Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] I have trouble with "BrowserModifier:Win32/Fotomo

Started by SailorFromNorway , Dec 30 2007 03:04 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 SailorFromNorway

SailorFromNorway

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 December 2007 - 03:04 PM

Hello.
I am a new member on this great useful forum and for the first time I also need help.
When I connect to internet Windows Defender comes up with message that I have BroswerModifier:Win32/Fotomoto in my laptop.
When I start up Internet Explorer, several windows pops up with different commersials, the homepage is also changed and I have two times suddenly seen that
only the background picture on my desktop is showing, nothing more, no menu, start anything.
I am running Windows Vista Home Premium on a Dell XPS M1730.

Here is the log that came up after running HJT:

Logfile of HijackThis v1.99.1
Scan saved at 21:56:19, on 30.12.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theoc-gaming.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Astor\AppData\Local\Temp\fccbb.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Astor\AppData\Local\Temp\fccbb.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\Astor\AppData\Local\Temp\xekogwxx .exe
O4 - HKCU\..\Run: [b2479a57] rundll32.exe "C:\Users\Astor\AppData\Local\Temp\kvhgdeyd.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUpldnb-no.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1627E12A-E6D4-44BB-81A6-C7CEFEC8B2C4}: NameServer = 212.17.131.3 148.122.208.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{1627E12A-E6D4-44BB-81A6-C7CEFEC8B2C4}: NameServer = 212.17.131.3 148.122.208.99
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebbxur - C:\Windows\SYSTEM32\gebbxur.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Thank you for the help I might get. Have a nice day.

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 31 December 2007 - 09:04 AM

Hello and Welcome to the forum.

I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

F3 - REG:win.ini: load=C:\Users\Astor\AppData\Local\Temp\fccbb.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Astor\AppData\Local\Temp\fccbb.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\Astor\AppData\Local\Temp\xekogwxx .exe
O4 - HKCU\..\Run: [b2479a57] rundll32.exe "C:\Users\Astor\AppData\Local\Temp\kvhgdeyd.dll",b
O13 - Gopher Prefix:
O20 - Winlogon Notify: gebbxur - C:\Windows\SYSTEM32\gebbxur.dll

Close ALL windows and browsers except HijackThis and click "Fix checked"



Delete these Files if listed:
C:\Users\Astor\AppData\Local\Temp <--All files in this folder
C:\Windows\SYSTEM32\gebbxur.dll


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 SailorFromNorway

SailorFromNorway

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 31 December 2007 - 05:20 PM

Thank you LDTate for the quick response.

I did as you wrote, carefully and step by step so I did not miss anything.
When I did a new system scan,there was two lines missing in the new system scan of those on the list you wanted me to check, the lines was:

O4 - HKCU\..\Run: [DDC] C:\Users\Astor\AppData\Local\Temp\xekogwxx .exe
O4 - HKCU\..\Run: [b2479a57] rundll32.exe "C:\Users\Astor\AppData\Local\Temp\kvhgdeyd.dll",b

I hoped the best and checked the other lines and pushed the fix checked button (everything else was closed).

Then I runned the ATF Cleaner and did as you told me to.

I rebooted the laptop, after the 10 seconds after loggin in the same message from Windows Defender came up with finding BrowserModifier:Win32/Fotomoto.
When I started up Internet Explorer the popups started again, and suddenly all my icons on the desktop went away, including the Start button and the "help bar" on the bottom.
So I had to reboot the computer again, and is now writing this.

I am doing a new HJT log for you now, so you can see if anything dodgy is still there.

Thank you again for trying to help me :)

---

Logfile of HijackThis v1.99.1
Scan saved at 00:19:35, on 01.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....eoc-gaming.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Astor\AppData\Local\Temp\fccbb.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DDC] C:\Users\Astor\AppData\Local\Temp\ypmhiimx .exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Astor\AppData\Local\Temp\fccbb.dll,c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUpldnb-no.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 31 December 2007 - 05:27 PM

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 SailorFromNorway

SailorFromNorway

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 January 2008 - 02:20 PM

Hello again LTDate, and thank you for another quick reply.

Attached is the ComboFix log.

And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:16:09, on 01.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....eoc-gaming.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUpldnb-no.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

--------------------------------------------------------

Happy new year :)

Attached Files


#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 January 2008 - 06:44 AM

Do Not attach it. You need to copy / paste it here.

This is what it looks like if I open it from the attachment.

