WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Please Help me get rid of this annoying Trojan

Started by Goonsac , Nov 07 2008 12:17 PM

Page 4 of 9
2
3
4
5
6

This topic is locked

129 replies to this topic

#46 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 12:20 PM

You still want me to do the Loop SD first right?

Advertisements

Register to Remove

#47 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 12:23 PM

You still want me to do the Loop SD first right?

Sorry, yes please. Then we'll see if we need the registry fix.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#48 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 12:37 PM

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Goonsac ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:139 Go (Free:127 Go)
D:\ (Local Disk) - NTFS - Total:233 Go (Free:143 Go)
E:\ (CD or DVD)
G:\ (Local Disk) - FAT32 - Total:931 Go (Free:32 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sun 11/09/2008|12:34 )

--------------------\\ Listing folders in APPLIC~1

[11/04/2008|05:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[11/06/2008|06:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[11/08/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/08/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/08/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/04/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[11/04/2008|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[11/06/2008|06:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/04/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[11/04/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[11/06/2008|06:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/08/2008|06:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/04/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles

[11/04/2008|05:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/06/2008|05:48] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Acreon
[11/04/2008|05:42] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Adobe
[11/08/2008|11:43] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Apple Computer
[11/04/2008|06:28] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Creative
[11/04/2008|05:33] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Identities
[11/04/2008|05:39] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> InstallShield
[11/04/2008|10:58] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Logitech
[11/04/2008|05:42] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Macromedia
[11/06/2008|06:06] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Malwarebytes
[11/08/2008|11:51] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Microsoft
[11/04/2008|05:50] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Mozilla
[11/04/2008|08:53] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Sun
[11/04/2008|08:40] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> Ventrilo
[11/04/2008|11:03] C:\DOCUME~1\Goonsac\APPLIC~1\<DIR> vlc

[11/04/2008|08:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/04/2008|08:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/08/2008 10:15 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/04/2008|08:21] C:\Program Files\<DIR> AGEIA Technologies
[11/04/2008|07:09] C:\Program Files\<DIR> AltBinz
[11/08/2008|11:28] C:\Program Files\<DIR> Apple Software Update
[11/04/2008|08:34] C:\Program Files\<DIR> AVG
[11/08/2008|11:28] C:\Program Files\<DIR> Bonjour
[11/04/2008|08:17] C:\Program Files\<DIR> CCleaner
[11/08/2008|11:28] C:\Program Files\<DIR> Common Files
[11/04/2008|05:25] C:\Program Files\<DIR> ComPlus Applications
[11/04/2008|07:06] C:\Program Files\<DIR> ffdshow
[11/04/2008|10:55] C:\Program Files\<DIR> InstallShield Installation Information
[11/04/2008|05:38] C:\Program Files\<DIR> Intel
[11/08/2008|11:28] C:\Program Files\<DIR> Internet Explorer
[11/08/2008|11:29] C:\Program Files\<DIR> iPod
[11/08/2008|11:29] C:\Program Files\<DIR> iTunes
[11/04/2008|08:58] C:\Program Files\<DIR> Java
[11/04/2008|05:48] C:\Program Files\<DIR> Kaspersky Lab
[11/06/2008|06:51] C:\Program Files\<DIR> Lavasoft
[11/04/2008|10:55] C:\Program Files\<DIR> Logitech
[11/06/2008|06:06] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/04/2008|05:25] C:\Program Files\<DIR> Messenger
[11/04/2008|05:28] C:\Program Files\<DIR> microsoft frontpage
[11/04/2008|11:17] C:\Program Files\<DIR> mkv2vob
[11/04/2008|05:26] C:\Program Files\<DIR> Movie Maker
[11/08/2008|11:04] C:\Program Files\<DIR> Mozilla Firefox
[11/04/2008|05:24] C:\Program Files\<DIR> MSN
[11/04/2008|05:25] C:\Program Files\<DIR> MSN Gaming Zone
[11/04/2008|05:27] C:\Program Files\<DIR> NetMeeting
[11/04/2008|05:25] C:\Program Files\<DIR> Online Services
[11/04/2008|05:26] C:\Program Files\<DIR> Outlook Express
[11/04/2008|11:12] C:\Program Files\<DIR> QuickPar
[11/08/2008|11:28] C:\Program Files\<DIR> QuickTime
[11/04/2008|05:39] C:\Program Files\<DIR> Realtek
[11/04/2008|05:43] C:\Program Files\<DIR> SystemRequirementsLab
[11/07/2008|12:12] C:\Program Files\<DIR> Trend Micro
[11/04/2008|07:02] C:\Program Files\<DIR> TVersity
[11/04/2008|05:33] C:\Program Files\<DIR> Uninstall Information
[11/04/2008|07:18] C:\Program Files\<DIR> Ventrilo
[11/04/2008|08:22] C:\Program Files\<DIR> VideoLAN
[11/04/2008|05:28] C:\Program Files\<DIR> Windows Media Player
[11/04/2008|05:25] C:\Program Files\<DIR> Windows NT
[11/04/2008|05:27] C:\Program Files\<DIR> WindowsUpdate
[11/04/2008|05:28] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/08/2008|11:28] C:\Program Files\Common Files\<DIR> Apple
[11/04/2008|08:06] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[11/04/2008|05:39] C:\Program Files\Common Files\<DIR> InstallShield
[11/04/2008|10:56] C:\Program Files\Common Files\<DIR> Logishrd
[11/04/2008|08:34] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/04/2008|05:26] C:\Program Files\Common Files\<DIR> MSSoap
[11/04/2008|11:13] C:\Program Files\Common Files\<DIR> ODBC
[11/04/2008|05:27] C:\Program Files\Common Files\<DIR> Services
[11/04/2008|11:13] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/04/2008|05:26] C:\Program Files\Common Files\<DIR> System
[11/06/2008|06:51] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 41 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 12:35:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{46B71314-81C9-4D7A-B58E-04244044E15E}]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{46B71314-81C9-4D7A-B58E-04244044E15E}]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{46B71314-81C9-4D7A-B58E-04244044E15E}]
DhcpNameServer REG_SZ 85.255.112.75 85.255.112.79
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp
C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\download.mp4
C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\Info.plist

