Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Solved: Popups, other problems


(!)

tutatut's Avatar
tutatut tutatut is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2008
Experience: Computer Illiterate
09-Jun-2008, 08:54 PM #16
ComboFix:

ComboFix 08-06-04.3 - me 2008-06-09 17:32:44.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.246 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM27662e2d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-06-08 14:07 . 2008-06-08 14:07 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-08 14:07 . 2008-06-08 14:19 34,990 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-08 14:07 . 2008-06-08 14:07 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 17:36 . 2008-06-07 17:36 96,256 --a------ C:\WINDOWS\system32\qyygcmdk.dll
2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-06 17:30 . 2008-06-06 17:30 96,256 --a------ C:\WINDOWS\system32\gxxjvhmr.dll
2008-06-06 17:27 . 2008-06-06 17:27 90,624 --a------ C:\WINDOWS\system32\ghjmlnex.dll
2008-06-05 17:33 . 2008-06-06 16:51 4,157,328 ---hs---- C:\WINDOWS\system32\oiurttfs.ini
2008-06-05 17:30 . 2008-06-05 17:30 95,744 --a------ C:\WINDOWS\system32\twtrrlor.dll
2008-06-05 17:25 . 2008-06-05 17:25 91,136 --a------ C:\WINDOWS\system32\btirosfv.dll
2008-06-04 22:50 . 2008-06-04 22:50 95,232 --a------ C:\WINDOWS\system32\ldwhpryi.dll
2008-06-04 22:47 . 2008-06-05 17:24 2,874,355 ---hs---- C:\WINDOWS\system32\xclgrhhl.ini
2008-06-04 22:42 . 2008-06-04 22:42 91,136 --a------ C:\WINDOWS\system32\rviwhajb.dll
2008-06-04 15:59 . 2008-06-04 15:59 95,232 --a------ C:\WINDOWS\system32\qjkhouqg.dll
2008-06-04 15:56 . 2008-06-04 22:41 1,552,055 ---hs---- C:\WINDOWS\system32\lffvlsea.ini
2008-06-04 15:55 . 2008-06-04 15:55 91,136 --a------ C:\WINDOWS\system32\hhedrfcq.dll
2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
2008-06-02 16:52 . 2008-06-04 15:55 1,561,386 --ahs---- C:\WINDOWS\system32\edcqdtyp.ini
2008-06-02 15:46 . 2008-06-02 15:47 1,503,601 --ahs---- C:\WINDOWS\system32\bppyihvj.ini
2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-01 13:42 . 2008-06-02 15:46 1,503,311 --ahs---- C:\WINDOWS\system32\jtpmwkft.ini
2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
2008-05-22 23:38 . 2008-06-08 16:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 23:38 . 2008-05-22 23:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-11 16:07 . 2008-05-11 16:07 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-11 16:07 . 2008-05-11 16:55 <DIR> d-------- C:\Documents and Settings\me\Application Data\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 21:24 --------- d-----w C:\Program Files\Diablo II
2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-08 20:45 --------- d-----w C:\Program Files\Starcraft
2008-06-08 03:22 --------- d-----w C:\Program Files\Lx_cats
2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 02:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
2008-04-19 03:31 --------- d-----w C:\Program Files\QuickTime
2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-15 03:35 --------- d-----w C:\Program Files\Sun
2008-04-15 03:34 --------- d-----w C:\Program Files\Java
2008-04-15 02:21 --------- d-----w C:\Program Files\Common Files\Java
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897c62d-5f01-4186-8df8-168a47709e1f}]
2008-06-07 17:36 96256 --a------ C:\WINDOWS\system32\qyygcmdk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
--a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
--a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
--a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
C:\WINDOWS\system32\kxvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\kav\\kav7\\setup.exe"=

R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 17:50:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AhnLab\V3IS2007\msproxy.ahn
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-09 17:52:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 00:52:32
ComboFix2.txt 2008-06-06 00:20:42
ComboFix3.txt 2008-06-05 05:20:27
ComboFix4.txt 2008-02-11 04:17:05

Pre-Run: 16,734,142,464 bytes free
Post-Run: 16,774,524,928 bytes free

195



HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:12 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020508 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {306BDCAE-B7BF-4966-82A8-DFFC9DC3B4A9} (ONSEDownLoad Control) - http://club.shinbiro.com/common/ONSEUpDown.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205619002671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Log Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5866 bytes
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
10-Jun-2008, 09:41 AM #17
Remove bad HijackThis entries
  • Run HijackThis
  • Click on do a system scan only
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll
    O16 - DPF: {306BDCAE-B7BF-4966-82A8-DFFC9DC3B4A9} (ONSEDownLoad Control) - http://club.shinbiro.com/common/ONSEUpDown.cab

