Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]Combofix.exe Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 stevencomerthornley

stevencomerthornley

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 20 July 2007 - 06:15 PM

"Owner" - 2007-07-20 20:06:03 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wl.exe


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 20:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 17:53 <DIR> d-------- C:\Program Files\RivaTuner v2.02
2007-07-19 22:22 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-07-19 22:22 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-07-19 22:17 <DIR> d-------- C:\Program Files\Realtek AC97
2007-07-19 20:07 <DIR> d-------- C:\Program Files\Setup Files
2007-07-19 19:52 45,056 --a------ C:\WINDOWS\system32\SUSBKey.dll
2007-07-19 19:52 45,056 --a------ C:\WINDOWS\system32\ginamsi.dll
2007-07-19 19:51 53,248 --a------ C:\WINDOWS\nvgpio.dll
2007-07-19 19:51 499,712 --a------ C:\WINDOWS\msvcp71.dll
2007-07-19 19:51 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2007-07-19 19:51 380,928 --a------ C:\WINDOWS\nvsulib.dll
2007-07-19 19:51 348,160 --a------ C:\WINDOWS\msvcr71.dll
2007-07-19 19:51 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2007-07-19 19:51 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2007-07-19 19:49 8,704 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2007-07-19 19:49 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2007-07-19 19:49 <DIR> d-------- C:\Program Files\MSI
2007-07-14 11:03 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-07-12 22:04 <DIR> d-------- C:\VundoFix Backups
2007-07-12 03:22 81,920 --a--c--- C:\WINDOWS\system32\frapsvid.dll
2007-07-10 20:20 <DIR> d-------- C:\DOCUME~1\Owner\WINDOWS
2007-07-07 10:58 <DIR> d-------- C:\Alien Arena 2007
2007-07-06 21:21 <DIR> d-------- C:\Program Files\Flock
2007-07-06 21:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Flock
2007-07-06 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-03 12:33 6,784 --a------ C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 352,256 --a------ C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll
2007-06-29 18:17 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-06-29 18:17 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-06-27 19:23 <DIR> d-------- C:\Program Files\MagicISO
2007-06-25 22:21 1,073,152 --a------ C:\WINDOWS\system32\nvCplUIR.dll
2007-06-25 22:20 753,664 --a------ C:\WINDOWS\system32\nvCplUI.exe
2007-06-25 22:20 307,200 --a------ C:\WINDOWS\system32\nvExpBar.dll
2007-06-23 18:09 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-06-23 18:09 <DIR> d-------- C:\Program Files\NGONVOD215822
2007-06-23 17:41 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-06-23 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-06-23 16:42 <DIR> d-------- C:\WINDOWS\nview


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 22:34:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Smart Recorder
2007-07-20 10:52:01 -------- d-----w C:\Program Files\LogMeIn
2007-07-20 02:18:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-20 02:06:26 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-07-20 02:06:26 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-07-13 01:14:31 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-13 01:08:04 -------- d-----w C:\Program Files\SpywareGuard
2007-07-11 22:58:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-07-11 22:41:46 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-07-07 15:49:35 -------- d-----w C:\Program Files\Trillian
2007-07-07 02:59:27 -------- d-----w C:\Program Files\HLSW
2007-06-24 19:36:27 -------- d-----w C:\Program Files\Microsoft Works
2007-06-23 14:27:24 -------- d-----w C:\Program Files\Google
2007-06-23 14:19:33 -------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-06-16 21:51:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-06-16 21:37:49 -------- d-----w C:\Program Files\Common Files\L&H
2007-06-16 21:37:37 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-16 21:36:46 -------- d-----w C:\Program Files\Microsoft.NET
2007-06-13 23:17:31 509,984 ----a-w C:\HTGD0006.exe
2007-06-13 23:17:31 40,960 ----a-w C:\HTGD0003.exe
2007-06-13 23:17:31 36,864 ----a-w C:\HTGD0005.exe
2007-06-05 23:24:03 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-05 23:22:34 -------- d-----w C:\Program Files\Nero
2007-06-04 23:46:50 -------- d-----w C:\Program Files\BitTorrent
2007-06-04 23:46:50 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-06-04 23:46:25 -------- d-----w C:\Program Files\Ventrilo
2007-06-04 23:46:25 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 23:46:21 -------- d-----w C:\Program Files\Windows Installer Clean Up
2007-06-04 23:46:20 -------- d-----w C:\Program Files\Ventrilo(2)
2007-06-04 23:20:03 -------- d-----w C:\Program Files\MSECACHE
2007-06-03 13:35:07 -------- d-----w C:\Program Files\Torbutton
2007-06-02 12:49:33 -------- d-----w C:\Program Files\FLAC
2007-05-25 23:10:39 -------- d-----w C:\Program Files\DivX
2007-05-25 21:41:03 1,571,916 --sh--w C:\WINDOWS\system32\cdeeg.bak1
2007-05-25 21:40:56 285,273 ---ha-w C:\WINDOWS\system32\geedc.dll.vir
2007-05-25 19:22:10 26,176 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-05-25 19:22:08 10,304 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2007-05-25 19:22:06 24,000 ----a-w C:\WINDOWS\system32\LMImirr.dll
2007-05-25 19:22:04 63,040 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-05-24 22:33:49 4,734 -c--a-w C:\WINDOWS\mozver.dat
2007-05-24 19:42:04 -------- d-----w C:\Program Files\Kirby Alarm
2007-05-23 01:38:48 -------- d-----w C:\Program Files\PowerISO
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 13:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 19:56:06 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 13:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-05-11 19:23:36 204,800 ----a-w C:\WINDOWS\system32\g0.exe
2007-05-11 19:23:36 107,008 ----a-w C:\WINDOWS\system32\IDes.exe
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 20:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 -c--a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-21 22:19:03 77,824 ----a-w C:\WINDOWS\system32\bzip2.exe
2007-04-21 21:48:59 1,406,135 --sh--w C:\WINDOWS\system32\rtstv.bak2


