[Closed] CANT UPDATE WINDOWS ANYMORE AND POPUPS

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Closed] CANT UPDATE WINDOWS ANYMORE AND POPUPS, page takes 15 minutes to tell me encountered a problem

Options

crisky View Member Profile	Oct 30 2008, 05:14 PM Post #1
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	Hello computer was working great but now some pages are locking up or am getting live free search pop ups some take ages to load,, when i try to do a windows update it takes 15 minutes to check for latest version of windows update software which loaded straight away before, then tells me it has encountered a problem and cannot display page..I tried doing system restore at several different positions and it looks like it is doing it, then it tells me there have been no changes to computer and cannot restore to earlier time, can you help please thanks crisky.here is a copy of HJT log Logfile of HijackThis v1.99.1 Scan saved at 9:33:00 AM, on 31/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\PowerS.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Palm\HOTSYNC.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lizzy.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsel.exe] C:\WINDOWS\system32\kdsel.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1224232638593 O17 - HKLM\System\CCS\Services\Tcpip\..\{33DA5D8D-995F-4E75-8FFC-F6CFFB8A2EC3}: NameServer = 203.194.27.57 203.194.56.150 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\System32\dmusic32.dll O20 - Winlogon Notify: d84fd59b488 - C:\WINDOWS\System32\dmusic32.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Tomk View Member Profile	Oct 31 2008, 03:14 PM Post #2
Extrication Intern Group: Malware Team Posts: 3,291 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi crisky, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please download ATF Cleaner by Atribune. Download - ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Then Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it). Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