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::  
    C:\WINDOWS\system32\qyygcmdk.dll
    C:\WINDOWS\system32\gxxjvhmr.dll
    C:\WINDOWS\system32\ghjmlnex.dll
    C:\WINDOWS\system32\oiurttfs.ini
    C:\WINDOWS\system32\twtrrlor.dll
    C:\WINDOWS\system32\btirosfv.dll
    C:\WINDOWS\system32\ldwhpryi.dll
    C:\WINDOWS\system32\xclgrhhl.ini
    C:\WINDOWS\system32\rviwhajb.dll
    C:\WINDOWS\system32\qjkhouqg.dll
    C:\WINDOWS\system32\lffvlsea.ini
    C:\WINDOWS\system32\hhedrfcq.dll
    C:\WINDOWS\system32\edcqdtyp.ini
    C:\WINDOWS\system32\bppyihvj.ini
    C:\WINDOWS\system32\jtpmwkft.ini
    
    Registry:: 
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897c62d-5f01-4186-8df8-168a47709e1f}]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
tutatut's Avatar
tutatut tutatut is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2008
Experience: Computer Illiterate
10-Jun-2008, 10:01 PM #18
ComboFix Log:

ComboFix 08-06-04.3 - me 2008-06-10 18:57:18.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.265 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\me\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\bppyihvj.ini
C:\WINDOWS\system32\btirosfv.dll
C:\WINDOWS\system32\edcqdtyp.ini
C:\WINDOWS\system32\ghjmlnex.dll
C:\WINDOWS\system32\gxxjvhmr.dll
C:\WINDOWS\system32\hhedrfcq.dll
C:\WINDOWS\system32\jtpmwkft.ini
C:\WINDOWS\system32\ldwhpryi.dll
C:\WINDOWS\system32\lffvlsea.ini
C:\WINDOWS\system32\oiurttfs.ini
C:\WINDOWS\system32\qjkhouqg.dll
C:\WINDOWS\system32\qyygcmdk.dll
C:\WINDOWS\system32\rviwhajb.dll
C:\WINDOWS\system32\twtrrlor.dll
C:\WINDOWS\system32\xclgrhhl.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bppyihvj.ini
C:\WINDOWS\system32\btirosfv.dll
C:\WINDOWS\system32\edcqdtyp.ini
C:\WINDOWS\system32\ghjmlnex.dll
C:\WINDOWS\system32\gxxjvhmr.dll
C:\WINDOWS\system32\hhedrfcq.dll
C:\WINDOWS\system32\jtpmwkft.ini
C:\WINDOWS\system32\ldwhpryi.dll
C:\WINDOWS\system32\lffvlsea.ini
C:\WINDOWS\system32\oiurttfs.ini
C:\WINDOWS\system32\qjkhouqg.dll
C:\WINDOWS\system32\rviwhajb.dll
C:\WINDOWS\system32\twtrrlor.dll
C:\WINDOWS\system32\xclgrhhl.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-09 22:52 . 2008-06-09 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 22:52 . 2008-06-09 22:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-06-08 14:07 . 2008-06-08 14:07 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-08 14:07 . 2008-06-08 14:19 34,990 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-08 14:07 . 2008-06-08 14:07 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-11 16:07 . 2008-05-11 16:07 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-11 16:07 . 2008-05-11 16:55 <DIR> d-------- C:\Documents and Settings\me\Application Data\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 00:49 --------- d-----w C:\Program Files\Starcraft
2008-06-11 00:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-10 08:21 --------- d-----w C:\Program Files\Lx_cats
2008-06-10 05:52 --------- d-----w C:\Program Files\QuickTime
2008-06-08 21:24 --------- d-----w C:\Program Files\Diablo II
2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-15 03:35 --------- d-----w C:\Program Files\Sun
2008-04-15 03:34 --------- d-----w C:\Program Files\Java
2008-04-15 02:21 --------- d-----w C:\Program Files\Common Files\Java
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
--a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
--a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
--a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
C:\WINDOWS\system32\kxvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\kav\\kav7\\setup.exe"=

R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 18:59:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 19:00:16
ComboFix-quarantined-files.txt 2008-06-11 02:00:12
ComboFix2.txt 2008-06-10 00:52:40
ComboFix3.txt 2008-06-06 00:20:42
ComboFix4.txt 2008-06-05 05:20:27
ComboFix5.txt 2008-02-11 04:17:05

Pre-Run: 16,709,406,720 bytes free
Post-Run: 16,690,929,664 bytes free

195
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
11-Jun-2008, 09:43 AM #19
Hi,

Hows your computer running? Any better?

