Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] Hijackthis log - NEED HELP!, nvcpl.dll? not sure.
Sandrock
post Aug 13 2008, 12:54 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 33
Joined: 20-August 05
Member No.: 38,496
Operating System: Windows XP
Heres the log. It also poped out that something was wrong during the hijackthis scan. Please help..!! Computer freezes every 10 minutes..!!

Logfile of HijackThis v1.99.1
Scan saved at 11:54:12 PM, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 221.130.185.110 survey88.allyes.com
O1 - Hosts: 221.130.185.110 adtaobao.allyes.com
O1 - Hosts: 221.130.185.110 code.qihoo.com
O1 - Hosts: 221.130.185.110 union.mop.com
O1 - Hosts: 221.130.185.110 js.kkunion.com
O1 - Hosts: 221.130.185.110 v.kkunion.com
O1 - Hosts: 221.130.185.110 v.21cn.com
O1 - Hosts: 221.130.185.110 iplusms.allyes.com
O1 - Hosts: 221.130.185.110 mms.t2t2.com
O1 - Hosts: 221.130.185.110 ivr.dobig.net
O1 - Hosts: 221.130.185.110 www.u8u.com
O1 - Hosts: 221.130.185.110 u.u8u.com
O1 - Hosts: 221.130.185.110 img.zhangxiu.com
O1 - Hosts: 221.130.185.110 tl.linktone.com
O1 - Hosts: 221.130.185.110 channel.e78.com
O1 - Hosts: 221.130.185.110 u.7town.com
O1 - Hosts: 221.130.185.110 union.95ol.com.cn
O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn
O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn
O1 - Hosts: 221.130.185.110 tl.a8.com
O1 - Hosts: 221.130.185.110 ad01.a8.com
O1 - Hosts: 221.130.185.110 u2.caiku.com
O1 - Hosts: 221.130.185.110 mms.caiku.com
O1 - Hosts: 221.130.185.110 code1.caiku.com
O1 - Hosts: 221.130.185.110 pub.lele.com
O1 - Hosts: 221.130.185.110 u.lele.com
O1 - Hosts: 221.130.185.110 7town.com
O1 - Hosts: 221.130.185.110 tvsend.7town.com
O1 - Hosts: 221.130.185.110 ivrsend.7town.com
O1 - Hosts: 221.130.185.110 tlt.7town.com
O1 - Hosts: 221.130.185.110 gsend.7town.com
O1 - Hosts: 221.130.185.110 smssend.7town.com
O1 - Hosts: 221.130.185.110 mmssend.moyu.com
O1 - Hosts: 221.130.185.110 91ivr.com
O1 - Hosts: 221.130.185.110 myad.91ivr.com
O1 - Hosts: 221.130.185.110 u.91ivr.com
O1 - Hosts: 221.130.185.110 union.91ivr.com
O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com
O1 - Hosts: 221.130.185.110 un.265.com
O1 - Hosts: 221.130.185.110 union.qq.com
O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com
O1 - Hosts: 221.130.185.110 union.narrowad.com
O1 - Hosts: 221.130.185.110 ln.heima8.com
O1 - Hosts: 221.130.185.110 www.fboat.cn
O1 - Hosts: 221.130.185.110 cpro.baidu.com
O1 - Hosts: 221.130.185.110 unstat.baidu.com
O1 - Hosts: 221.130.185.110 y.cnxad.com
O1 - Hosts: 221.130.185.110 www.ewowo.com
O1 - Hosts: 221.130.185.110 template.union.163.com
O1 - Hosts: 221.130.185.110 new.is686.com
O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com
O1 - Hosts: 221.130.185.110 www.qyule.com
O1 - Hosts: 221.130.185.110 99e.cc
O1 - Hosts: 221.130.185.110 www.91ivr.com
O1 - Hosts: 221.130.185.110 mg.ukaka.com
O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net
O1 - Hosts: 221.130.185.110 www.8fff.com
O1 - Hosts: 221.130.185.110 union.pomoho.com
O1 - Hosts: 221.130.185.110 202.107.233.211
