008-05-18 03:07 . 2008-04-13 20:09   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\system32\en
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-05-17 23:37 . 2008-04-13 20:12   712,704   ---------   C:\WINDOWS\system32\windowscodecs.dll
2008-05-17 23:37 . 2008-04-13 20:12   346,112   ---------   C:\WINDOWS\system32\windowscodecs*xt.dll
2008-05-17 23:37 . 2008-04-13 20:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-05-17 23:37 . 2008-04-13 20:12   53,248   ---------   C:\WINDOWS\system32\tsgqec.dll
2008-05-17 23:37 . 2008-04-13 20:12   50,688   ---------   C:\WINDOWS\system32\tspkg.dll
2008-05-17 23:35 . 2008-04-13 20:11   136,192   ---------   C:\WINDOWS\system32\aaclient.dll
2008-05-17 11:40 . 2008-05-17 11:40   <DIR>   d--------   C:\Program Files\Common Files\Blizzard Entertainment

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 20:14   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\Skype
2008-05-28 02:14   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 15:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-18 07:05   96,384   ----a-w   C:\WINDOWS\system32\drivers\sptd4781.sys
2008-05-17 02:28   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\RipIt4Me
2008-04-27 02:07   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\LimeWire
2008-04-16 01:10   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-14 09:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42   11,264   ------w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24   2,145,280   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56   30,592   ------w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56   12,800   ------w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53   36,608   ------w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53   264,832   ------w   C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51   101,120   ------w   C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45   60,160   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44   81,664   ----a-w   C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44   799,744   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44   20,992   ----a-w   C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44   17,664   ----a-w   C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44   153,344   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43   9,728   ------w   C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43   14,208   ------w   C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43   12,800   ----a-w   C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:43   12,672   ------w   C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41   52,352   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39   92,544   ----a-w   C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39   7,552   ----a-w   C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39   5,504   ----a-w   C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39   5,376   ----a-w   C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39   42,368   ----a-w   C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39   4,992   ----a-w   C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39   4,352   ----a-w   C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39   384,768   ----a-w   C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39   24,576   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 18:39   23,040   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 18:39   14,592   ----a-w   C:\WINDOWS\system32\drivers\kbdhid.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-28 16:10   2050816   --a------   D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-28 16:10 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-28 16:10 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 11:50 68856]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-04-13 20:12 50176]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-18 21:56 4841472]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 13:22 45056]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 14:29 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 13:43 88363 C:\WINDOWS\AGRSMMSG.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"ATIMACE"="C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe" [2006-01-26 10:35 86016]
"D-Link RangeBooster G WUA-2340"="D:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 12:18 2490368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 10:35 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVFX Engine"="D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 13:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 16:10 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader

R0 SonyLSM;LED State Service;C:\WINDOWS\system32\Drivers\SonyLSM.sys [2003-12-19 22:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 16:10]
R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 16:10]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-25 22:32]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v2.6.75a\ATI Tray Tools\atitray.sys []
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-07-25 22:35]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 01:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 04:00]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-08-03 11:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c53b356-9015-11dc-aeee-0015e9894ea3}]
\Shell\Auto\command - G:\config.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL config.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 18:32:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-26 15:50:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2004-08-29 14:07:24 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-08-23 22:21:55 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:48:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 15:51:05
ComboFix-quarantined-files.txt  2008-06-07 19:50:16

Pre-Run: 714,838,016 bytes free
Post-Run: 1,428,578,304 bytes free

257   --- E O F ---   2008-05-17 07:02:31
Logged
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #3 on: June 07, 2008, 07:59:09 PM »

And the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:22 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steven Collins\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] D:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.vistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206317448968
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: June 08, 2008, 12:19:36 AM »


Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.


  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.












Logged

An Australian Member of

EDDY
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #5 on: June 08, 2008, 04:57:34 PM »

I can't seem to find the right download for my OS. I use Windows XP Media Edition 2002, Service Pack 3 - which I was not able to find on the Microsoft website. Am I just being thick or should I just use Windows XP SP2 download?
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: June 08, 2008, 11:42:47 PM »

Yes use Windows XP SP2
Logged

An Australian Member of

EDDY
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #7 on: June 09, 2008, 09:34:35 PM »

Round 2  Wink


ComboFix 08-06-03.4 - Steven Collins 2008-06-09 17:28:37.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1475 [GMT -4:00]
Running from: C:\Documents and Settings\Steven Collins\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-05-09 to 2008-06-09  )))))))))))))))))))))))))))))))
.

2008-06-08 16:23 . 2008-06-08 16:23   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 11:22 . 2007-08-01 22:47   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 11:07 . 2008-05-29 12:30   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-05-28 16:10 . 2008-06-09 17:24   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-05-28 16:10 . 2008-05-28 16:10   <DIR>   d--------   C:\Program Files\AVG
2008-05-28 16:10 . 2008-05-28 21:31   <DIR>   d--------   C:\Documents and Settings\Steven Collins\Application Data\AVGTOOLBAR
2008-05-28 16:10 . 2008-05-28 16:10   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 16:10 . 2008-05-28 16:10   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 16:10 . 2008-05-28 16:10   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-05-18 03:08 . 2001-08-17 22:36   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2008-05-18 03:07 . 2008-04-13 20:09   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\system32\en
2008-05-17 23:48 . 2008-05-17 23:48   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-05-17 23:37 . 2008-04-13 20:12   712,704   ---------   C:\WINDOWS\system32\windowscodecs.dll
2008-05-17 23:37 . 2008-04-13 20:12   346,112   ---------   C:\WINDOWS\system32\windowscodecs*xt.dll
2008-05-17 23:37 . 2008-04-13 20:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-05-17 23:37 . 2008-04-13 20:12   53,248   ---------   C:\WINDOWS\system32\tsgqec.dll
2008-05-17 23:37 . 2008-04-13 20:12   50,688   ---------   C:\WINDOWS\system32\tspkg.dll
2008-05-17 23:35 . 2008-04-13 20:11   136,192   ---------   C:\WINDOWS\system32\aaclient.dll
2008-05-17 11:40 . 2008-05-17 11:40   <DIR>   d--------   C:\Program Files\Common Files\Blizzard Entertainment
2008-05-16 11:58 . 2008-05-16 11:58   12,632   --a------   C:\WINDOWS\system32\lsdelete.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 21:25   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 01:37   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\Skype
2008-06-08 20:24   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-08 17:24   ---------   d-----w   C:\Program Files\Google
2008-05-24 15:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-18 07:05   96,384   ----a-w   C:\WINDOWS\system32\drivers\sptd4781.sys
2008-05-17 02:28   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\RipIt4Me
2008-04-29 15:20   15,648   ----a-w   C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19   15,648   ----a-w   C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19   12,960   ----a-w   C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 02:07   ---------   d-----w   C:\Documents and Settings\Steven Collins\Application Data\LimeWire
2008-04-16 01:10   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-14 09:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42   11,264   ------w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24   2,145,280   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56   30,592   ------w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56   12,800   ------w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53   36,608   ------w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53   264,832   ------w   C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51   101,120   ------w   C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45   60,160   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44   81,664   ----a-w   C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44   799,744   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44   20,992   ----a-w   C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44   17,664   ----a-w   C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44   153,344   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43   9,728   ------w   C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43   14,208   ------w   C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43   12,800   ----a-w   C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:43   12,672   ------w   C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41   52,352   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39   92,544   ----a-w   C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39   7,552   ----a-w   C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39   5,504   ----a-w   C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39   5,376   ----a-w   C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39   42,368   ----a-w   C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39   4,992   ----a-w   C:\WINDOWS\system32\drivers\mspqm.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-06-07_15.50.07.06   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 20:12:54   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-08 23:25:01   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-28 16:10   2050816   --a------   D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-28 16:10 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-28 16:10 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-04-13 20:12 50176]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-18 21:56 4841472]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 13:22 45056]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 14:29 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 13:43 88363 C:\WINDOWS\AGRSMMSG.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"ATIMACE"="C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe" [2006-01-26 10:35 86016]
"D-Link RangeBooster G WUA-2340"="D:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 12:18 2490368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 10:35 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVFX Engine"="D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 13:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 16:10 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader

R0 SonyLSM;LED State Service;C:\WINDOWS\system32\Drivers\SonyLSM.sys [2003-12-19 22:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 16:10]
R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 16:10]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-25 22:32]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v2.6.75a\ATI Tray Tools\atitray.sys []
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-07-25 22:35]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 01:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 04:00]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-08-03 11:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c53b356-9015-11dc-aeee-0015e9894ea3}]
\Shell\Auto\command - G:\config.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL config.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 18:32:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-26 15:50:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2004-08-29 14:07:24 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-08-23 22:21:55 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 17:30:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 17:32:28
ComboFix-quarantined-files.txt  2008-06-09 21:32:04
ComboFix2.txt  2008-06-09 02:25:53
ComboFix3.txt  2008-06-07 19:51:06

Pre-Run: 1,180,545,024 bytes free
Post-Run: 1,166,487,552 bytes free

239   --- E O F ---   2008-05-17 07:02:31
Logged
stevercollins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #8 on: June 09, 2008, 09:35:04 PM »

Logfile of HijackThis v1.99.1
Scan saved at 5:32:59 PM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steven Collins\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] D:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.vistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206317448968
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: June 09, 2008, 10:53:19 PM »

Just fix this and your done...


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


==============================


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below  and click OK.

Quote

ComboFix /u







Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 18, 2019, 03:23:39 PM