[F:21][D:5]-> C:\DOCUME~1\Goonsac\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\Goonsac\Cookies
[F:85][D:4]-> C:\DOCUME~1\Goonsac\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 11/09/2008|12:35 - Option : [1]

--------------------\\ Scan completed at 12:35:48

#49 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 12:42 PM

Cracks & Keygens ..

C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp
C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\download.mp4
C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\Info.plist

You need to get rid of those.

Now run the registry fix I posted.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#50 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 12:52 PM

ComboFix 08-11-07.01 - Goonsac 2008-11-09 12:47:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1294 [GMT -6:00]
Running from: c:\documents and settings\Goonsac\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goonsac\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 12:34 . 2008-11-09 12:35 <DIR> d-------- C:\Lop SD
2008-11-08 23:29 . 2008-11-08 23:29 <DIR> d-------- c:\program files\iPod
2008-11-08 23:29 . 2008-11-08 23:43 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Apple Computer
2008-11-08 23:29 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-08 23:29 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-08 23:28 . 2008-11-08 23:29 <DIR> d-------- c:\windows\LastGood
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\program files\QuickTime
2008-11-08 23:28 . 2008-11-08 23:29 <DIR> d-------- c:\program files\iTunes
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\program files\Bonjour
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\program files\Apple Software Update
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-08 23:28 . 2008-11-08 23:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-08 23:28 . 2008-11-08 23:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-08 23:28 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-08 18:25 . 2008-11-08 21:54 1,422 --a------ c:\windows\system32\tmp.reg
2008-11-08 12:50 . 2008-11-09 12:46 4,958,588 --a------ c:\windows\{00000004-00000000-00000003-00001102-00000004-20021102}.BAK
2008-11-07 12:12 . 2008-11-07 12:12 <DIR> d-------- c:\program files\Trend Micro
2008-11-06 18:51 . 2008-11-06 18:51 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 18:51 . 2008-11-06 18:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 18:06 . 2008-11-06 18:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-06 18:06 . 2008-11-06 18:06 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Malwarebytes
2008-11-06 18:06 . 2008-11-06 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-06 18:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-06 18:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-06 18:02 . 2008-11-06 18:02 <DIR> d-------- c:\documents and settings\Administrator
2008-11-06 17:56 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-06 17:56 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-06 17:56 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-06 17:56 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-06 17:55 . 2008-11-06 17:55 <DIR> d-------- C:\VundoFix Backups
2008-11-06 17:48 . 2008-11-06 17:48 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Acreon
2008-11-04 23:17 . 2008-11-04 23:17 <DIR> d-------- c:\program files\mkv2vob
2008-11-04 23:12 . 2008-11-04 23:12 <DIR> d-------- c:\program files\QuickPar
2008-11-04 22:58 . 2008-11-04 22:58 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Logitech
2008-11-04 22:58 . 2008-11-04 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-04 22:57 . 2008-11-04 22:57 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-04 22:56 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-11-04 22:56 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
2008-11-04 22:56 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-11-04 22:56 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-11-04 22:56 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
2008-11-04 22:56 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-04 22:56 . 2008-11-04 22:56 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-04 22:56 . 2008-11-04 22:56 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-11-04 22:55 . 2008-11-04 22:56 <DIR> d-------- c:\program files\Common Files\Logishrd
2008-11-04 22:00 . 2008-11-04 23:03 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\vlc