O1 - Hosts: 221.130.185.110 www.end123.com
O1 - Hosts: 221.130.185.110 w1.7clink.com
O1 - Hosts: 221.130.185.110 w2.7clink.com
O1 - Hosts: 221.130.185.110 union01.com
O1 - Hosts: 221.130.185.110 click.8le8le.com
O1 - Hosts: 221.130.185.110 stbanner.allyes.com
O1 - Hosts: 221.130.185.110 mms1.moyu.com
O1 - Hosts: 221.130.185.110 u.moyu.com
O1 - Hosts: 221.130.185.110 mmsu.moyu.com
O1 - Hosts: 221.130.185.110 show.moyu.com
O1 - Hosts: 221.130.185.110 ivrsend.moyu.com
O1 - Hosts: 221.130.185.110 ivru.moyu.com
O1 - Hosts: 221.130.185.110 ivr1.moyu.com
O1 - Hosts: 221.130.185.110 corep.dmcast.com
O1 - Hosts: 221.130.185.110 m081.dmcast.com
O1 - Hosts: 221.130.185.110 dcww.dmcast.com
O1 - Hosts: 221.130.185.110 renren.dmcast.com
O1 - Hosts: 221.130.185.110 files.henbang.net
O1 - Hosts: 221.130.185.110 bannerbox.cn
O1 - Hosts: 221.130.185.110 www.bannerbox.cn
O1 - Hosts: 221.130.185.110 action.coopen.cn
O1 - Hosts: 221.130.185.110 u4.sky99.cn
O1 - Hosts: 221.130.185.110 u1.sky99.cn
O1 - Hosts: 221.130.185.110 u2.sky99.cn
O1 - Hosts: 221.130.185.110 u3.sky99.cn
O1 - Hosts: 221.130.185.110 sky99.cn
O1 - Hosts: 221.130.185.110 u.sky99.cn
O1 - Hosts: 221.130.185.110 u.ete.cn
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 www.365tan.com
O1 - Hosts: 221.130.185.110 www.winopen.cn
O1 - Hosts: 221.130.185.110 www.tanip.com
O1 - Hosts: 221.130.185.110 alexaanywhere.com
O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com
O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 pop.9v.cn
O1 - Hosts: 221.130.185.110 xuni.myad.cn
O1 - Hosts: 221.130.185.110 iebar.t2t2.com
O1 - Hosts: 221.130.185.110 error.newcell.cn
O1 - Hosts: 221.130.185.110 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
O2 - BHO: (no name) - {0CD9CB21-F56C-4AE1-B188-39F1E8D692AB} - C:\Program Files\Internet Explorer\ExploreNt.Sys
O2 - BHO: (no name) - {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
O2 - BHO: (no name) - {21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\- Stan\My Documents\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {53AC264F-6DD8-41D9-921F-01FAAEA95C8B} - C:\Program Files\Internet Explorer\ExploreNt.Dat
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7648AC4A-76F6-4d95-B2C4-F0DBD88E5DD5} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Enya Popup Blocker - {C68AE9C0-0909-4DDC-B661-C11970042753} - (no file)
O2 - BHO: (no name) - {D51510C1-ECEA-45F7-B782-FE0EC2D2535D} - C:\Program Files\Internet Explorer\ExploreNt.win
O2 - BHO: (no name) - {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZECA USB Pc Camera
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bndfxdh] C:\WINDOWS\system32\bndfxdh.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: NJStar Communicator.lnk = C:\Program Files\NJStar Communicator\NJCOM32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Documents and Settings\- Stan\My Documents\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll
O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll
O21 - SSODL: usbmonjx2.dll - {00260026-0026-0026-0026-00260026BB15} - C:\WINDOWS\system32\usbmonjx2.dll

