miunst.exe?

breadcrab · 05-Jan-2008, 01:47 PM #1

AVG picked up a file named miunst.exe what is that

**Cheeseball81** · 05-Jan-2008, 02:39 PM #2

It looks like a virus.
Did it find anything else?

breadcrab · 08-Jan-2008, 08:14 PM #3

thats all it found.
but im wondering how did it get there

**Cheeseball81** · 08-Jan-2008, 10:22 PM #4

Go to here and download 'Hijack This!' self installer.
Save it to the desktop or other suitable place. DO NOT just press run from the website
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

breadcrab · 10-Jan-2008, 11:50 PM #5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:32 PM, on 10/01/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Program files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program files\photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\COMODO\Memory Firewall\cmfs32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
E:\Program files\logitech\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
E:\Program files\logitech\LowLight.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\LClock\LClock.exe
E:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
E:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program files\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program files\photoshop\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] E:\Program files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/...4/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197754093343
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://blscent.bellworld.ca/SiteRoot...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/...21/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program files\photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: cmfs - Unknown owner - C:\Program Files\COMODO\Memory Firewall\cmfs32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12567 bytes

**Cheeseball81** · 11-Jan-2008, 09:39 PM #6

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

breadcrab · 11-Jan-2008, 10:13 PM #7

ComboFix 08-01-11.3 - Johnny 2008-01-11 18:56:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.921 [GMT -8:00]
Running from: C:\Documents and Settings\Johnny\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 18:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 18:14 . 2008-01-11 18:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-10 21:20 . 2008-01-11 18:43 4,958,588 --------- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000008-10011102}.BAK
2008-01-10 20:49 . 2008-01-10 20:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-10 18:40 . 2008-01-10 18:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-09 18:18 . 2008-01-09 18:18 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-08 20:22 . 2008-01-08 20:22 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\Auslogics
2008-01-08 18:03 . 2008-01-11 18:15 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-01-08 18:03 . 2008-01-08 18:03 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-08 18:03 . 2008-01-08 18:03 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-08 17:58 . 2008-01-08 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-08 17:44 . 2008-01-08 18:03 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\Comodo
2008-01-08 17:42 . 2008-01-08 18:03 <DIR> d-------- C:\Program Files\Comodo
2008-01-08 15:43 . 2008-01-08 15:43 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\Talkback
2008-01-04 17:02 . 2008-01-04 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 17:00 . 2007-01-18 04:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 21:49 . 2008-01-03 21:49 <DIR> d-------- C:\Program Files\LClock
2008-01-03 15:14 . 2008-01-03 15:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-03 15:05 . 2008-01-11 19:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-01-03 14:57 . 2008-01-11 18:19 <DIR> d-------- C:\WINDOWS\system32\en
2008-01-03 14:57 . 2008-01-11 18:19 <DIR> d-------- C:\WINDOWS\l2schemas
2008-01-03 14:47 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005921_.tmp
2008-01-03 14:44 . 2004-08-03 23:56 3,385,856 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-01-03 14:44 . 2004-08-03 23:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-01-03 14:44 . 2004-08-03 21:59 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2008-01-03 14:44 . 2004-08-03 22:00 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2008-01-03 14:44 . 2004-08-03 22:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-01-03 14:42 . 2007-10-25 19:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-03 14:41 . 2007-04-18 08:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2008-01-03 11:35 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-03 11:28 . 2008-01-03 11:28 <DIR> d-------- C:\Program Files\Common Files\FotoWire
2008-01-03 11:28 . 2008-01-03 11:28 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\FotoWire
2008-01-03 11:27 . 2004-05-21 11:16 471,232 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-01-03 11:27 . 2004-05-27 07:49 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-03 11:27 . 2004-05-27 07:44 208,896 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-01-03 11:27 . 2004-05-27 07:46 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-01-03 11:27 . 2004-05-21 11:11 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-01-03 11:27 . 2004-05-21 20:05 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-01-03 11:27 . 2004-05-27 07:47 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-03 11:27 . 2004-05-21 10:12 5,993 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-03 11:25 . 2008-01-03 11:25 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-01-03 11:14 . 2008-01-03 11:34 241 --a------ C:\WINDOWS\QSync.INI
2008-01-03 11:13 . 2008-01-03 11:13 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-03 11:13 . 2008-01-03 11:26 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-03 11:13 . 2008-01-03 11:26 1,056 --a------ C:\WINDOWS\_delis32.ini
2008-01-03 11:12 . 2008-01-03 11:19 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-03 11:11 . 2008-01-03 11:11 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-01-03 11:10 . 2008-01-03 11:28 <DIR> d-------- C:\Program Files\Logitech
2008-01-02 21:22 . 2008-01-02 21:22 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\Corel
2008-01-02 21:17 . 2003-03-16 01:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-02 21:14 . 2008-01-02 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-02 20:54 . 2008-01-02 20:54 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-02 20:54 . 2008-01-02 20:54 <DIR> d-------- C:\Program Files\Tablet
2008-01-02 20:54 . 2008-01-11 19:03 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\WTablet