2008-11-04 21:26 . 2008-11-04 21:26 <DIR> d-------- c:\windows\Sun
2008-11-04 21:26 . 2008-11-04 23:03 <DIR> d-------- c:\documents and settings\Goonsac\.housecall6.6
2008-11-04 20:58 . 2008-11-04 20:58 <DIR> d-------- c:\program files\Java
2008-11-04 20:58 . 2008-11-04 20:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-04 20:58 . 2008-11-04 20:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-04 20:46 . 2008-11-09 12:30 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-04 20:34 . 2008-11-09 09:17 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-04 20:34 . 2008-11-04 20:34 <DIR> d-------- c:\program files\AVG
2008-11-04 20:34 . 2008-11-04 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-04 20:34 . 2008-11-04 20:34 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-04 20:34 . 2008-11-04 20:34 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-04 20:34 . 2008-11-04 20:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-04 20:27 . 2008-11-04 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-04 20:22 . 2008-11-04 20:22 <DIR> d-------- c:\program files\VideoLAN
2008-11-04 20:21 . 2008-11-04 20:21 <DIR> d-------- c:\windows\nview
2008-11-04 20:21 . 2008-10-23 07:42 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-04 20:21 . 2008-11-08 22:15 203,127 --a------ c:\windows\system32\nvapps.xml
2008-11-04 20:21 . 2008-10-23 07:42 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-04 20:20 . 2008-10-22 16:55 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-04 20:17 . 2008-11-04 20:17 <DIR> d-------- c:\program files\CCleaner
2008-11-04 20:06 . 2008-11-04 20:06 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-04 19:39 . 2008-11-04 20:28 8 --a------ c:\windows\system32\nvModes.dat
2008-11-04 19:18 . 2008-11-04 19:18 <DIR> d-------- c:\program files\Ventrilo
2008-11-04 19:18 . 2008-11-04 20:40 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Ventrilo
2008-11-04 19:06 . 2008-11-04 19:06 <DIR> d-------- c:\program files\ffdshow
2008-11-04 19:06 . 2006-12-10 23:32 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-04 19:06 . 2006-12-10 23:32 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-04 19:06 . 2008-06-08 23:58 60,273 --a------ c:\windows\system32\pthreadGC2.dll
2008-11-04 19:06 . 2008-06-12 20:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-04 19:06 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-04 19:02 . 2008-11-04 19:02 <DIR> d-------- c:\program files\TVersity
2008-11-04 18:33 . 2008-11-04 19:09 <DIR> d-------- c:\program files\AltBinz
2008-11-04 18:31 . 2008-11-08 22:14 31,056 --a------ c:\windows\system32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000004-20021102}.rfx
2008-11-04 18:31 . 2008-11-08 22:14 31,056 --a------ c:\windows\system32\BMXState-{00000004-00000000-00000003-00001102-00000004-20021102}.rfx
2008-11-04 18:31 . 2008-11-08 22:14 30,528 --a------ c:\windows\system32\BMXCtrlState-{00000004-00000000-00000003-00001102-00000004-20021102}.rfx
2008-11-04 18:31 . 2008-11-08 22:14 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000003-00001102-00000004-20021102}.rfx
2008-11-04 18:31 . 2008-11-08 22:14 11,564 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000003-00001102-00000004-20021102}.rfx
2008-11-04 18:31 . 2008-04-14 00:15 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2008-11-04 18:31 . 2008-04-14 00:15 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-11-04 18:28 . 2008-11-04 18:28 <DIR> d-------- c:\documents and settings\Goonsac\Application Data\Creative
2008-11-04 18:27 . 2008-11-04 18:28 <DIR> d-------- c:\windows\system32\Data
2008-11-04 18:27 . 2008-11-04 22:55 <DIR> d-------- c:\program files\Logitech
2008-11-04 18:27 . 2008-11-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-04 18:27 . 2008-04-14 00:49 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-04 18:27 . 2008-04-14 00:49 146,048 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-04 18:27 . 2008-04-14 05:42 129,536 --a------ c:\windows\system32\ksproxy.ax