It will not allow me to load a of of start up stuff when I first login to my account. I cannot run a lot of programs like media player etc. I tried to use MSN and firefox. then eventually in 10 mins or so, the computer will freeze and I have to unplug the power cord..

wacko.gif
Go to the top of the page
 
+Quote Post
Sandrock
post Aug 14 2008, 11:16 PM
Post #2


Authentic Member
**

Group: Authentic Member
Posts: 33
Joined: 20-August 05
Member No.: 38,496
Operating System: Windows XP
Sorry I don't mean to be rude.. but I couldn't access my computer for a week now smack.gif

Anyone can help.. please? notworthy.gif
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 15 2008, 08:11 AM
Post #3


SuperMember
*****

Group: Visiting Teacher
Posts: 2,192
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Go to the top of the page
 
+Quote Post
Sandrock
post Aug 15 2008, 10:34 AM
Post #4


Authentic Member
**

Group: Authentic Member
Posts: 33
Joined: 20-August 05
Member No.: 38,496
Operating System: Windows XP
Thanks for your reply! I've noticed something as combofix scans. Theres often a pop up says cannot load catchme.cfexe or something. Dont' know if it helps. Here are the logs:

ComboFix 08-08-14.05 - - Stan 2008-08-15 9:11:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.1560 [GMT -7:00]
Running from: C:\Documents and Settings\- Stan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\- Stan\Cookies\- stan@scupio[2].txt
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\Internet Explorer\ExploreNt.Jmp
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\PLUGINS\Unixs32.Jmp
C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
C:\WINDOWS\system32\adsntzt.dll
C:\WINDOWS\system32\adsntzt.nls
C:\WINDOWS\system32\aliens.dll
C:\WINDOWS\system32\baccops.dll
C:\WINDOWS\system32\bndfxdh.cfg
C:\WINDOWS\system32\bndfxdh.dll
C:\WINDOWS\system32\bndfxdh.exe
C:\WINDOWS\system32\businesn.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\certmgrkd.dll
C:\WINDOWS\system32\certmgrkd.nls
C:\WINDOWS\system32\cliconfgzx.dll
C:\WINDOWS\system32\cliconfgzx.nls
C:\WINDOWS\system32\cmopes.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\dearnts.dll
C:\WINDOWS\system32\esceps.dll
C:\WINDOWS\system32\gdipro.dll
C:\WINDOWS\system32\hourpx2.dll
C:\WINDOWS\system32\jolinos.dll
C:\WINDOWS\system32\ksuserfy.dll
C:\WINDOWS\system32\ksuserfy.nls
C:\WINDOWS\system32\lweurqhx.dll
C:\WINDOWS\system32\lweurqhx.nls
C:\WINDOWS\system32\manleu.dll
C:\WINDOWS\system32\mttwfh.dll
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\slbiopfs2.dll
C:\WINDOWS\system32\slbiopfs2.nls
C:\WINDOWS\system32\srpcss.dll
C:\WINDOWS\system32\sys07003.dll
C:\WINDOWS\system32\sys07003.sys
C:\WINDOWS\system32\syschk.exe
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\therbrek.dll
C:\WINDOWS\system32\tscfgwmijxsj.dll
C:\WINDOWS\system32\tscfgwmijxsj.nls
C:\WINDOWS\system32\usbmonjx2.dll
C:\WINDOWS\system32\usbmonjx2.nls
C:\WINDOWS\system32\wcnonpe.dll
C:\WINDOWS\system32\wdhotem.dll
C:\WINDOWS\system32\ytfa.dll
C:\WINDOWS\system32\zlcdps.dll
C:\WINDOWS\system32\zycdex.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-10 10:50 . 2006-03-17 14:16 51,064 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-10 10:47 . 2006-03-17 14:54 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-03 10:22 . 2008-08-03 10:22 100 --a------ C:\emsf.bat
2008-08-03 10:21 . 2008-08-03 10:21 24,576 --a------ C:\WINDOWS\system32\joause.dll
2008-08-03 10:16 . 2008-08-03 10:16 28,672 --a------ C:\WINDOWS\system32\ccohole.dll
2008-08-03 10:10 . 2008-08-03 10:28 <DIR> d--hs---- C:\00229AF2
2008-08-03 10:10 . 2008-08-03 10:10 <DIR> d--hs---- C:\0022963F
2008-08-03 10:10 . 2008-08-03 10:10 11,776 --a------ C:\WINDOWS\system32\wdhotemk.exe
2008-07-26 13:42 . 2008-07-26 13:42 <DIR> d-------- C:\Program Files\OGPlanet
2008-07-23 01:16 . 2008-07-23 01:16 <DIR> d-------- C:\Documents and Settings\- Stan\Application Data\Uniblue
2008-07-23 00:54 . 2008-07-26 10:21 <DIR> d-------- C:\Program Files\CustomXML
2008-07-23 00:51 . 2008-07-23 00:51 <DIR> d-------- C:\Program Files\Haali
2008-07-17 09:14 . 2008-07-17 09:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-15 20:23 . 2008-07-15 20:23 <DIR> d-------- C:\Program Files\Program Files
2008-07-15 20:20 . 2008-07-15 22:51 <DIR> d-------- C:\Program Files\Photoshop 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 18:21 --------- d-----w C:\Program Files\NJStar Communicator
2008-08-03 17:10 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-25 00:40 --------- d-----w C:\Documents and Settings\- Stan\Application Data\dvdcss
2008-07-22 05:25 --------- d-----w C:\Program Files\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 05:19 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-28 04:20 756 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2007-04-03 02:56 1,632 ----a-w C:\Documents and Settings\- Stan\Application Data\wklnhst.dat
2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\ghjsw.dll
2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\zxdtye.dll
.

