Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Solved: Pop-ups, Voice ADs and fast Task Manager on start-up


(!)

LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
21-Aug-2008, 07:02 PM #1
Solved: Pop-ups, Voice ADs and fast Task Manager on start-up
This is my second post with more details. The last one I closed as it went on to page 7 with no reply. Shutting down my system and restarting (from a normal shutdown) causes the, I think, the Properties page of the task manager to flash really quick. Next, I get IE pop-ups but I mainly use Firefox with some invisible pop-ups trying to load?!?! if that makes sense. Also, "you have been selected to win...." is heard but no AD seen. I'll be back with my HJT log after run it. Thank you for reading.

EDIT - HJT text added.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:26 PM, on 8/21/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\CA82f17k.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [WPNT511] C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/comp...WDLManager.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b4.../java/RntX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7663 bytes

Last edited by LadyDi2; 21-Aug-2008 at 07:07 PM..
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
21-Aug-2008, 07:17 PM #2
ComboFix log:

ComboFix 08-08-19.06 - Owner 2008-08-21 19:09:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1388 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\LGMJK8UY\interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\LGMJK8UY\interclick.com\ud.sol
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.

2008-08-21 15:47 . 2008-08-21 15:47 <DIR> d-------- C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Malwarebytes
2008-08-21 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 15:46 . 2008-08-21 15:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 15:46 . 2008-08-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 15:46 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 20:34 . 2008-08-19 09:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-14 21:35 . 2008-08-18 21:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-14 15:02 . 2008-08-14 21:12 80,898 --------- C:\WINDOWS\system32\CA82f17k.exe
2008-08-14 01:40 . 2008-08-14 01:40 <DIR> d-------- C:\Program Files\StreamingStar
2008-07-30 21:32 . 2007-12-06 18:41 220,032 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-07-30 21:32 . 2007-12-06 18:09 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-07-30 21:32 . 2007-12-06 18:08 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-07-30 21:32 . 2007-12-06 18:20 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-07-30 21:32 . 2007-12-06 19:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 23:05 --------- d-----w C:\Program Files\Trend Micro
2008-08-21 22:54 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
2008-08-21 22:54 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2008-08-19 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 13:15 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\SUPERAntiSpyware.com
2008-08-19 12:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 03:42 --------- d-----w C:\Program Files\Microsoft Works
2008-08-06 00:31 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 00:30 --------- d-----w C:\Program Files\iTunes
2008-08-06 00:30 --------- d-----w C:\Program Files\iPod
2008-07-20 20:52 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Apple Computer
2008-07-20 18:47 --------- d-----w C:\Program Files\LG Data Transfer
2008-07-16 01:57 --------- d-----w C:\Program Files\QuickTime
2008-07-11 01:14 --------- d-----w C:\Program Files\Windows Live
2008-07-11 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-10 18:44 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Avanquest
2008-07-10 18:37 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Talkback
2008-07-10 18:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Avanquest
2008-07-10 03:09 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Share-to-Web Upload Folder
2008-07-09 19:51 --------- d-----w C:\Program Files\Windows Defender
2008-07-09 01:02 --------- d-----w C:\Program Files\DivX
2008-06-30 19:11 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-06-28 02:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 18:05 --------- d-----w C:\Program Files\WinPcap
2008-06-24 01:43 --------- d-----w C:\Program Files\ACT
2008-06-24 01:15 --------- d-----w C:\Program Files\MozBackup
2008-06-23 19:40 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\WordWeb
2008-06-05 05:05 206 ------w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\wklnhst.dat
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-17 09:45 33,968 ------w C:\Documents and Settings\Lady Di\Application Data\GDIPFONTCACHEV1.DAT
2007-10-31 04:17 0 ------w C:\Documents and Settings\Lady Di\Application Data\wklnhst.dat
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-03-02 20:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-21_15.06.42.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\ 11.0.6506\MSOHTMED.EXE
+ 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\ 11.0.6506\SEQCHK10.DLL
- 2008-08-14 03:42:22 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-21 22:46:45 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-14 03:42:23 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-08-21 22:46:45 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
- 2008-06-10 03:06:17 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-21 22:46:57 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-10 03:06:17 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2008-08-21 22:46:57 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15:59 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPNT511"="C:\Program Files\NETGEAR\WPNT511\wpnt511.exe" [2005-11-18 06:45 1822720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 18:45 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:20 1024000]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-25 11:38 43008 C:\WINDOWS\system32\WFXSNT40.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

C:\Documents and Settings\Lady Di\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-10-28 17:32:45 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.WonderWorld2Go^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--------- 2005-11-12 00:40 1236992 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-02-12 15:59 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--------- 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3a\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--------- 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--------- 2006-05-23 22:22 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--------- 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-12-06 18:20 1024000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--------- 2004-11-05 12:47 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2008-02-15 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
--------- 2007-09-01 07:58 173312 C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\WS_FTP Pro\\ftpfind.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\LG Data Transfer\\DpLauncher.exe"=
"C:\\Program Files\\LG Data Transfer\\CellConn.exe"=
"C:\\Program Files\\LG Data Transfer\\DPUpdate.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LG Data Transfer\\DPilot.exe"=
"C:\\Program Files\\Watermark Factory 2\\watermark factory.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 15:57]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 07:58]
S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2005-10-29 11:05]
S3 ndsdatamax;ndsdatamax;C:\WINDOWS\system32\Drivers\ndsdatamax.sys [2007-02-08 08:45]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 03:33]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
- C:\Program Files\AntiSpywareApp\AntiSpyware.exe []

2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
- C:\Program Files\AntiSpywareApp []

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Mozilla\Firefox\Profiles\h3r9tjzq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=en&nui=1&ltmpl=default
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 19:12:59
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-21 19:14:05
ComboFix-quarantined-files.txt 2008-08-21 23:13:42
ComboFix2.txt 2008-08-21 19:29:56
ComboFix3.txt 2008-08-21 19:07:06

Pre-Run: 105,834,373,120 bytes free
Post-Run: 105,826,652,160 bytes free

256 --- E O F --- 2008-08-21 22:47:01
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
22-Aug-2008, 05:31 AM #3
I got this this morning
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
23-Aug-2008, 10:09 AM #4
I've made a contribution (small), will this get a reply!?!? I know people here are busy, just asking... (waves hi to cybertech)
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
24-Aug-2008, 12:18 PM #5
Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste

C:\WINDOWS\system32\CA82f17k.exe

Then click the Submit button.

Copy the results and paste them back here in your next reply with a new HJT log.
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
24-Aug-2008, 01:14 PM #6
Online Malware Scan

File: CA82f17k.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 27c916afa6ee3bdc238da286659e20ba
Packers detected:
-
Scanner results
Scan taken on 24 Aug 2008 17:12:21 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Crypt.ULPM.Gen
ArcaVir
Found nothing
Avast
Found Win32:Trojan-gen {Other}
AVG Antivirus
Found Clicker.PIM
BitDefender
Found Trojan.Adclicker.HB
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Trojan.DownLoad.3459
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found PossibleThreat (probable variant)
Ikarus
Found Trojan-Downloader.Win32.Agent.vvi
Kaspersky Anti-Virus
Found nothing
NOD32
Found a variant of Win32/TrojanClicker.Agent.NEB
Norman Virus Control
Found nothing
Panda Antivirus
Found Generic
Sophos Antivirus
Found Mal/HckPk-A
VirusBuster
Found nothing
VBA32
Found Win32.Trojan-Downloader (probable variant)

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:05 PM, on 8/24/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CA82f17k.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [WPNT511] C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/comp...WDLManager.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b4.../java/RntX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7897 bytes

Last edited by LadyDi2; 24-Aug-2008 at 01:17 PM.. Reason: added HJT log
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
25-Aug-2008, 10:56 AM #7
Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open Notepad and copy and paste the text in the quote box below into it:
Quote:
KILLALL::
File::
C:\WINDOWS\system32\CA82f17k.exe

Save this as CFScript.txt in the same location as ComboFix.exe

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
25-Aug-2008, 11:27 AM #8
Cybertech - thanks once again for coming to the rescue. I do appreciate it if I haven't said it as yet. About the system, my virus program started up on reboot, an update for Combofix came up as well as an Adobe update. Spybot was almost installed but not finished. Now that that's all out of the way so you don't fuss at me... here's the new Combofix log:

ComboFix text

ComboFix 08-08-24.03 - Owner 2008-08-25 11:12:20.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1404 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\CA82f17k.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Cookies\system@spamblockerutility[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\#SharedObjects\ZAX9JQQ5\interclick.com
C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\#SharedObjects\ZAX9JQQ5\interclick.com\ud.sol
C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\CA82f17k.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-24 22:39 . 2008-08-24 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-24 22:39 . 2008-08-24 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 21:53 . 2008-08-22 21:55 652 --ah----- C:\IPH.PH
2008-08-21 15:47 . 2008-08-21 15:47 <DIR> d-------- C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Malwarebytes
2008-08-21 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 15:46 . 2008-08-21 15:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 15:46 . 2008-08-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 15:46 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 20:34 . 2008-08-19 09:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-14 21:35 . 2008-08-18 21:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-14 01:40 . 2008-08-14 01:40 <DIR> d-------- C:\Program Files\StreamingStar
2008-07-30 21:32 . 2007-12-06 18:41 220,032 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-07-30 21:32 . 2007-12-06 18:09 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-07-30 21:32 . 2007-12-06 18:08 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-07-30 21:32 . 2007-12-06 18:20 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-07-30 21:32 . 2007-12-06 19:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 23:05 --------- d-----w C:\Program Files\Trend Micro
2008-08-19 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 13:15 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\SUPERAntiSpyware.com
2008-08-19 12:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 03:42 --------- d-----w C:\Program Files\Microsoft Works
2008-08-06 00:31 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 00:30 --------- d-----w C:\Program Files\iTunes
2008-08-06 00:30 --------- d-----w C:\Program Files\iPod
2008-07-20 20:52 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Apple Computer
2008-07-20 18:47 --------- d-----w C:\Program Files\LG Data Transfer
2008-07-16 01:57 --------- d-----w C:\Program Files\QuickTime
2008-07-11 01:14 --------- d-----w C:\Program Files\Windows Live
2008-07-11 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-10 18:44 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Avanquest
2008-07-10 18:37 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Talkback
2008-07-10 03:09 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Share-to-Web Upload Folder
2008-07-09 19:51 --------- d-----w C:\Program Files\Windows Defender
2008-07-09 01:02 --------- d-----w C:\Program Files\DivX
2008-06-28 02:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 05:05 206 ------w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\wklnhst.dat
2007-11-17 09:45 33,968 ------w C:\Documents and Settings\Lady Di\Application Data\GDIPFONTCACHEV1.DAT
2007-10-31 04:17 0 ------w C:\Documents and Settings\Lady Di\Application Data\wklnhst.dat
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-03-02 20:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-21_15.06.42.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\ 11.0.6506\MSOHTMED.EXE
+ 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\ 11.0.6506\SEQCHK10.DLL
- 2008-08-14 03:42:22 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-21 22:46:45 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-14 03:42:23 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-08-21 22:46:45 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
- 2008-06-10 03:06:17 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-21 22:46:57 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-10 03:06:17 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2008-08-21 22:46:57 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2008-08-21 18:59:35 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
+ 2008-08-25 15:16:17 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
- 2008-08-21 18:59:38 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
+ 2008-08-25 15:16:19 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15:59 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPNT511"="C:\Program Files\NETGEAR\WPNT511\wpnt511.exe" [2005-11-18 06:45 1822720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 18:45 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:20 1024000]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-25 11:38 43008 C:\WINDOWS\system32\WFXSNT40.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

C:\Documents and Settings\Lady Di\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-10-28 17:32:45 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.WonderWorld2Go^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--------- 2005-11-12 00:40 1236992 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-02-12 15:59 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--------- 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3a\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--------- 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--------- 2006-05-23 22:22 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--------- 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-12-06 18:20 1024000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--------- 2004-11-05 12:47 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2008-02-15 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
--------- 2007-09-01 07:58 173312 C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\WS_FTP Pro\\ftpfind.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\LG Data Transfer\\DpLauncher.exe"=
"C:\\Program Files\\LG Data Transfer\\CellConn.exe"=
"C:\\Program Files\\LG Data Transfer\\DPUpdate.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LG Data Transfer\\DPilot.exe"=
"C:\\Program Files\\Watermark Factory 2\\watermark factory.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 15:57]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 07:58]
S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2005-10-29 11:05]
S3 ndsdatamax;ndsdatamax;C:\WINDOWS\system32\Drivers\ndsdatamax.sys [2007-02-08 08:45]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 03:33]
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
- C:\Program Files\AntiSpywareApp\AntiSpyware.exe []

2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
- C:\Program Files\AntiSpywareApp []

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 11:17:06
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-25 11:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 15:23:05
ComboFix2.txt 2008-08-21 23:14:05
ComboFix3.txt 2008-08-21 19:29:56
ComboFix4.txt 2008-08-21 19:07:06

Pre-Run: 104,996,896,768 bytes free
Post-Run: 105,104,936,960 bytes free

258 --- E O F --- 2008-08-21 22:47:01
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
25-Aug-2008, 12:32 PM #9
Does your Malwarebytes scan come up clean?
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
25-Aug-2008, 01:24 PM #10
I haven't run it as yet but I will now. BRB
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
25-Aug-2008, 01:29 PM #11
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
25-Aug-2008, 03:27 PM #12
Malwarebytes log

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3, v.3311

3:23:56 PM 8/25/2008
mbam-log-08-25-2008 (15-23-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150375
Time elapsed: 39 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Now Cybertech, do I need to remove Malwarebytes, HJT and/or Combofix and related files? Thanks always!!
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
25-Aug-2008, 03:39 PM #13
You can remove Malwarebytes in add/remove programs if you don't want to keep it.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Now you should Clean up your PC


You're welcome!
LadyDi2's Avatar
LadyDi2 LadyDi2 is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jan 2008
Experience: Advanced
25-Aug-2008, 08:13 PM #14
Yep Cybertech all but the defrag is done. It's been a pleasure and I really do appreciate your time and effort!! I'll marked this solved now.
cybertech's Avatar
Moderator with 69,374 posts.
 
Join Date: Apr 2002
Location: USA
26-Aug-2008, 11:03 AM #15
Great!

Take care.

As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
pop-ups, task manager flash, voice no pop-up

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