2008-11-04 18:27 . 2008-04-14 05:42 129,536 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-11-04 18:27 . 2008-04-14 00:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-04 18:27 . 2008-04-14 00:15 60,160 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-04 18:27 . 2008-04-14 05:41 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-04 18:27 . 2008-04-14 05:41 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-11-04 18:24 . 2008-11-04 18:24 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-04 18:24 . 2008-11-06 18:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-04 18:24 . 2008-11-04 20:21 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-04 18:24 . 2008-11-04 18:24 <DIR> d-------- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 04:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 00:28 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-05 00:28 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-04 23:48 --------- d-----w c:\program files\Kaspersky Lab
2008-11-04 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-04 23:43 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-04 23:39 --------- d-----w c:\program files\Realtek
2008-11-04 23:39 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 23:39 --------- d-----w c:\documents and settings\Goonsac\Application Data\InstallShield
2008-11-04 23:38 --------- d-----w c:\program files\Intel
2008-11-04 23:28 --------- d-----w c:\program files\microsoft frontpage
2008-10-13 15:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 15:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 15:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 15:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 15:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-08-29 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w c:\windows\system32\dnssd.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_14.17.03.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 05:28:25 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-09 05:28:53 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-11-09 05:29:16 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
+ 2008-11-09 00:00:57 2,252 ----a-w c:\windows\SoftwareDistribution\EventCache\{EFB784ED-5A86-484B-A7EA-801F1DF88CC9}.bin
+ 2008-11-09 09:59:40 2,252 ----a-w c:\windows\SoftwareDistribution\EventCache\{F5CA0BE3-5A5F-4304-8156-0EB980A898C7}.bin
+ 2008-04-17 19:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 19:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-01 19:01:28 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2003-08-29 09:23:49 94,274 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPBHEALR.DLL
+ 2003-08-29 09:23:50 40,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPBMMON.DLL
+ 2003-08-29 09:23:50 58,368 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPDOMON.DLL
+ 2003-08-29 09:23:50 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\IMF32.DLL
+ 2003-08-29 09:23:50 36,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\IMFNT5.DLL
+ 2003-08-29 09:23:50 49,152 ----a-w c:\windows\system32\spool\drivers\w32x86\3\IMFPRINT.DLL
+ 2003-08-29 09:23:51 26,624 ----a-w c:\windows\system32\spool\drivers\w32x86\3\QDPRINT.DLL
+ 2003-08-29 09:23:51 77,824 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SD32.DLL
+ 2003-08-29 09:23:51 61,440 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDDM32.DLL
+ 2003-08-29 09:23:51 122,880 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDDMUI.DLL
+ 2003-08-29 09:23:51 237,568 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDHP1010.DLL
+ 2003-08-29 09:23:52 36,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDIMF32.DLL
+ 2003-08-29 09:23:52 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDNT5UI.DLL
+ 2003-08-29 09:23:52 5,632 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SDNTUM4.DLL
+ 2003-08-29 09:23:52 155,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SR32.DLL
+ 2003-08-29 09:23:52 237,568 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SUHP1010.DLL
+ 2003-08-29 09:23:52 40,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ZGDI32.DLL
+ 2003-08-29 09:23:53 86,016 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ZSPOOL.DLL
+ 2003-08-29 09:23:53 24,576 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ZTAG32.DLL
+ 2008-11-09 04:15:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1234712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-04 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
"nwiz"="nwiz.exe" [2008-10-23 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-04 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 76040]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-04 152984]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 ALLOW-IO;ALLOW-IO;E:\ALLOW-IO.sys [ ]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826314a9-aa8d-11dd-bc81-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