------- Sigcheck -------

2005-03-14 01:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-10 04:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-03-14 00:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-01-09 19:35 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-03-04 10:18 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 03:45 360320 073941d59ae065910064b728dee981ee C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-12-26 15:58 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 16:59 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 14:16 7561216]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-11 21:11 1064960]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-11 21:10 61440]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 09:01 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 00:29 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 20:17 90112]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 03:48 157592]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2001-08-18 05:00 208949]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 05:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2001-08-18 05:00 77824]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-18 05:00 737360]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-18 05:00 737360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2002-08-22 12:51 45056]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 14:16 86016]
"nwiz"="nwiz.exe" [2006-03-17 14:16 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 00:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 01:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\- Stan\Start Menu\Programs\Startup\
NJStar Communicator.lnk - C:\Program Files\NJStar Communicator\NJCOM32.EXE [2006-10-23 16:39:12 175636]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-25 23:27:17 113664]
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2007-07-18 00:57:05 794624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-07-20 02:39:07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-06 22:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\Steam\\steamapps\\stan_607@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\- Stan\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Pro Evolution Soccer 6\\PES6.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\Steam\\steamapps\\stan_607@hotmail.com\\day of defeat\\hl.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\Steam\\steamapps\\stan_607@hotmail.com\\half-life\\hl.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\Steam\\steamapps\\stan_607@hotmail.com\\half-life blue shift\\hl.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\Steam\\steamapps\\stan_607@hotmail.com\\opposing force\\hl.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Foxy\\Foxy.exe"=
"C:\\Documents and Settings\\- Stan\\My Documents\\BitComet\\Downloads\\Pro Evolution Soccer 2008\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7957:TCP"= 7957:TCP:BitComet 7957 TCP
"7957:UDP"= 7957:UDP:BitComet 7957 UDP
"63228:TCP"= 63228:TCP:BitComet
"63228:UDP"= 63228:UDP:BitComet
"10953:TCP"= 10953:TCP:Foxy (192.168.0.102:10953) 10953 TCP
"10953:UDP"= 10953:UDP:Foxy (192.168.0.102:10953) 10953 UDP

R0 srjhyvvb;srjhyvvb;C:\WINDOWS\system32\drivers\srjhyvvb.sys [2004-08-10 04:00]
S3 XDva005;XDva005;C:\WINDOWS\system32\XDva005.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a10ead-ec24-11dc-960c-0017311162bb}]
\shell\PlayWithDVDPlay\Command - "C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7ee0c6b-a230-11db-957c-000d1400ac4b}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