2008-01-02 20:54 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-02 20:54 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-02 20:54 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-02 20:54 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-02 20:54 . 2007-02-16 10:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-02 20:54 . 2007-02-16 11:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-02 20:37 . 2008-01-02 20:37 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-02 20:37 . 2008-01-02 20:37 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-01 12:58 . 2008-01-01 12:58 <DIR> d-------- C:\Program Files\MSBuild
2008-01-01 12:54 . 2008-01-01 12:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-01 12:52 . 2008-01-01 12:52 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-01 12:50 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-01 12:48 . 2008-01-01 12:48 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-01 12:42 . 2006-11-12 22:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2008-01-01 12:42 . 2006-11-12 22:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2008-01-01 12:42 . 2006-11-12 22:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-12-28 19:08 . 2007-12-28 19:08 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-28 19:08 . 2007-12-28 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-28 19:07 . 2007-12-28 19:07 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\SiteAdvisor
2007-12-28 19:07 . 2008-01-11 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-28 19:07 . 2007-12-28 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 11:36 . 2007-12-26 11:36 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2007-12-25 14:10 . 2007-12-25 14:10 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\mods
2007-12-25 14:10 . 2007-12-25 14:10 <DIR> d-------- C:\Documents and Settings\Johnny\Application Data\lua
2007-12-20 21:37 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-20 20:29 . 2007-12-20 20:29 <DIR> d-------- C:\WINDOWS\Sun
2007-12-20 19:36 . 2008-01-10 19:06 <DIR> d-------- C:\Program Files\Rainlendar2
2007-12-20 19:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-20 19:07 . 2007-12-20 19:08 <DIR> d-------- C:\Program Files\Java
2007-12-20 19:07 . 2007-12-20 19:07 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-20 16:58 . 2007-12-20 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 16:33 . 2007-12-20 16:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-20 16:30 . 2007-12-20 16:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-20 16:08 . 2007-12-20 16:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-20 15:50 . 2007-12-20 15:51 <DIR> d-------- C:\Program Files\CCleaner
2007-12-19 19:18 . 2008-01-04 11:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-19 16:59 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 16:58 . 2003-03-18 13:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-19 16:58 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-19 16:58 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-19 16:58 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-19 16:58 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-19 16:58 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-19 16:58 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-19 16:58 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-19 15:48 . 2007-12-19 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 02:51 --------- d-----w C:\Program Files\Steam
2008-01-09 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 04:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 04:37 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-21 03:56 21,496 -c--a-w C:\Documents and Settings\Johnny\Application Data\GDIPFONTCACHEV1.DAT
2007-12-18 23:35 --------- d-----w C:\Documents and Settings\Johnny\Application Data\MSN6
2007-12-14 03:27 --------- d-----w C:\Program Files\Sony
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-24 01:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-11 19:04 1266936]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-03 11:25 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 02:46 196608]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 10:27 65536]
"SpybotSD TeaTimer"="E:\Program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-10-07 12:04 2083664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-29 23:25 155648]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 15:18 579072]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"Windows Defender"="E:\Program files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Adobe Reader Speed Launcher"="E:\Program files\adobe\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-26 11:36 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 13:03 36640]
"Adobe Photo Downloader"="E:\Program files\photoshop\apdproxy.exe" [2006-12-22 07:29 67752]
"LogitechGalleryRepair"="E:\Program files\logitech\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="E:\Program files\logitech\LogiTray.exe" [2002-12-10 18:31 61440]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"COMODO Memory Firewall"="C:\Program Files\COMODO\Memory Firewall\cmf.exe" [2008-01-08 17:58 2236160]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-01-08 18:03 1481472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-13 21:21 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-03 11:25:49]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2004-12-05 16:44:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-08 18:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-08 18:03]
R2 cmfd;cmfd;C:\Program Files\COMODO\Memory Firewall\cmfd.sys [2008-01-08 17:58]
R2 cmfs;cmfs;C:\Program Files\COMODO\Memory Firewall\cmfs32.exe [2008-01-08 17:58]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 jbridgep;jbridgep;C:\DOCUME~1\Johnny\LOCALS~1\Temp\jbridgep.sys []
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-22 14:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{402315d4-5181-11d9-9055-000ea6ba6d3a}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 03:03:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Program files\Windows Defender\MpCmdRun.exe
"2008-01-12 02:07:25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B0680A75-26AB-4247-AF68-C7925EBCE4CA}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 19:03:45
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
-> C:\Program Files\COMODO\Memory Firewall\cmfdll32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
-> C:\Program Files\COMODO\Memory Firewall\cmfdll32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
-> C:\Program Files\COMODO\Memory Firewall\cmfdll32.dll
-> C:\Program Files\LClock\LC.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\COMODO\Memory Firewall\cmfdll32.dll
.
Completion time: 2008-01-11 19:08:07 - machine was rebooted [Johnny]
ComboFix-quarantined-files.txt 2008-01-12 03:07:55
.
2008-01-12 02:43:03 --- E O F ---