*Newly Created Service* - APPLE_MOBILE_DEVICE
*Newly Created Service* - BONJOUR_SERVICE
*Newly Created Service* - IPOD_SERVICE
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 12:48:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-09 12:48:52
ComboFix-quarantined-files.txt 2008-11-09 18:48:50
ComboFix2.txt 2008-11-08 20:17:17

Pre-Run: 137,128,189,952 bytes free
Post-Run: 137,119,285,248 bytes free

243

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:27 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 5275 bytes

right as Combofix started and the screen refreshed itself it started up my AVG scan but after it was finished i clicked the avg scan and it doesnt even show a system scan going on just the scan icon in the tray

#51 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 12:56 PM

Cracks & Keygens .. C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\download.mp4 C:\DOCUME~1\Goonsac\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Sending Cd's to the Military _ Crack.tmp\Info.plist do u want me to go delete these 3 files?

#52 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 12:56 PM

We need to see if those 85.xx.xx.xx are gone.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #5 - Search and Clean DNS Hijack by typing 5 and press Enter
Answer Yes to the question by typing Y and hit Enter.

Please post:
c:\rapport.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#53 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 12:59 PM

SmitFraudFix v2.373 Scan done at 12:58:08.32, Sun 11/09/2008 Run from C:\Documents and Settings\Goonsac\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 85.255.112.75 DNS Server Search Order: 85.255.112.79 HKLM\SYSTEM\CCS\Services\Tcpip\..\{46B71314-81C9-4D7A-B58E-04244044E15E}: DhcpNameServer=85.255.112.75 85.255.112.79 HKLM\SYSTEM\CS1\Services\Tcpip\..\{46B71314-81C9-4D7A-B58E-04244044E15E}: DhcpNameServer=85.255.112.75 85.255.112.79 HKLM\SYSTEM\CS2\Services\Tcpip\..\{46B71314-81C9-4D7A-B58E-04244044E15E}: DhcpNameServer=85.255.112.75 85.255.112.79 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.75 85.255.112.79 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.75 85.255.112.79 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.75 85.255.112.79 »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.75 85.255.112.79

#54 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 01:05 PM

Download Fixwareout from here: It will take several seconds for the page to load.
http://www.4shared.c...Fixwareout.html

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads a text that will open (report.txt) Please save this file, you'll need to post it with a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#55 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 01:11 PM

Username "Goonsac" - 11/09/2008 13:07:16 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{46B71314-81C9-4D7A-B58E-04244044E15E}
"DhcpNameServer"="85.255.112.75" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\GamePanel Software\\LCD Manager\\LCDMon.exe\""
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\GamePanel Software\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"CTHelper"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:22 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 5606 bytes

Advertisements

Register to Remove

#56 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 01:19 PM

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#57 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 01:21 PM

SmitFraudFix v2.373 Scan done at 13:20:14.71, Sun 11/09/2008 Run from C:\Documents and Settings\Goonsac\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 85.255.112.75 DNS Server Search Order: 85.255.112.79 HKLM\SYSTEM\CCS\Services\Tcpip\..\{46B71314-81C9-4D7A-B58E-04244044E15E}: DhcpNameServer=85.255.112.75 85.255.112.79 »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.75 85.255.112.79

#58 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 01:27 PM

Lets do this again. Click Start> Run> type in CMD tap enter key Copy/Paste or type in: ipconfig /flushdns If you are typing this in, note the space between the g /f It needs to be there. Now lets check some settings on your system. Enter your Control Panel and double-click on Network Connections Then right click on your Default Connection Usually Local Area Connection for Cable and DSL Left click on Properties Double-Click on the Internet Protocol (TCP/IP) item Select the radio dial that says Obtain DNS Servers Automatically Note: Do this for all Network Connections Press OK twice to get out of the properties screen and reboot if it asks

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#59 Goonsac

Authentic Member

Authentic Member
68 posts

Posted 09 November 2008 - 01:30 PM

OK did the flushdns and when i went to Obtain DNS Servers Automatically they were already set to automatic

#60 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 09 November 2008 - 01:32 PM

Launch Malwarebytes' Anti-Malware,
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme