Network disconnects (moved from Networking) - Page 2

ldnk · 26-Sep-2007, 11:36 PM **#16**

ComboFix 07-09-21.2 - "Bradley Ross" 2007-09-26 22:26:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\DOCUME~1\BRADLE~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\66JKGQ7C\www.broadcaster.com
C:\DOCUME~1\BRADLE~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\BRADLE~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\inetget2
C:\WINDOWS\4_cha.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\comi2.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\hwidbvmc.exe
C:\WINDOWS\system32\MailSpectre.exe
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_SMTPDRV
-------\runtime

((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.

2007-09-26 22:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 22:19 2,886 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-23 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 15:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-23 15:15 <DIR> d-------- C:\DOCUME~1\BRADLE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 20:38 <DIR> d-------- C:\Program Files\WMV9_VCM
2007-09-15 23:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 21:40 <DIR> dr-h----- C:\DOCUME~1\BRADLE~1\APPLIC~1\SecuROM
2007-09-15 20:33 <DIR> d-------- C:\Program Files\EA Sports
2007-09-15 14:28 <DIR> d-------- C:\Program Files\uTorrent
2007-09-13 07:38 360 --a------ C:\drmHeader.bin
2007-09-10 20:44 <DIR> d-------- C:\Program Files\Refworks
2007-09-05 00:33 <DIR> d-------- C:\Program Files\Eastside UK
2007-09-02 14:14 <DIR> d-------- C:\Program Files\SEGA
2007-08-26 19:15 <DIR> d-------- C:\Program Files\Sword of The New World

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 21:47 --------- d-------- C:\DOCUME~1\BRADLE~1\APPLIC~1\uTorrent
2007-09-23 15:15 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-22 11:02 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-16 08:05 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-03 22:32 --------- d-------- C:\Program Files\DivX
2007-08-26 14:26 --------- d-------- C:\Program Files\eMule
2007-08-12 09:34 --------- d-------- C:\Program Files\FlashGet
2007-08-04 13:00 --------- d-------- C:\DOCUME~1\BRADLE~1\APPLIC~1\My The Lord of the Rings, The Rise of the Witch-king Files
2007-08-02 01:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 13:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B9DFDEF4-3471-4379-BDBB-DEDA8A9809DF}
2007-07-28 13:23 --------- d-------- C:\Program Files\Sports Mogul
2007-07-28 13:05 54328 --a------ C:\xjbmuatt.exe
2007-07-28 13:05 44233 --a------ C:\mxlhjyw.exe
2007-07-28 13:05 44233 --a------ C:\mxlhjyw(2).exe
2007-07-28 13:05 20992 --a------ C:\rnep.exe
2007-07-28 13:05 1536 --a------ C:\isygaao.exe
2007-06-29 02:38 188416 --a------ C:\WINDOWS\mgrab.exe
2006-02-25 05:49:04 801 -csha-w C:\WINDOWS\system32\mmf(2)(2).sys
2006-04-10 20:32:45 801 -csha-w C:\WINDOWS\system32\mmf(2).sys
2006-02-25 03:54:54 801 -csha-w C:\WINDOWS\system32\mmf(3)(2).sys
2007-06-01 10:56:00 1,657 --sha-w C:\WINDOWS\system32\mmf(3).sys
2006-02-22 03:06:10 801 -csha-w C:\WINDOWS\system32\mmf(4)(2).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040FA520-78C6-41ce-81D0-9E733ABC1A29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="atiptaxx.exe" [2005-05-12 21:05 C:\WINDOWS\system32\atiptaxx.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 16:12]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 13:21]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-04-21 04:04]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 17:47]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 18:00 C:\WINDOWS\agrsmmsg.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 14:17]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-13 22:29]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-28 21:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 19:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-04 19:43]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 06:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-08-18 15:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 16:23:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-22 17:02:18]

C:\DOCUME~1\BRADLE~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v2.6.42\ATI Tray Tools\atitray.sys
R1 ECioctl;ECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
S3 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
AutoRun\command- E:\OblivionLauncher.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 12:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-04 17:43:30 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1102185484.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 22:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-09-26 22:34:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 22:34
.
--- E O F ---

ldnk · 26-Sep-2007, 11:37 PM **#17**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:41 PM, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.80:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189988578250
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9758 bytes

**Cheeseball81** · 27-Sep-2007, 06:46 PM **#18**

Download the HostsXpert 3.8 - Hosts File Manager.

Unzip HostsXpert 3.8 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert 3.8 - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:

Files to delete:
C:\xjbmuatt.exe
C:\mxlhjyw.exe
C:\mxlhjyw(2).exe
C:\rnep.exe
C:\isygaao.exe
C:\WINDOWS\mgrab.exe
C:\WINDOWS\Temp\startdrv.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)

O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

Reboot and post another Hijack This log please.

ldnk · 28-Sep-2007, 01:09 AM **#19**

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bmjqdlpd

*******************

Script file located at: \??\C:\WINDOWS\qwmrswwj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\xjbmuatt.exe deleted successfully.
File C:\mxlhjyw.exe deleted successfully.
File C:\mxlhjyw(2).exe deleted successfully.
File C:\rnep.exe deleted successfully.
File C:\isygaao.exe deleted successfully.
File C:\WINDOWS\mgrab.exe deleted successfully.

File C:\WINDOWS\Temp\startdrv.exe not found!
Deletion of file C:\WINDOWS\Temp\startdrv.exe failed!

Could not process line:
C:\WINDOWS\Temp\startdrv.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

ldnk · 28-Sep-2007, 01:14 AM **#20**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:12 AM, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.80:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189988578250
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9406 bytes

**Cheeseball81** · 28-Sep-2007, 07:40 PM **#21**

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - (no file)

Reboot, post a new log.

How are things now?

Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!