crisky View Member Profile	Oct 31 2008, 08:07 PM Post #3
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	hi Tomk do you still want me to do what you say computer seems to be running good now and i can do windows update.. last knight i used combo fix i will post a log of what it said i also used malwarebytes it found nothing but when i ran avg it found plenty and i deleted this now seems good ComboFix 08-10-30.12 - user 2008-10-31 20:11:07.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.635 [GMT 10.5:30] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\6.tmp C:\WINDOWS\system32\7.tmp C:\WINDOWS\system32\8.tmp C:\WINDOWS\system32\9.tmp C:\WINDOWS\system32\B.tmp . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))))) . 2008-10-31 14:48 . 2008-10-31 14:48 0 --a------ C:\WINDOWS\system32\C.tmp 2008-10-31 14:47 . 2008-10-31 14:47 0 --a------ C:\WINDOWS\system32\A.tmp 2008-10-31 09:52 . 2008-10-31 09:53 317,952 --ahs---- C:\WINDOWS\system32\726.tmp 2008-10-31 08:53 . 2008-10-31 08:54 317,952 --ahs---- C:\WINDOWS\system32\721.tmp 2008-10-31 08:37 . 2008-10-31 08:37 0 --a------ C:\WINDOWS\system32\5.tmp 2008-10-30 18:12 . 2008-10-30 18:30 <DIR> d-------- C:\New Folder 2008-10-30 17:42 . 2008-10-30 17:43 317,952 --ahs---- C:\WINDOWS\system32\CC9.tmp 2008-10-30 17:18 . 2008-04-14 09:42 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-10-30 17:18 . 2008-04-14 04:15 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys 2008-10-30 17:18 . 2008-04-14 09:42 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-10-30 17:18 . 2008-04-14 04:06 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys 2008-10-30 17:18 . 2008-04-14 09:42 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2008-10-30 17:17 . 2008-04-14 09:42 82,944 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe 2008-10-30 17:17 . 2008-04-14 04:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-10-30 17:17 . 2008-04-14 04:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-10-30 17:17 . 2008-04-14 04:15 20,608 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys 2008-10-30 17:17 . 2008-04-14 04:10 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys 2008-10-30 17:16 . 2008-04-14 04:10 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys 2008-10-30 17:16 . 2008-04-14 04:06 16,000 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys 2008-10-30 17:16 . 2008-04-14 04:10 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys 2008-10-30 17:16 . 2008-04-14 04:06 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys 2008-10-30 17:15 . 2008-04-14 04:10 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys 2008-10-30 17:15 . 2008-04-14 04:10 43,904 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys 2008-10-30 17:15 . 2008-04-14 09:42 29,696 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll 2008-10-30 17:15 . 2008-04-14 09:42 27,648 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll 2008-10-30 17:15 . 2008-04-14 04:15 11,520 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys 2008-10-30 17:15 . 2008-04-14 04:10 6,016 --a--c--- C:\WINDOWS\system32\dllcache\qic157.sys 2008-10-30 17:14 . 2008-04-14 09:40 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-10-30 17:14 . 2008-04-14 09:40 211,584 --a--c--- C:\WINDOWS\system32\dllcache\perm2dll.dll 2008-10-30 17:14 . 2008-04-14 09:42 159,232 --a--c--- C:\WINDOWS\system32\dllcache\ptpusd.dll 2008-10-30 17:14 . 2008-04-14 04:24 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys 2008-10-30 17:14 . 2008-04-14 04:14 28,032 --a--c--- C:\WINDOWS\system32\dllcache\perm3.sys 2008-10-30 17:14 . 2008-04-14 04:14 27,904 --a--c--- C:\WINDOWS\system32\dllcache\perm2.sys 2008-10-30 17:14 . 2008-04-14 04:11 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys 2008-10-30 17:14 . 2008-04-14 04:10 8,832 --a--c--- C:\WINDOWS\system32\dllcache\powerfil.sys 2008-10-30 17:13 . 2008-04-14 04:16 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys 2008-10-30 17:13 . 2008-04-14 04:11 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys 2008-10-30 17:13 . 2008-04-14 04:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-10-30 17:13 . 2008-04-14 04:10 7,040 --a--c--- C:\WINDOWS\system32\dllcache\ltotape.sys 2008-10-30 17:12 . 2008-04-14 09:41 253,952 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-10-30 17:12 . 2008-04-14 09:42 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-10-30 17:12 . 2008-04-14 04:24 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2008-10-30 17:12 . 2008-04-14 09:41 48,640 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll 2008-10-30 17:12 . 2008-04-14 04:10 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys 2008-10-30 17:12 . 2008-04-14 09:41 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2008-10-30 17:12 . 2008-04-14 09:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll 2008-10-30 17:12 . 2008-04-14 04:10 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys 2008-10-30 17:11 . 2008-04-14 09:41 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2008-10-30 17:11 . 2008-04-14 04:15 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys 2008-10-30 17:11 . 2008-04-14 04:10 28,288 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys 2008-10-30 17:11 . 2008-04-14 04:06 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-10-30 17:11 . 2008-04-14 04:11 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys 2008-10-30 17:11 . 2008-04-14 04:15 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys 2008-10-30 17:11 . 2008-04-14 04:11 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys 2008-10-30 17:09 . 2008-04-14 09:41 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll 2008-10-30 17:09 . 2008-04-14 04:09 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-10-30 17:09 . 2008-04-14 09:42 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax 2008-10-30 17:09 . 2008-04-14 04:10 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys 2008-10-30 17:08 . 2008-04-14 09:41 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll 2008-10-30 17:08 . 2008-04-14 04:06 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys 2008-10-30 17:08 . 2008-04-14 04:06 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-10-30 17:08 . 2008-04-14 04:10 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys 2008-10-30 17:07 . 2008-04-14 04:06 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-10-30 17:07 . 2008-04-14 04:16 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys 2008-10-30 17:05 . 2008-04-14 04:10 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys 2008-10-30 15:53 . 2008-10-30 15:59 <DIR> d-------- C:\temp\temp 2008-10-30 15:53 . 2008-10-30 15:59 <DIR> d-------- C:\temp\dvd 2008-10-30 15:35 . 2008-10-31 10:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-30 15:35 . 2008-10-30 15:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-30 15:21 . 2008-10-30 15:22 317,952 --ahs---- C:\WINDOWS\system32\14.tmp 2008-10-30 13:38 . 2008-10-30 18:27 <DIR> d-------- C:\Documents and Settings\user\Application Data\uTorrent 2008-10-30 12:27 . 2008-10-30 17:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-10-30 11:23 . 2008-10-30 11:23 5,567 --a------ C:\WINDOWS\GnuHashes.ini 2008-10-30 11:12 . 2008-10-30 11:12 <DIR> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest 2008-10-30 11:12 . 2008-10-30 11:12 1,470 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat 2008-10-30 11:11 . 