*Newly Created Service* - BEEP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-PCDrProfiler - (no file)
ShellExecuteHooks-{021F087F-4378-545F-74FA-37D345AD7A8C} - (no file)
ShellExecuteHooks-{8C41B7F7-3168-400D-A702-0E7EFE0BA304} - (no file)
ShellExecuteHooks-{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - (no file)
ShellExecuteHooks-{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - (no file)
ShellExecuteHooks-{E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - (no file)
ShellExecuteHooks-{45AADFAA-DD36-42AB-83AD-0521BBF58C24} - (no file)
ShellExecuteHooks-{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - (no file)
ShellExecuteHooks-{A9895933-6636-4281-BC58-EE6DE2AF96E3} - (no file)
ShellExecuteHooks-{71A78CD4-E470-4a18-8457-E0E0283DD507} - (no file)
ShellExecuteHooks-{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4} - (no file)
ShellExecuteHooks-{00260026-0026-0026-0026-00260026BB15} - (no file)
ShellExecuteHooks-{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - (no file)
ShellExecuteHooks-{00130013-0013-0013-0013-00130013BB15} - (no file)
ShellExecuteHooks-{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} - (no file)
ShellExecuteHooks-{5E907A48-400E-4EA8-9792-FFAE052D59E9} - (no file)
ShellExecuteHooks-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - (no file)
ShellExecuteHooks-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - (no file)
ShellExecuteHooks-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - (no file)
ShellExecuteHooks-{53AC264F-6DD8-41D9-921F-01FAAEA95C8B} - (no file)
ShellExecuteHooks-{D51510C1-ECEA-45F7-B782-FE0EC2D2535D} - (no file)
ShellExecuteHooks-{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB} - (no file)
SSODL-ksuserfy.dll-{00130013-0013-0013-0013-00130013BB15} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\- Stan\Application Data\Mozilla\Firefox\Profiles\ihyhyna3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank


**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-08-15 9:32:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 16:32:23