Kaspersky online scan.

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
tutatut's Avatar
tutatut tutatut is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2008
Experience: Computer Illiterate
13-Jun-2008, 01:13 AM #20
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 00:56:48
Records in database: 857859
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 68067
Threat name: 4
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 02:53:19


File name / Threat name / Threats count
C:\Documents and Settings\me\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Homles.bs 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080610-185454-816.dll Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\btirosfv.dll.vir Infected: Trojan-Downloader.Win32.Agent.seh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ghjmlnex.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gxxjvhmr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hhedrfcq.dll.vir Infected: Trojan.Win32.Pakes.day 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iykwdjvk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rnblxywn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rviwhajb.dll.vir Infected: Trojan.Win32.Pakes.day 1
C:\QooBox\Quarantine\C\WINDOWS\system32\twtrrlor.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ybmpoeyq.dll.vir Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.



No popups, and sites load now, but it's pretty slow... Also, don't know if it's related but I frequently get disconnected to internet for a few seconds even when my modem shows that the connection is fine.
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
14-Jun-2008, 06:30 AM #21
Remove bad HijackThis entries
  • Run HijackThis
  • Click on do a system scan only
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File:: 
    C:\WINDOWS\system32\kxvo.exe
    
    Registry:: 
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

So please post back:
Fresh HJT log
CFScript
Info on how your computer is running. Any better?
tutatut's Avatar
tutatut tutatut is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2008
Experience: Computer Illiterate
15-Jun-2008, 09:39 PM #22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:36 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020508 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205619002671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Log Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5617 bytes























ComboFix 08-06-15.4 - me 2008-06-15 18:28:48.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.254 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\me\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\kxvo.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-15 15:07 . 2008-06-15 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 15:07 . 2008-06-15 15:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-13 19:43 . 2008-06-13 19:43 <DIR> d-------- C:\Documents and Settings\1V1ine\Application Data\Malwarebytes
2008-06-10 22:33 . 2008-06-15 18:25 <DIR> d-------- C:\Program Files\RSSoft
2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:54 --------- d-----w C:\Program Files\Lx_cats
2008-06-15 04:01 --------- d-----w C:\Program Files\Starcraft
2008-06-12 22:33 --------- d-----w C:\Documents and Settings\1V1ine\Application Data\GRETECH
2008-06-11 00:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-10 05:52 --------- d-----w C:\Program Files\QuickTime
2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
2008-05-11 23:55 --------- d-----w C:\Documents and Settings\me\Application Data\Audacity
2008-05-11 23:07 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-26 18:30 62436]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
--a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
--a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
--a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\kav\\kav7\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 18:30:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 18:31:56
ComboFix-quarantined-files.txt 2008-06-16 01:31:47
ComboFix2.txt 2008-06-11 02:00:17
ComboFix3.txt 2008-06-10 00:52:40
ComboFix4.txt 2008-06-06 00:20:42
ComboFix5.txt 2008-06-05 05:20:27

Pre-Run: 16,689,086,464 bytes free
Post-Run: 16,727,265,280 bytes free

162





Couldn't find the one you mentioned in HijackThis...
Internet + popup problem was fixed after running Malwarebytes' Anti-Malware, but after that, no significant change about the computer running slow.
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
17-Jun-2008, 07:16 AM #23
IMJPMIG.EXE (MS Input Method Editor) process can be removed to free up resources without compromising system performance. This is a valid program but it is not required to run on startup. imjpmig.exe belongs to the Microsoft Input Method Editor. It is used to simplify the input of Asian (Chinese, Korean and this one is Japanese) characters in the Microsoft Office suite. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


soundman.exe (Realtek AC97 Audio Sound Manager) process can be removed to free up resources without compromising system performance. System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE


You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe



You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to http://www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.

  • Run Disk Defragmenter. Go Start > Programs > Accessories > System Tools > Disk Defragmenter, and click on Defragment.


Can you tell me how much RAM you have on your computer? And how much free hard drive space is available?


Thanks.
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
20-Jun-2008, 11:41 AM #24
Hi,

Its been quite a few days, are you still with us?
andyspeake's Avatar
andyspeake   (Andy) andyspeake is offline
Member with 1,543 posts.
 
Join Date: May 2007
Location: Glasgow,Scotland
Experience: Advanced
22-Jun-2008, 07:28 PM #25
Due to the level of inactivity i have now unsuscribed from this topic
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
popups, slow

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