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --------- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
2003-08-02 23:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --------- C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-05-10 22:47 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-20 19:07]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55]
"nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
"RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [2007-07-01 15:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll --a------ 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autoplay.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 20:08:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 20:09:26
C:\ComboFix-quarantined-files.txt ... 2007-07-20 20:09

--- E O F ---














My mainboard shorted, then I rebuilt my computer, between then and now I ran a virtuomonde removal tool, so maybe that fixed it, I don't know.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 July 2007 - 06:38 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\geedc.dll.vir
C:\WINDOWS\system32\g0.exe
C:\WINDOWS\system32\IDes.exe
C:\WINDOWS\system32\rtstv.bak2

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 stevencomerthornley

stevencomerthornley

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 20 July 2007 - 08:14 PM

"Owner" - 2007-07-20 22:09:00 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\hijackthis\other programs from TomCoyote\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\atxmqrsr.dll.bad
C:\VundoFix Backups\cfakrhro.dll.bad
C:\VundoFix Backups\inqfegdj.dll.bad
C:\VundoFix Backups\isgkmsqh.dll.bad
C:\VundoFix Backups\jwvuchud.dll.bad
C:\VundoFix Backups\keasikqk.ini.bad
C:\VundoFix Backups\kqkisaek.dll.bad
C:\VundoFix Backups\lovacjle.dll.bad
C:\VundoFix Backups\ltrbwkcl.dll.bad
C:\VundoFix Backups\mlmyxprn.dll.bad
C:\VundoFix Backups\mvskifgg.dll.bad
C:\VundoFix Backups\ntvddovw.dll.bad
C:\VundoFix Backups\oterswcs.dll.bad
C:\VundoFix Backups\owxbpqyc.dll.bad
C:\VundoFix Backups\oxmllloa.dll.bad
C:\VundoFix Backups\pcjrbsqa.dll.bad
C:\VundoFix Backups\pktughta.dll.bad
C:\VundoFix Backups\priwvamc.dll.bad
C:\VundoFix Backups\puprbiva.dll.bad
C:\VundoFix Backups\qgiupmuq.dll.bad
C:\VundoFix Backups\qwdgwvnn.dll.bad
C:\VundoFix Backups\rqixdotj.dll.bad
C:\VundoFix Backups\ttygvqjv.dll.bad
C:\VundoFix Backups\uhftpqhm.dll.bad
C:\VundoFix Backups\uqdpxdqs.dll.bad
C:\VundoFix Backups\vnqoyjle.dll.bad
C:\VundoFix Backups\ypyyftak.dll.bad
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\g0.exe
C:\WINDOWS\system32\geedc.dll.vir
C:\WINDOWS\system32\IDes.exe
C:\WINDOWS\system32\rtstv.bak2


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 20:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 17:53 <DIR> d-------- C:\Program Files\RivaTuner v2.02
2007-07-19 22:22 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-07-19 22:22 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-07-19 22:17 <DIR> d-------- C:\Program Files\Realtek AC97
2007-07-19 20:07 <DIR> d-------- C:\Program Files\Setup Files
2007-07-19 19:52 45,056 --a------ C:\WINDOWS\system32\SUSBKey.dll
2007-07-19 19:52 45,056 --a------ C:\WINDOWS\system32\ginamsi.dll
2007-07-19 19:51 53,248 --a------ C:\WINDOWS\nvgpio.dll
2007-07-19 19:51 499,712 --a------ C:\WINDOWS\msvcp71.dll
2007-07-19 19:51 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2007-07-19 19:51 380,928 --a------ C:\WINDOWS\nvsulib.dll
2007-07-19 19:51 348,160 --a------ C:\WINDOWS\msvcr71.dll
2007-07-19 19:51 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2007-07-19 19:51 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2007-07-19 19:49 8,704 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2007-07-19 19:49 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2007-07-19 19:49 <DIR> d-------- C:\Program Files\MSI
2007-07-14 11:03 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-07-12 03:22 81,920 --a--c--- C:\WINDOWS\system32\frapsvid.dll
2007-07-10 20:20 <DIR> d-------- C:\DOCUME~1\Owner\WINDOWS
2007-07-07 10:58 <DIR> d-------- C:\Alien Arena 2007
2007-07-06 21:21 <DIR> d-------- C:\Program Files\Flock
2007-07-06 21:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Flock
2007-07-06 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-03 12:33 6,784 --a------ C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 352,256 --a------ C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll
2007-06-29 18:17 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-06-29 18:17 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-06-27 19:23 <DIR> d-------- C:\Program Files\MagicISO
2007-06-25 22:21 1,073,152 --a------ C:\WINDOWS\system32\nvCplUIR.dll
2007-06-25 22:20 753,664 --a------ C:\WINDOWS\system32\nvCplUI.exe
2007-06-25 22:20 307,200 --a------ C:\WINDOWS\system32\nvExpBar.dll
2007-06-23 18:09 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-06-23 18:09 <DIR> d-------- C:\Program Files\NGONVOD215822
2007-06-23 17:41 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-06-23 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-06-23 16:42 <DIR> d-------- C:\WINDOWS\nview