Pre-Run: 27,954,151,424 bytes free
Post-Run: 28,787,146,752 bytes free

282 --- E O F --- 2008-08-15 16:08:45



Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:54 AM, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 221.130.185.110 survey88.allyes.com
O1 - Hosts: 221.130.185.110 adtaobao.allyes.com
O1 - Hosts: 221.130.185.110 code.qihoo.com
O1 - Hosts: 221.130.185.110 union.mop.com
O1 - Hosts: 221.130.185.110 js.kkunion.com
O1 - Hosts: 221.130.185.110 v.kkunion.com
O1 - Hosts: 221.130.185.110 v.21cn.com
O1 - Hosts: 221.130.185.110 iplusms.allyes.com
O1 - Hosts: 221.130.185.110 mms.t2t2.com
O1 - Hosts: 221.130.185.110 ivr.dobig.net
O1 - Hosts: 221.130.185.110 www.u8u.com
O1 - Hosts: 221.130.185.110 u.u8u.com
O1 - Hosts: 221.130.185.110 img.zhangxiu.com
O1 - Hosts: 221.130.185.110 tl.linktone.com
O1 - Hosts: 221.130.185.110 channel.e78.com
O1 - Hosts: 221.130.185.110 u.7town.com
O1 - Hosts: 221.130.185.110 union.95ol.com.cn
O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn
O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn
O1 - Hosts: 221.130.185.110 tl.a8.com
O1 - Hosts: 221.130.185.110 ad01.a8.com
O1 - Hosts: 221.130.185.110 u2.caiku.com
O1 - Hosts: 221.130.185.110 mms.caiku.com
O1 - Hosts: 221.130.185.110 code1.caiku.com
O1 - Hosts: 221.130.185.110 pub.lele.com
O1 - Hosts: 221.130.185.110 u.lele.com
O1 - Hosts: 221.130.185.110 7town.com
O1 - Hosts: 221.130.185.110 tvsend.7town.com
O1 - Hosts: 221.130.185.110 ivrsend.7town.com
O1 - Hosts: 221.130.185.110 tlt.7town.com
O1 - Hosts: 221.130.185.110 gsend.7town.com
O1 - Hosts: 221.130.185.110 smssend.7town.com
O1 - Hosts: 221.130.185.110 mmssend.moyu.com
O1 - Hosts: 221.130.185.110 91ivr.com
O1 - Hosts: 221.130.185.110 myad.91ivr.com
O1 - Hosts: 221.130.185.110 u.91ivr.com
O1 - Hosts: 221.130.185.110 union.91ivr.com
O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com
O1 - Hosts: 221.130.185.110 un.265.com
O1 - Hosts: 221.130.185.110 union.qq.com
O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com
O1 - Hosts: 221.130.185.110 union.narrowad.com
O1 - Hosts: 221.130.185.110 ln.heima8.com
O1 - Hosts: 221.130.185.110 www.fboat.cn
O1 - Hosts: 221.130.185.110 cpro.baidu.com
O1 - Hosts: 221.130.185.110 unstat.baidu.com
O1 - Hosts: 221.130.185.110 y.cnxad.com
O1 - Hosts: 221.130.185.110 www.ewowo.com
O1 - Hosts: 221.130.185.110 template.union.163.com
O1 - Hosts: 221.130.185.110 new.is686.com
O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com
O1 - Hosts: 221.130.185.110 www.qyule.com
O1 - Hosts: 221.130.185.110 99e.cc
O1 - Hosts: 221.130.185.110 www.91ivr.com
O1 - Hosts: 221.130.185.110 mg.ukaka.com
O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net
O1 - Hosts: 221.130.185.110 www.8fff.com
O1 - Hosts: 221.130.185.110 union.pomoho.com
O1 - Hosts: 221.130.185.110 202.107.233.211
O1 - Hosts: 221.130.185.110 www.end123.com
O1 - Hosts: 221.130.185.110 w1.7clink.com
O1 - Hosts: 221.130.185.110 w2.7clink.com
O1 - Hosts: 221.130.185.110 union01.com
O1 - Hosts: 221.130.185.110 click.8le8le.com
O1 - Hosts: 221.130.185.110 stbanner.allyes.com
O1 - Hosts: 221.130.185.110 mms1.moyu.com
O1 - Hosts: 221.130.185.110 u.moyu.com
O1 - Hosts: 221.130.185.110 mmsu.moyu.com
O1 - Hosts: 221.130.185.110 show.moyu.com
O1 - Hosts: 221.130.185.110 ivrsend.moyu.com
O1 - Hosts: 221.130.185.110 ivru.moyu.com
O1 - Hosts: 221.130.185.110 ivr1.moyu.com
O1 - Hosts: 221.130.185.110 corep.dmcast.com
O1 - Hosts: 221.130.185.110 m081.dmcast.com
O1 - Hosts: 221.130.185.110 dcww.dmcast.com
O1 - Hosts: 221.130.185.110 renren.dmcast.com
O1 - Hosts: 221.130.185.110 files.henbang.net
O1 - Hosts: 221.130.185.110 bannerbox.cn
O1 - Hosts: 221.130.185.110 www.bannerbox.cn
O1 - Hosts: 221.130.185.110 action.coopen.cn
O1 - Hosts: 221.130.185.110 u4.sky99.cn
O1 - Hosts: 221.130.185.110 u1.sky99.cn
O1 - Hosts: 221.130.185.110 u2.sky99.cn
O1 - Hosts: 221.130.185.110 u3.sky99.cn
O1 - Hosts: 221.130.185.110 sky99.cn
O1 - Hosts: 221.130.185.110 u.sky99.cn
O1 - Hosts: 221.130.185.110 u.ete.cn
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 www.365tan.com
O1 - Hosts: 221.130.185.110 www.winopen.cn
O1 - Hosts: 221.130.185.110 www.tanip.com
O1 - Hosts: 221.130.185.110 alexaanywhere.com
O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com
O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 pop.9v.cn
O1 - Hosts: 221.130.185.110 xuni.myad.cn
O1 - Hosts: 221.130.185.110 iebar.t2t2.com
O1 - Hosts: 221.130.185.110 error.newcell.cn
O1 - Hosts: 221.130.185.110 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\- Stan\My Documents\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZECA USB Pc Camera
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: NJStar Communicator.lnk = C:\Program Files\NJStar Communicator\NJCOM32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\- Stan\My Documents\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Documents and Settings\- Stan\My Documents\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: IntelR Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Thanks!
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 15 2008, 10:47 AM
Post #5


SuperMember
*****

Group: Visiting Teacher
Posts: 2,192
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Plug your USB key in for this

Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://forums.whatthetech.com/Hijackthis_l...ELP_t94468.html