breadcrab · 12-Jan-2008, 04:59 PM #8

here is the hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:18 PM, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Program files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program files\photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\COMODO\Memory Firewall\cmfs32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program files\bitdefender\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program files\Windows Defender\MSASCui.exe
E:\Program files\adobe\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
E:\Program files\photoshop\apdproxy.exe
E:\Program files\logitech\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
E:\Program files\bitdefender\bdmcon.exe
E:\Program files\bitdefender\bdagent.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program files\logitech\LowLight.exe
C:\Program Files\LClock\LClock.exe
E:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
E:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program files\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program files\photoshop\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] E:\Program files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [BDMCon] "E:\Program files\bitdefender\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "E:\Program files\bitdefender\bdagent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/...4/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197754093343
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://blscent.bellworld.ca/SiteRoot...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/...21/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program files\photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: cmfs - Unknown owner - C:\Program Files\COMODO\Memory Firewall\cmfs32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program files\bitdefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12919 bytes

breadcrab · 12-Jan-2008, 05:00 PM #9

I changed back to sp2 because hjt kept on crashing on sp3

**Cheeseball81** · 12-Jan-2008, 09:25 PM **#10**

That's okay
The log and results seem to check out okay
Was miunst.exe placed in the AVG Vault

breadcrab · 13-Jan-2008, 12:42 PM **#11**

it was

**Cheeseball81** · 13-Jan-2008, 12:45 PM **#12**

I take it the Vault was emptied then
Are you having any other problems, detections, etc?

breadcrab · 13-Jan-2008, 10:56 PM **#13**

No I have no other detections. But what do I do with combofix

**Cheeseball81** · 14-Jan-2008, 09:40 PM **#14**

You can delete it now

Search
Search in:
Show Threads Show Posts
Advanced Search

Tag Cloud
acer blue screen boot computer connection cpu crash css dell display driver drivers email error ethernet excel firefox firefox 3 game hard drive hardware internet internet explorer itunes laptop lcd malware monitor network networking outlook outlook 2003 outlook express password printer problem problems router security slow software sound trojan usb video virus vista windows windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)