ComboFix 07-12-31.4 - Astor 2008-01-01 21:08:01.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.2230 [GMT 1:00] Running from: C:\Users\Astor\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dell\E-Center\EULALauncher.exe C:\Users\Astor\AppData\Local\Temp\xekogwxx .exe C:\Users\Astor\AppData\Local\Temp\xekogwxx.exe C:\Users\Astor\AppData\Local\Temp\ypmhiimx.exe C:\Users\Astor\AppData\Roaming\inst.exe C:\Windows\mrofinu922.exe C:\Windows\system32\gebbxur.dll . ((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))) . 2008-01-01 21:06 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2007-12-30 23:03 . 2007-12-30 23:40

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 SailorFromNorway

SailorFromNorway

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 03 January 2008 - 02:44 AM

Hello again LDTate.
Sorry for the wrong attaching.

Here is the combofix:

Running from: C:\Users\Astor\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dell\E-Center\EULALauncher.exe
C:\Users\Astor\AppData\Local\Temp\xekogwxx .exe
C:\Users\Astor\AppData\Local\Temp\xekogwxx.exe
C:\Users\Astor\AppData\Local\Temp\ypmhiimx.exe
C:\Users\Astor\AppData\Roaming\inst.exe
C:\Windows\mrofinu922.exe
C:\Windows\system32\gebbxur.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 21:06 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2007-12-30 23:03 . 2007-12-30 23:40 <DIR> d-------- C:\Users\Astor\AppData\Roaming\HouseCall 6.6
2007-12-30 22:57 . 2007-12-30 22:57 <DIR> d-------- C:\Windows\Sun
2007-12-30 21:23 . 2007-12-30 21:23 <DIR> d-------- C:\Users\Astor\AppData\Roaming\PC Tools
2007-12-30 21:23 . 2007-12-30 23:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-30 21:23 . 2007-12-30 21:26 74,240 --a------ C:\Windows\System32\drivers\iksyssec.sys
2007-12-30 21:23 . 2007-12-30 21:26 56,832 --a------ C:\Windows\System32\drivers\iksysflt.sys
2007-12-30 21:23 . 2007-10-18 00:14 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2007-12-30 21:23 . 2007-10-18 00:16 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2007-12-30 21:22 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-30 20:57 . 2007-12-30 20:57 0 --ah----- C:\ProgramData.LOG2
2007-12-30 20:57 . 2007-12-30 20:57 0 --ah----- C:\ProgramData.LOG1
2007-12-30 20:10 . 2007-12-30 20:35 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-30 20:10 . 2007-12-30 20:35 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-30 09:02 . 2007-12-30 09:02 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-30 09:02 . 2007-12-30 09:02 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-30 08:28 . 2007-12-30 09:02 <DIR> d-------- C:\Users\Astor\AppData\Roaming\Lavasoft
2007-12-30 08:28 . 2007-12-30 09:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-27 19:47 . 2007-12-27 19:47 <DIR> dr-h----- C:\Users\Astor\AppData\Roaming\SecuROM
2007-12-27 19:45 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-12-27 19:45 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-12-27 19:45 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-12-27 19:44 . 2007-12-27 19:44 <DIR> d-------- C:\Users\All Users\Media Center Programs
2007-12-27 19:44 . 2007-12-27 19:44 <DIR> d-------- C:\ProgramData\Media Center Programs
2007-12-27 19:36 . 2007-12-27 19:36 <DIR> d-------- C:\Program Files\Electronic Arts
2007-12-26 09:24 . 2007-12-26 09:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-26 09:23 . 2007-12-26 09:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-18 20:32 . 2007-12-18 20:32 <DIR> d-------- C:\Program Files\Hello
2007-12-16 23:44 . 2007-12-21 22:18 <DIR> d-------- C:\Users\Astor\AppData\Roaming\dvdcss
2007-12-16 23:35 . 2007-12-16 23:35 <DIR> d-------- C:\Users\Astor\AppData\Roaming\Nokia Multimedia Player
2007-12-16 20:44 . 2007-12-16 20:48 <DIR> d-------- C:\Program Files\Valve
2007-12-16 08:48 . 2007-12-16 08:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-16 08:47 . 2007-12-16 08:48 <DIR> d-------- C:\Program Files\Real
2007-12-16 08:47 . 2007-12-16 08:47 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-16 08:16 . 2007-12-16 08:16 <DIR> d-------- C:\Users\All Users\{4491CDFD-0357-46ED-94DE-08763FD4D193}
2007-12-16 08:16 . 2007-12-16 08:16 <DIR> d-------- C:\ProgramData\{4491CDFD-0357-46ED-94DE-08763FD4D193}
2007-12-16 08:16 . 2007-12-16 08:16 <DIR> d-------- C:\Program Files\BurnAware Free Edition
2007-12-15 09:56 . 2007-12-15 09:56 <DIR> d-------- C:\Games
2007-12-13 06:19 . 2007-12-13 06:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-13 06:19 . 2007-12-13 06:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-13 06:19 . 2007-12-13 06:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-13 06:19 . 2007-12-13 06:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 06:18 . 2007-12-13 06:18 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 06:18 . 2007-12-13 06:18 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 06:18 . 2007-12-13 06:18 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-12 22:12 . 2007-12-12 22:12 <DIR> d-------- C:\Users\All Users\Nokia
2007-12-12 22:12 . 2007-12-12 22:12 <DIR> d-------- C:\ProgramData\Nokia
2007-12-08 16:04 . 2007-12-08 16:04 <DIR> d-------- C:\Program Files\MagicISO
2007-12-08 10:10 . 2007-12-08 10:10 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-06 23:46 . 2007-12-30 09:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 13:23 . 2007-12-04 13:23 <DIR> d-------- C:\Program Files\Ubisoft
2007-12-04 11:41 . 2007-12-04 11:41 61,480 --a------ C:\Users\Astor\GoToAssistDownloadHelper.exe
2007-12-04 11:31 . 2007-12-04 11:36 <DIR> d-------- C:\Users\All Users\PC Suite
2007-12-04 11:31 . 2007-12-04 11:36 <DIR> d-------- C:\ProgramData\PC Suite
2007-12-04 11:30 . 2007-12-16 23:27 <DIR> d-------- C:\Users\Astor\AppData\Roaming\Nokia
2007-12-04 11:30 . 2007-12-04 11:30 <DIR> d-------- C:\Program Files\DIFX
2007-12-04 11:30 . 2007-12-26 09:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-04 11:29 . 2007-12-04 11:36 <DIR> d-------- C:\Users\Astor\AppData\Roaming\PC Suite
2007-12-04 11:28 . 2007-12-26 09:24 <DIR> d-------- C:\Program Files\Nokia
2007-12-04 11:28 . 2007-02-22 10:15 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-12-04 11:23 . 2007-12-12 21:14 <DIR> d-------- C:\Users\All Users\Installations
2007-12-04 11:23 . 2007-12-12 21:14 <DIR> d-------- C:\ProgramData\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 20:37 27,335 ----a-w C:\Users\Astor\AppData\Roaming\nvModes.dat
2007-12-28 08:15 --------- d-----w C:\Users\Astor\AppData\Roaming\Vso
2007-12-27 18:45 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2007-12-27 18:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2007-12-27 18:45 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2007-12-27 18:45 22,328 ----a-w C:\Users\Astor\AppData\Roaming\PnkBstrK.sys
2007-12-27 18:45 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2007-12-21 11:53 --------- d-----w C:\Program Files\Steam
2007-12-16 19:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 05:20 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 05:20 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 05:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 05:20 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 05:20 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 05:20 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-07 15:02 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-01 08:21 --------- d-----w C:\Program Files\Common Files\Steam
2007-11-29 07:28 --------- d-----w C:\Users\Astor\AppData\Roaming\IGN_DLM
2007-11-25 20:17 --------- d-----w C:\Program Files\Google
2007-11-25 16:30 --------- d-----w C:\Users\Astor\AppData\Roaming\vlc
2007-11-25 16:29 --------- d-----w C:\Program Files\VideoLAN
2007-11-25 13:43 86,016 ----a-w C:\Windows\System32\OpenAL32.dll
2007-11-25 13:43 262,144 ----a-w C:\Windows\System32\wrap_oal.dll
2007-11-23 21:55 --------- d-----w C:\ProgramData\NVIDIA
2007-11-23 19:47 --------- d-----w C:\ProgramData\vsosdk
2007-11-23 16:25 --------- d-----w C:\ProgramData\McAfee
2007-11-22 23:43 --------- d-----w C:\ProgramData\Apple Computer
2007-11-22 23:43 --------- d-----w C:\ProgramData\Apple
2007-11-22 23:43 --------- d-----w C:\Program Files\QuickTime
2007-11-22 23:43 --------- d-----w C:\Program Files\Apple Software Update
2007-11-22 14:54 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2007-11-22 14:54 47,360 ----a-w C:\Users\Astor\AppData\Roaming\pcouffin.sys
2007-11-22 14:54 --------- d-----w C:\Program Files\VSO
2007-11-22 14:53 --------- d-----w C:\Program Files\ImgBurn
2007-11-22 14:53 --------- d-----w C:\Program Files\CoreFTP
2007-11-22 14:49 --------- d-----w C:\Program Files\ImTOO
2007-11-22 12:35 --------- d-----w C:\Program Files\BitComet
2007-11-22 11:58 --------- d-----w C:\Program Files\Download Manager
2007-11-22 09:56 --------- d-----w C:\Users\Astor\AppData\Roaming\InstallShield
2007-11-22 09:46 --------- d-----w C:\Users\Astor\AppData\Roaming\CyberLink
2007-11-22 09:45 --------- d-----w C:\ProgramData\CyberLink
2007-11-21 18:30 --------- d-----w C:\Users\Astor\AppData\Roaming\Roxio
2007-11-21 14:42 --------- d-----w C:\ProgramData\WLInstaller
2007-11-21 14:00 --------- d-----w C:\Program Files\EA GAMES
2007-11-21 13:23 --------- d-s---w C:\Program Files\HLSW
2007-11-21 13:06 --------- d-----w C:\Users\Astor\AppData\Roaming\teamspeak2
2007-11-21 13:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-11-21 11:09 174 --sha-w C:\Program Files\desktop.ini
2007-11-21 11:06 --------- d-----w C:\Program Files\Windows Mail
2007-11-21 11:06 --------- d-----w C:\Program Files\Windows Calendar
2007-11-21 10:45 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-21 10:45 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-21 10:45 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-21 10:45 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-21 10:45 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-21 10:45 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-21 10:45 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-21 10:45 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-21 10:45 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-21 10:45 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-21 10:45 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-21 10:45 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-21 10:45 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-21 10:45 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-21 10:45 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-21 10:45 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-21 10:45 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-21 10:45 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-21 10:45 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-21 10:44 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-21 10:44 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-21 10:44 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-21 10:44 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-21 10:44 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-21 10:44 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-21 10:44 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-21 10:44 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-21 10:44 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-21 10:44 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-21 10:44 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-21 10:44 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-21 10:44 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-21 10:44 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-21 10:44 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-21 10:41 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-21 10:41 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-21 10:41 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-21 10:41 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-21 10:38 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-21 10:37 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-21 10:37 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-21 10:37 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-21 10:37 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-21 10:37 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-21 10:37 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-21 10:37 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-21 10:37 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-21 10:37 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-21 10:37 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-21 10:37 31,232 ----a-w C:\Windows\System32\msvidc32.dll
.
----a-w			17,920 2008-01-01 19:58:47  C:\DELL\E-Center\EULALauncher .exe
----a-w			74,304 2008-01-01 19:58:50  C:\Users\Astor\AppData\Local\Temp\ypmhiimx .exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-25 14:55 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-14 22:26 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-23 06:34 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 06:54 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-07-18 14:03 405504]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-14 15:08 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-09-21 01:07 184320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-23 00:41 286720]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-10 22:19:24]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 14:30]
R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 06:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 06:55]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-09-13 07:43]
S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 05:35]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-11-30 22:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:09:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 21:10:05
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 20:10:03
.
2007-12-28 07:43:46 --- E O F ---



