1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AntiVirus2009 and Pop Up Web Ads

Discussion in 'Virus & Other Malware Removal' started by MarkyB, Aug 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. MarkyB

    MarkyB Thread Starter

    Joined:
    Feb 25, 2005
    Messages:
    11
    Hi Tech Support,

    Tried following a couple of links e.g. ComboFix and SmitFraudFix and although they've cleared a lot (affected clock and Task Manager) I still get AntiVirus2009 coming back after 15 mins or so and then followed by the annoying pop up adds. Hope you can help, the last time I visited your site about 2 years back you sorted things brilliantly. Thanks in advance.

    Here's my HJT log:

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:53:11, on 15/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\TrueSwitchBTYahoo\TrueWizard.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...clntymver=2005.1.1.12&.cldefstat=Def1&.src=ym
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [HdReg] C:\APPS\HDREG\HDREGAPP.EXE -r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [44747c1c] rundll32.exe "C:\WINDOWS\system32\rjvkkvsp.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchBTYahoo\TrueWizard.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173565090562
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: yyuthd.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - http://www.chamonix.net/english/snow_reports/alpinismlatest.htm
    O24 - Desktop Component 1: (no name) - http://www.google.com/maps?f=q&hl=en&q=BH19 1PR&ll=51.143171,-1.296387&spn=1.271692,3.779297&om=1

    --
    End of file - 8178 bytes
     
  2. Sponsor

  3. MarkyB

    MarkyB Thread Starter

    Joined:
    Feb 25, 2005
    Messages:
    11
    Here's my ComboFix Log:

    ComboFix 08-08-14.05 - Currys 2008-08-15 20:55:02.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.89 [GMT 1:00]
    Running from: C:\Documents and Settings\Currys\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
    .

    2008-08-15 20:14 . 2008-08-15 20:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-15 20:14 . 2008-08-15 20:14 <DIR> d-------- C:\Documents and Settings\Currys\Application Data\Malwarebytes
    2008-08-15 20:14 . 2008-08-15 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-15 20:14 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-15 20:14 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-15 16:42 . 2008-08-15 16:42 <DIR> d-------- C:\Program Files\Trend Micro
    2008-08-15 16:01 . 2008-08-15 16:16 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
    2008-08-15 14:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-15 14:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-15 14:48 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-15 14:48 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-15 14:48 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-15 14:48 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-15 14:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-15 14:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-15 14:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-15 14:20 . 2008-08-15 14:49 4,002 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-15 12:25 . 2008-08-15 18:41 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-08-15 11:40 . 2008-08-15 11:40 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-08-15 11:39 . 2005-10-21 12:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2008-08-15 11:39 . 2005-10-21 12:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2008-08-15 11:39 . 2008-08-15 11:39 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-08-15 11:22 . 2008-08-15 12:04 <DIR> d-------- C:\SDFix
    2008-08-08 19:24 . 2008-08-08 19:24 <DIR> d-------- C:\Program Files\Channel4
    2008-08-08 19:24 . 2008-08-15 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-08-08 19:23 . 2008-08-08 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
    2008-07-26 21:38 . 2008-08-08 19:24 <DIR> d-------- C:\Program Files\Kontiki
    2008-07-26 21:38 . 2008-07-26 21:38 <DIR> d-------- C:\logs3
    2008-07-25 23:42 . 2007-12-10 14:22 25,512 -ra------ C:\WINDOWS\system32\drivers\s3017nd5.sys
    2008-07-25 23:41 . 2007-12-10 14:22 110,120 -ra------ C:\WINDOWS\system32\drivers\s3017unic.sys
    2008-07-25 23:41 . 2007-12-10 14:22 104,616 -ra------ C:\WINDOWS\system32\drivers\s3017mgmt.sys
    2008-07-25 23:41 . 2007-12-10 14:22 100,648 -ra------ C:\WINDOWS\system32\drivers\s3017obex.sys
    2008-07-25 23:41 . 2007-12-10 14:22 10,792 -ra------ C:\WINDOWS\system32\drivers\s3017cr.sys
    2008-07-25 23:40 . 2007-12-10 14:22 110,632 -ra------ C:\WINDOWS\system32\drivers\s3017mdm.sys
    2008-07-25 23:40 . 2007-12-10 14:22 83,880 -ra------ C:\WINDOWS\system32\drivers\s3017bus.sys
    2008-07-25 23:40 . 2007-12-10 14:22 15,016 -ra------ C:\WINDOWS\system32\drivers\s3017mdfl.sys
    2008-07-25 23:40 . 2007-12-10 14:22 12,200 -ra------ C:\WINDOWS\system32\drivers\s3017whnt.sys
    2008-07-25 23:40 . 2007-12-10 14:22 12,200 -ra------ C:\WINDOWS\system32\drivers\s3017wh.sys
    2008-07-25 23:40 . 2007-12-10 14:22 12,200 -ra------ C:\WINDOWS\system32\drivers\s3017cmnt.sys
    2008-07-25 23:40 . 2007-12-10 14:22 12,200 -ra------ C:\WINDOWS\system32\drivers\s3017cm.sys
    2008-07-24 11:17 . 2008-07-24 11:17 <DIR> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-15 19:26 --------- d-----w C:\Program Files\TrueSwitchBTYahoo
    2008-08-15 16:05 --------- d-----w C:\Program Files\Yahoo!
    2008-08-15 15:03 --------- d-----w C:\Documents and Settings\Currys\Application Data\Yahoo!
    2008-08-15 15:01 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-08-08 08:51 --------- d-----w C:\Program Files\Java
    2008-07-21 11:56 --------- d-----w C:\Documents and Settings\Currys\Application Data\FileZilla
    2008-07-21 06:49 --------- d-----w C:\Program Files\TrueSwitchEsaya
    2008-06-25 08:11 --------- d-----w C:\Program Files\Cryptigo
    2008-06-20 20:41 --------- d-----w C:\Program Files\Avanquest update
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-02 09:15 61,480 ----a-w C:\Documents and Settings\Currys\GoToAssistDownloadHelper.exe
    2004-01-06 16:02 597,504 ----a-w C:\Documents and Settings\Currys\PictureViewer.exe
    2004-01-06 16:02 147,968 ----a-w C:\Documents and Settings\Currys\QuickTimeUpdater.exe
    2004-01-06 16:02 1,393,664 ----a-w C:\Documents and Settings\Currys\QuickTimePlayer.exe
    .

