Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Go to first new post Somethings Amiss....
Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Thought i removed Virtumonde but Google still wont work ! (New)

Reply  
Thread Tools
unchi's Avatar
Junior Member with 3 posts.
  
Join Date: Jun 2008
Experience: Advanced
18-Jun-2008, 04:49 AM #1
Thought i removed Virtumonde but Google still wont work !
So does anyone see anything wrong?




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:20 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Azureus\Azureus.exe
F:\backu programs from E\media\VundoFix.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.344\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=T3418
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=T3418
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/virusscan/...p?langid=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {6A41BFB3-0136-4872-B96E-4B8C49016511} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM779b1462] Rundll32.exe "C:\WINDOWS\system32\qutgenfv.dll",s
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O20 - Winlogon Notify: awtuuRJy - awtuuRJy.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6340 bytes
Register for free to hide this ad!
unchi's Avatar
Junior Member with 3 posts.
  
Join Date: Jun 2008
Experience: Advanced
18-Jun-2008, 05:24 AM #2
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:12 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/virusscan/...p?langid=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 5641 bytes
Quote:
ComboFix 08-06-16.5 - Owner 2008-06-18 0:56:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.880 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM779b1462.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cIPpWvut.ini
C:\WINDOWS\system32\cIPpWvut.ini2
C:\WINDOWS\system32\hpwjybni.dll
C:\WINDOWS\system32\inbyjwph.ini
C:\WINDOWS\system32\jwwydvxj.dll
C:\WINDOWS\system32\kTvFOXbc.ini
C:\WINDOWS\system32\kTvFOXbc.ini2
C:\WINDOWS\system32\qutgenfv.dll
C:\WINDOWS\system32\rjbyscbm.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 00:19 . 2008-06-18 00:19 <DIR> d-------- C:\VundoFix Backups
2008-06-17 23:54 . 2008-06-17 23:55 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-06-17 23:36 . 2008-06-18 00:28 <DIR> d-------- C:\Program Files\Firefox
2008-06-17 01:16 . 2008-06-17 01:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-17 01:16 . 2008-06-17 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-17 01:16 . 2008-06-17 01:16 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-17 00:34 . 2008-06-17 02:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-17 00:34 . 2008-06-17 00:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-06-17 00:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-17 00:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-17 00:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-17 00:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-16 23:30 . 2008-06-16 23:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-16 23:30 . 2008-06-16 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 23:17 . 2008-06-15 23:16 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-15 23:17 . 2008-06-15 23:17 2,539 --a------ C:\WINDOWS\unins000.dat
2008-06-07 23:52 . 2008-06-08 23:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-06-07 23:51 . 2008-06-07 23:51 <DIR> d-------- C:\Program Files\DivX
2008-05-30 16:22 . 2008-05-30 16:22 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-22 15:22 . 2008-05-22 15:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:22 . 2008-05-22 15:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 15:22 . 2008-05-22 15:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 15:20 . 2008-05-22 15:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 15:20 . 2008-05-22 15:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 15:19 . 2008-05-22 15:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-22 15:19 . 2008-05-22 15:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 15:19 . 2008-05-22 15:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 15:19 . 2008-05-22 15:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 15:19 . 2008-05-22 15:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 15:19 . 2008-05-22 15:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 15:18 . 2008-05-22 15:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 00:10 . 2007-10-11 18:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-05-19 00:09 . 2008-06-18 01:04 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-19 00:07 . 2008-05-19 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 08:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 08:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 07:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-06-18 07:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-06-18 07:15 --------- d-----w C:\Program Files\Trillian
2008-06-17 09:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-17 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 09:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-21 08:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-19 07:12 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-19 07:07 --------- d-----w C:\Program Files\Logitech
2008-05-13 07:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2008-05-13 06:59 256 ----a-w C:\Documents and Settings\Owner\pool.bin
2008-05-13 06:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Research In Motion
2008-05-13 06:52 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-05-13 06:51 --------- d-----w C:\Program Files\Research In Motion
2008-05-08 08:46 --------- d-----w C:\Program Files\AccessPORT Manager
2008-04-28 05:54 --------- d-----w C:\Program Files\Haltech
2008-02-28 03:47 45,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-01-11 06:25 14,745,928 ----a-w C:\Program Files\TDC AP.rar
2007-12-03 23:09 252 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-09-28 05:36 64,755,729 ----a-w C:\Program Files\DYNO-MAX 2000.rar
2007-07-03 22:16 557,056 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe
2007-03-09 00:42 92,064 ----a-w C:\Documents and Settings\Owner\mqdmmdm.sys
2007-03-09 00:42 9,232 ----a-w C:\Documents and Settings\Owner\mqdmmdfl.sys
2007-03-09 00:42 79,328 ----a-w C:\Documents and Settings\Owner\mqdmserd.sys
2007-03-09 00:42 66,656 ----a-w C:\Documents and Settings\Owner\mqdmbus.sys
2007-03-09 00:42 6,208 ----a-w C:\Documents and Settings\Owner\mqdmcmnt.sys
2007-03-09 00:42 5,936 ----a-w C:\Documents and Settings\Owner\mqdmwhnt.sys
2007-03-09 00:42 4,048 ----a-w C:\Documents and Settings\Owner\mqdmcr.sys
2007-03-09 00:42 25,600 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2007-03-09 00:42 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
"Reminder"=%WINDIR%\Creator\Remind_XP.exe
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-17 01:16]
R2 CAN300;CAN300;C:\WINDOWS\system32\drivers\CAN300.SYS [2004-11-19 12:16]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-29 22:53]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 18:07]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 17:43]
R3 DSFlash4;DSFlash4;C:\WINDOWS\system32\drivers\DSFlash4.sys [2003-02-28 12:47]
R3 DSMET16;DSMET16;C:\WINDOWS\system32\drivers\DSMET16.sys [2004-04-07 13:09]
S3 DsDevice;DimSport - Service Device;C:\WINDOWS\system32\DRIVERS\DSDEVICE.SYS [2006-11-15 16:00]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 11:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys []
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys []
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys []
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{84bf04eb-a354-11dc-92e0-0040ca905434}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b144cfb6-a37f-11db-929d-0040ca905434}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 00:15:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2008-06-14 06:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-10-23 15:46:32 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-10-23 15:46:33 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-10-23 15:46:34 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 01:05:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-06-18 1:16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 08:16:05

Pre-Run: 105,004,273,664 bytes free
Post-Run: 105,104,384,000 bytes free

227 --- E O F --- 2008-04-28 05:11:27
better?
unchi's Avatar
Junior Member with 3 posts.
  
Join Date: Jun 2008
Experience: Advanced
18-Jun-2008, 05:34 AM #3
seems that google works again!
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 04:02 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.