Collect::
C:\emsf.bat
C:\WINDOWS\system32\joause.dll
C:\WINDOWS\system32\ccohole.dll
C:\WINDOWS\system32\wdhotemk.exe
C:\WINDOWS\system32\ghjsw.dll
C:\WINDOWS\system32\zxdtye.dll
C:\WINDOWS\system32\drivers\srjhyvvb.sys

KillAll::

File::
G:\AUTORUN.EXE

Folder::
C:\00229AF2
C:\0022963F

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a10ead-ec24-11dc-960c-0017311162bb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7ee0c6b-a230-11db-957c-000d1400ac4b}]

Driver::
srjhyvvb

Suspect::


Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
Go to the top of the page
 
+Quote Post
Sandrock
post Aug 15 2008, 11:42 AM
Post #6


Authentic Member
**

Group: Authentic Member
Posts: 33
Joined: 20-August 05
Member No.: 38,496
Operating System: Windows XP
Thanks for the quick reply! Unfortunately I'm at my office right now. I will do as you instructed once I get home. However, it will be a late night tonight. Thank again!

Just making sure, what do you mean by "plug my USB key in for this"?

Thanks. ( Can't thank you enough thumbup.gif )
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 15 2008, 03:18 PM
Post #7


SuperMember
*****

Group: Visiting Teacher
Posts: 2,192
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
It seems that a USB flash key is infected and was used on your PC

If you don't have one then don't worry and just go on with the step
Go to the top of the page
 
+Quote Post
Sandrock
post Aug 16 2008, 04:24 AM
Post #8


Authentic Member
**

Group: Authentic Member
Posts: 33
Joined: 20-August 05
Member No.: 38,496
Operating System: Windows XP
Sorry, I followed all the steps, however a browser did not open.. heres the log after the scan from dragging the txt file into combofix

ComboFix 08-08-14.05 - - Stan 2008-08-16 3:09:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.1465 [GMT -7:00]
Running from: C:\Documents and Settings\- Stan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\- Stan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
G:\AUTORUN.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0022963F
C:\0022963F\00229AB4
C:\00229AF2
C:\00229AF2\2873156
C:\emsf.bat
C:\Program Files\Xilisoft\Audio Converter\lang\_desktop.ini
C:\Program Files\Xilisoft\Audio Converter\Plugins\_desktop.ini
C:\Program Files\Xilisoft\Audio Converter\skin\Default\_desktop.ini
C:\WINDOWS\system32\ccohole.dll
C:\WINDOWS\system32\drivers\srjhyvvb.sys
C:\WINDOWS\system32\ghjsw.dll
C:\WINDOWS\system32\joause.dll
C:\WINDOWS\system32\wdhotemk.exe
C:\WINDOWS\system32\zxdtye.dll
G:\AUTORUN.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRJHYVVB
-------\Service_srjhyvvb


((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-10 10:50 . 2006-03-17 14:16 51,064 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-10 10:47 . 2006-03-17 14:54 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-26 13:42 . 2008-07-26 13:42 <DIR> d-------- C:\Program Files\OGPlanet
2008-07-23 01:16 . 2008-07-23 01:16 <DIR> d-------- C:\Documents and Settings\- Stan\Application Data\Uniblue
2008-07-23 00:54 . 2008-07-26 10:21 <DIR> d-------- C:\Program Files\CustomXML
2008-07-23 00:51 . 2008-07-23 00:51 <DIR> d-------- C:\Program Files\Haali
2008-07-17 09:14 . 2008-07-17 09:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 18:21 --------- d-----w C:\Program Files\NJStar Communicator
2008-08-03 17:10 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-25 00:40 --------- d-----w C:\Documents and Settings\- Stan\Application Data\dvdcss
2008-07-22 05:25 --------- d-----w C:\Program Files\LimeWire
2008-07-16 05:51 --------- d-----w C:\Program Files\Photoshop 6.0
2008-07-16 03:23 --------- d-----w C:\Program Files\Program Files
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 05:19 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-28 04:20 756 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2007-04-03 02:56 1,632 ----a-w C:\Documents and Settings\- Stan\Application Data\wklnhst.dat
.

------- Sigcheck -------<