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 02:08:25 -------- d-----w C:\Program Files\Trillian
2007-07-20 22:34:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Smart Recorder
2007-07-20 10:52:01 -------- d-----w C:\Program Files\LogMeIn
2007-07-20 02:18:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-20 02:06:26 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-07-20 02:06:26 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-07-13 01:14:31 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-13 01:08:04 -------- d-----w C:\Program Files\SpywareGuard
2007-07-11 22:58:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-07-11 22:41:46 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-07-07 02:59:27 -------- d-----w C:\Program Files\HLSW
2007-06-24 19:36:27 -------- d-----w C:\Program Files\Microsoft Works
2007-06-23 14:27:24 -------- d-----w C:\Program Files\Google
2007-06-23 14:19:33 -------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-06-16 21:51:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-06-16 21:37:49 -------- d-----w C:\Program Files\Common Files\L&H
2007-06-16 21:37:37 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-16 21:36:46 -------- d-----w C:\Program Files\Microsoft.NET
2007-06-13 23:17:31 509,984 ----a-w C:\HTGD0006.exe
2007-06-13 23:17:31 40,960 ----a-w C:\HTGD0003.exe
2007-06-13 23:17:31 36,864 ----a-w C:\HTGD0005.exe
2007-06-05 23:24:03 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-05 23:22:34 -------- d-----w C:\Program Files\Nero
2007-06-04 23:46:50 -------- d-----w C:\Program Files\BitTorrent
2007-06-04 23:46:50 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-06-04 23:46:25 -------- d-----w C:\Program Files\Ventrilo
2007-06-04 23:46:25 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 23:46:21 -------- d-----w C:\Program Files\Windows Installer Clean Up
2007-06-04 23:46:20 -------- d-----w C:\Program Files\Ventrilo(2)
2007-06-04 23:20:03 -------- d-----w C:\Program Files\MSECACHE
2007-06-03 13:35:07 -------- d-----w C:\Program Files\Torbutton
2007-06-02 12:49:33 -------- d-----w C:\Program Files\FLAC
2007-05-25 23:10:39 -------- d-----w C:\Program Files\DivX
2007-05-25 19:22:10 26,176 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-05-25 19:22:08 10,304 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2007-05-25 19:22:06 24,000 ----a-w C:\WINDOWS\system32\LMImirr.dll
2007-05-25 19:22:04 63,040 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-05-24 22:33:49 4,734 -c--a-w C:\WINDOWS\mozver.dat
2007-05-24 19:42:04 -------- d-----w C:\Program Files\Kirby Alarm
2007-05-23 01:38:48 -------- d-----w C:\Program Files\PowerISO
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 13:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 19:56:06 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 13:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 20:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 -c--a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-21 22:19:03 77,824 ----a-w C:\WINDOWS\system32\bzip2.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --------- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
2003-08-02 23:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --------- C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-05-10 22:47 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-20 19:07]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55]
"nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
"RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [2007-07-01 15:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll --a------ 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 22:11:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DigiCellDriver]
"ImagePath"="\??\C:\Program Files\MSI\DigiCell\NTGLM7X.sys"

Completion time: 2007-07-20 22:12:10
C:\ComboFix-quarantined-files.txt ... 2007-07-20 22:12
C:\ComboFix2.txt ... 2007-07-20 20:09

--- E O F ---

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 July 2007 - 08:17 PM

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 stevencomerthornley

stevencomerthornley

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 July 2007 - 05:46 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:41:51 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RivaTuner v2.02\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /T
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158629451156
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe














Right now I don't seem to have any problems, I did run the VundoFix.exe program before my mainboard shorted out and I was out of commission for a week, and it did find and remove quite a few things, BUT, I didn't want to assume that I'd fixed it on my own, I wanted to have a wiser, smarter person to review the system information before I felt safe.

But, like I said, there doesn't seem to be any problems right now.

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 July 2007 - 05:52 AM

You can remove any programs / Tools I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Download and install Ad-Aware.
    You should also scan your computer with this program on a regular basis
    just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.
Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 stevencomerthornley

stevencomerthornley

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 July 2007 - 06:54 AM

thank you :wavey:

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 July 2007 - 06:56 AM

You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 July 2007 - 06:57 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users