2008-10-30 11:12 317,952 --ahs---- C:\WINDOWS\system32\38.tmp 2008-10-30 11:11 . 2008-10-30 11:11 131,072 --a------ C:\WINDOWS\system32\dmusic32.dll 2008-10-29 20:21 . 2008-10-29 20:20 56,860 --a------ C:\tx3.jpg 2008-10-29 20:19 . 2008-10-29 20:18 35,579 --a------ C:\tx2.jpg 2008-10-29 20:18 . 2008-10-29 19:34 8,187 --a------ C:\tx1.jpg 2008-10-25 14:34 . 2008-10-25 14:34 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-25 14:33 . 2008-10-16 03:04 337,408 --a--c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-25 14:23 . 2008-09-08 21:11 333,824 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-25 14:21 . 2008-08-14 20:41 2,189,184 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-25 14:21 . 2008-08-14 20:39 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-25 14:21 . 2008-08-14 20:03 2,066,048 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-25 14:21 . 2008-08-14 20:03 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-25 14:09 . 2008-09-15 22:42 1,846,400 --a--c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-24 18:52 . 2008-05-02 01:03 331,776 --a--c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-24 18:45 . 2008-04-12 05:34 691,712 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-24 18:17 . 2008-06-13 21:35 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-24 17:59 . 2008-05-09 00:32 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-24 17:48 . 2008-10-24 17:48 <DIR> d-------- C:\WINDOWS\Sun 2008-10-24 17:47 . 2008-10-24 17:47 410,976 --a------ C:\WINDOWS\system32\deploytk.dll 2008-10-24 17:47 . 2008-10-24 17:47 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-24 16:53 . 2008-10-24 17:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-24 16:53 . 2008-10-24 16:53 <DIR> d-------- C:\Program Files\AVG 2008-10-24 16:53 . 2008-10-24 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-10-24 16:53 . 2008-10-24 16:53 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-24 16:53 . 2008-10-24 16:53 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-24 16:53 . 2008-10-24 16:53 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-23 13:48 . 2008-10-23 13:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-23 13:48 . 2008-10-23 13:48 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-10-23 13:48 . 2008-10-23 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-23 13:48 . 2008-10-22 17:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-23 13:48 . 2008-10-22 17:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-21 16:25 . 2008-10-21 16:25 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-10-17 18:27 . 2008-10-17 18:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-10-08 09:23 . 2008-10-17 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent 2008-09-30 13:54 . 2008-09-30 13:54 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-30 13:54 . 2008-09-30 13:54 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-30 13:54 . 2008-09-30 13:54 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-30 13:41 . 2008-04-14 10:42 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll 2008-09-30 13:41 . 2008-04-14 10:42 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll 2008-09-30 13:41 . 2008-04-14 10:42 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wlanapi.dll 2008-09-30 10:19 . 2008-07-18 23:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 23:03 7,090 ----a-w C:\Program Files\hijackthis.log 2008-10-30 07:57 --------- d-----w C:\Program Files\Xilisoft 2008-10-30 05:45 --------- d-----w C:\Program Files\backups 2008-10-29 22:49 --------- d-----w C:\Documents and Settings\user\Application Data\tunebite 2008-10-24 07:17 --------- d-----w C:\Program Files\Java 2008-10-24 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-24 05:00 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft 2008-10-12 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-01 22:30 --------- d-----w C:\Program Files\MSN Messenger 2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-04 03:09 --------- d-----w C:\Program Files\FukNPrint 2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-07-18 12:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 12:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 12:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 12:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 12:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 12:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 12:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 12:38 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2007-01-14 05:01 86,504 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT 2005-02-16 00:36 218,112 ----a-w C:\Program Files\HijackThis.exe 2004-11-03 09:44 874 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat 2006-12-18 22:28 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disk Monitor"="C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe" [2003-03-28 469504] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 3309568] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648] "PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 159800] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 46080] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688] "Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-24 136600] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-20 57344] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-24 1234712] "SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-03-24 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\user\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-29 299008] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 24576] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\d84fd59b488] 2008-10-30 11:11 131072 C:\WINDOWS\system32\dmusic32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\System32\dmusic32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Anti-Leech\\ALIE_1.0.1.6\\alhlp.exe"= "C:\\keeps\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Palm\\HOTSYNC.EXE"= "C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\WINDOWS\\explorer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-24 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-24 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-24 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-24 76040] R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 100092] R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-08 28127] R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-08 8301] R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-24 152984] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-01-18 2368] S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 26496] . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdsel.exe - C:\WINDOWS\system32\kdsel.exe . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Settings,ProxyOverride = <local> O17 -: HKLM\CCS\Interface\{33DA5D8D-995F-4E75-8FFC-F6CFFB8A2EC3}: NameServer = 203.194.27.57 203.194.56.150 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-31 20:14:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\System32\dmusic32.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-10-31 20:20:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-31 09:50:49 ComboFix2.txt 2008-10-23 03:06:07 Pre-Run: 119,694,508,032 bytes free Post-Run: 119,650,504,704 bytes free 273

crisky View Member Profile	Oct 31 2008, 08:13 PM Post #4
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	the only thing i am noticing now is volume icon keeps disapearing every time i set it it disappears when i reboot this is minor thou thanks crisky

crisky View Member Profile	Oct 31 2008, 08:17 PM Post #5
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	NEW HJT POST Logfile of HijackThis v1.99.1 Scan saved at 12:46:15 PM, on 1/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\PowerS.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\Palm\HOTSYNC.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lizzy.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1224232638593 O17 - HKLM\System\CCS\Services\Tcpip\..\{33DA5D8D-995F-4E75-8FFC-F6CFFB8A2EC3}: NameServer = 203.194.27.57 203.194.56.150 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\dmusic32.dll O20 - Winlogon Notify: d84fd59b488 - C:\WINDOWS\System32\dmusic32.dll (file missing) O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

crisky View Member Profile	Oct 31 2008, 08:19 PM Post #6
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	also i do use ccleaner

Tomk View Member Profile	Oct 31 2008, 09:16 PM Post #7
Extrication Intern Group: Malware Team Posts: 3,291 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	crisky, You aren't clean yet. uTorrent You have uTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.techweb.com/wire/160500554 [url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm See Clean/Infected P2P Programs here I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including Operating System Version CPU Type and Speed Memory Amount Video Card type and Driver Version Sound Card type and Driver Version DirectX Version Location that the Web Driver was installed from It is also a MAJOR resource hog. For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You. Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent: Click Start, point to Settings, and then click Control Panel. In Control Panel, double-click Add or Remove Programs. In Add or Remove Programs, highlight Wild Tangent, click Remove. Close the Add or Remove Programs and the Control Panel windows. COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODE KILLALL:: File:: C:\WINDOWS\system32\C.tmp C:\WINDOWS\system32\A.tmp C:\WINDOWS\system32\726.tmp C:\WINDOWS\system32\721.tmp C:\WINDOWS\system32\5.tmp C:\WINDOWS\system32\CC9.tmp C:\WINDOWS\system32\14.tmp C:\WINDOWS\system32\38.tmp Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Then Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)

crisky View Member Profile	Oct 31 2008, 11:14 PM Post #8
Authentic Member Group: Authentic Member Posts: 20 Joined: 20-October 08 Member No.: 82,046 Operating System: xp	u-torrent and wild tangent are not in my add remove programs i had already removed them

Tomk View Member Profile	Oct 31 2008, 11:19 PM Post #9
Extrication Intern Group: Malware Team Posts: 3,291 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	crisky, OK. How about the scans and logs?

crisky

Nov 1 2008, 12:11 AM

Post #10

Authentic Member

Group: Authentic Member
Posts: 20
Joined: 20-October 08
Member No.: 82,046
Operating System: xp

hi tomk here is one log
ComboFix 08-10-30.13 - user 2008-11-01 16:28:53.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.664 [GMT 10.5:30]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\721.tmp
C:\WINDOWS\system32\726.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\CC9.tmp
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\721.tmp
C:\WINDOWS\system32\726.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\CC9.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-10-30 18:12 . 2008-10-30 18:30 <DIR> d-------- C:\New Folder
2008-10-30 17:18 . 2008-04-14 09:42 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-10-30 17:18 . 2008-04-14 04:15 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-10-30 17:18 . 2008-04-14 09:42 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-10-30 17:18 . 2008-04-14 04:06 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-10-30 17:18 . 2008-04-14 09:42 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-10-30 17:17 . 2008-04-14 09:42 82,944 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-10-30 17:17 . 2008-04-14 04:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-10-30 17:17 . 2008-04-14 04:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-10-30 17:17 . 2008-04-14 04:15 20,608 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-10-30 17:17 . 2008-04-14 04:10 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-10-30 17:16 . 2008-04-14 04:10 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-10-30 17:16 . 2008-04-14 04:06 16,000 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-10-30 17:16 . 2008-04-14 04:10 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-10-30 17:16 . 2008-04-14 04:06 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-10-30 17:15 . 2008-04-14 04:10 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-10-30 17:15 . 2008-04-14 04:10 43,904 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-10-30 17:15 . 2008-04-14 09:42 29,696 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-10-30 17:15 . 2008-04-14 09:42 27,648 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-10-30 17:15 . 2008-04-14 04:15 11,520 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-10-30 17:15 . 2008-04-14 04:10 6,016 --a--c--- C:\WINDOWS\system32\dllcache\qic157.sys
2008-10-30 17:14 . 2008-04-14 09:40 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-10-30 17:14 . 2008-04-14 09:40 211,584 --a--c--- C:\WINDOWS\system32\dllcache\perm2dll.dll
2008-10-30 17:14 . 2008-04-14 09:42 159,232 --a--c--- C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-10-30 17:14 . 2008-04-14 04:24 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-10-30 17:14 . 2008-04-14 04:14 28,032 --a--c--- C:\WINDOWS\system32\dllcache\perm3.sys
2008-10-30 17:14 . 2008-04-14 04:14 27,904 --a--c--- C:\WINDOWS\system32\dllcache\perm2.sys
2008-10-30 17:14 . 2008-04-14 04:11 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys
2008-10-30 17:14 . 2008-04-14 04:10 8,832 --a--c--- C:\WINDOWS\system32\dllcache\powerfil.sys
2008-10-30 17:13 . 2008-04-14 04:16 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-10-30 17:13 . 2008-04-14 04:11 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-10-30 17:13 . 2008-04-14 04:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-10-30 17:13 . 2008-04-14 04:10 7,040 --a--c--- C:\WINDOWS\system32\dllcache\ltotape.sys
2008-10-30 17:12 . 2008-04-14 09:41 253,952 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-10-30 17:12 . 2008-04-14 09:42 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-10-30 17:12 . 2008-04-14 04:24 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-10-30 17:12 . 2008-04-14 09:41 48,640 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-10-30 17:12 . 2008-04-14 04:10 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-10-30 17:12 . 2008-04-14 09:41 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-10-30 17:12 . 2008-04-14 09:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-10-30 17:12 . 2008-04-14 04:10 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-10-30 17:11 . 2008-04-14 09:41 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-10-30 17:11 . 2008-04-14 04:15 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-10-30 17:11 . 2008-04-14 04:10 28,288 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys
2008-10-30 17:11 . 2008-04-14 04:06 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-10-30 17:11 . 2008-04-14 04:11 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys
2008-10-30 17:11 . 2008-04-14 04:15 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-10-30 17:11 . 2008-04-14 04:11 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-10-30 17:09 . 2008-04-14 09:41 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-10-30 17:09 . 2008-04-14 04:09 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2008-10-30 17:09 . 2008-04-14 09:42 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-10-30 17:09 . 2008-04-14 04:10 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys
2008-10-30 17:08 . 2008-04-14 09:41 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll
2008-10-30 17:08 . 2008-04-14 04:06 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-10-30 17:08 . 2008-04-14 04:06 10,240 --a--c--- C:\WINDOWS\system32