After Combofix was runned and computer rebootet, I did not get any more messages from Windows Defender about the Fotomojo warning.
The homepage is also not changing and I have not seen my desktop icons go away.
So probably the combofix did it?
Or can the program be lurking in the background ready to pop up at anytime?

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 January 2008 - 03:35 PM

You have a few infection which infects legitimate files.
Please read the instructions carefully. Print them out if you have a printer.

Do Not reboot until combofix runs and reboots your system

  • 1.Download RenV.exe by sUBs to your desktop
    2. Double click on it to run it
    It will search your system drive looking for any modified .exe file and will produce a log for you named log.txt

================================================================================
=========
1.) Copy the following text to a new notepad file.
Save it as CFScript.txt but do NOT use it yet.

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt (Overwrite the existing one)
  • Change the Save as Type to All Files
  • and Save it on the desktop

Folder _linenums:0'><strong class='bbc'>Folder::</strong>
C:\ProgramData\{4491CDFD-0357-46ED-94DE-08763FD4D193}
C:\Users\All Users\{4491CDFD-0357-46ED-94DE-08763FD4D193}


2.) Drag log.txt from desktop that RenV created on top of RenV.exe
Follow the prompts.
Once done it makes a log.
Post its results.

3.) Drag CFScript on top of combofix.exe and let it run.
Post the new log it makes when machine reboots.

Let me know how machine is running.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 January 2008 - 04:03 PM

Do you still need help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 SailorFromNorway

SailorFromNorway

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 January 2008 - 10:49 AM

Hello LDTate. I think everything should be all ok now, has been away on a course but back now and the computer runs smoothly. So I shall not bother you anymore for this time with questions. Thank you again for all the tech help you and your group do for us "noobs" out there. Keep up the good work

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 January 2008 - 11:07 AM

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Posted Image
  • If shown the disclaimer, Select "2"



You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.
Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 January 2008 - 04:01 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·