    ((((((((((((((((((((((((((((( [email protected]_17.16.49.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-15 19:26:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_16c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 14:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12 684032]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14 81920]
    "HdReg"="C:\APPS\HDREG\HDREGAPP.EXE" [2004-08-09 18:45 24576]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 12:10 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-21 12:04 98304]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

    C:\Documents and Settings\Currys\Start Menu\Programs\Startup\
    TrueAssistant.lnk - C:\Program Files\TrueSwitchBTYahoo\TrueWizard.exe [2008-07-02 16:41:28 1069056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-18 17:34:18 113664]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-01-24 02:22:50 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=yyuthd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Kontiki\\KService.exe"=

    R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
    S3 s217bus;Sony Ericsson Device 217 driver (WDM);C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 14:22]
    S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 14:22]
    S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 14:22]
    S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 14:22]
    S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 14:22]
    S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 14:22]
    S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 14:22]
    S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 14:22]
    S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 14:22]
    S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 14:22]
    S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 14:22]
    S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 14:22]
    S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 14:22]
    S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 14:22]
    S3 XG350XP;NB 802.11g XG350 Driver;C:\WINDOWS\system32\DRIVERS\WlanCTG.sys [2004-12-10 11:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0920cfaf-5b4a-11dc-a149-00038a000015}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0920cfb0-5b4a-11dc-a149-00038a000015}]
    \Shell\AutoRun\command - F:\.\MigWiz\migsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d453dc85-c8c1-11dc-a179-001060610f29}]
    \Shell\Auto\command - Cn911.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-15 C:\WINDOWS\Tasks\SpyHunter Scanner.job
    - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = https://login.yahoo.com/config/logi...clntymver=2005.1.1.12&.cldefstat=Def1&.src=ym
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-15 20:58:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-15 21:05:46
    ComboFix-quarantined-files.txt 2008-08-15 20:05:41
    ComboFix2.txt 2008-08-15 19:49:46
    ComboFix3.txt 2008-08-15 16:17:19

    Pre-Run: 16,482,463,744 bytes free
    Post-Run: 16,465,268,736 bytes free

    179 --- E O F --- 2008-08-14 21:04:22

    Here's The Latest HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:13:17, on 15/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\TrueSwitchBTYahoo\TrueWizard.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...clntymver=2005.1.1.12&.cldefstat=Def1&.src=ym
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [HdReg] C:\APPS\HDREG\HDREGAPP.EXE -r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchBTYahoo\TrueWizard.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173565090562
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: yyuthd.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - http://www.chamonix.net/english/snow_reports/alpinismlatest.htm
    O24 - Desktop Component 1: (no name) - http://www.google.com/maps?f=q&hl=en&q=BH19 1PR&ll=51.143171,-1.296387&spn=1.271692,3.779297&om=1

    --
    End of file - 8517 bytes
     
  4. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
     
  5. MarkyB

    MarkyB Thread Starter

    Joined:
    Feb 25, 2005
    Messages:
    11
    Malwarebytes' Anti-Malware 1.24
    Database version: 1056
    Windows 5.1.2600 Service Pack 2

    10:28:06 17/08/2008
    mbam-log-8-17-2008 (10-28-06).txt

    Scan type: Quick Scan
    Objects scanned: 50214
    Time elapsed: 14 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please post a fresh Hijackthis log. thanks
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/740391