1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

have a virus **Desktop telling me i have spyware** ITS KILLING MY COMP

Discussion in 'Virus & Other Malware Removal' started by CanuckGame, Apr 16, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. CanuckGame

    CanuckGame Thread Starter

    Joined:
    Apr 17, 2006
    Messages:
    20
    if my grammars bad its cause this vrs is making my typig stuter

    PLEASE help guys i got a virus some how and its KILLING my comp itsso slow

    my desktop is no blue and it says i have spyware
    i would type morebut this virus is killin me
    pleap guys


    here is the HIJACKTHIS log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:40, on 08-04-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\bqpqvahy\potivwvo.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
    C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
    C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\antiviirus.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\tmp0.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\fwxsjkvk.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\tmp1.exe
    C:\Program Files\tmp2.exe
    C:\Program Files\tmp3.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
    O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
    O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Local Settings\Temporary Internet Files\Content.IE5\GV8C5QA3\install_sbd_en[1].exe
    O4 - HKLM\..\Run: [68935640] rundll32.exe "C:\WINDOWS\system32\krnlfyls.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [agsalylb] C:\WINDOWS\system32\fwxsjkvk.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [TCYHioNNr4] C:\Documents and Settings\All Users\Application Data\bqpqvahy\potivwvo.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Josh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/cinematycoon.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C80854DE-91B6-453C-AB7C-DA90E5925D9A}: NameServer = 192.168.1.254,192.168.1.254
    O21 - SSODL: RamCD - {b3f5e400-d234-4a33-800f-c9b3c9507fee} - C:\WINDOWS\Resources\RamCD.dll
    O21 - SSODL: zip - {4a99e4b6-1bc9-40b5-900f-4f286235b364} - C:\WINDOWS\Installer\{4a99e4b6-1bc9-40b5-900f-4f286235b364}\zip.dll
    O21 - SSODL: pmsoarbf - {E5672116-F30E-467C-9213-3F14B8E15900} - C:\WINDOWS\pmsoarbf.dll
    O21 - SSODL: omlbpkaw - {0B654711-1F03-44AE-9F93-E68F8BE316FE} - C:\WINDOWS\omlbpkaw.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 12556 bytes
     
  2. CanuckGame

    CanuckGame Thread Starter

    Joined:
    Apr 17, 2006
    Messages:
    20
    here is the SDFIX log


    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\Installer\{4a99e4b6-1bc9-40b5-900f-4f286235b364}\zip.dll - Deleted
    C:\WINDOWS\Resources\RamCD.dll - Deleted
    C:\WINDOWS\LGMXVP~1.DLL - Deleted



    Folder C:\WINDOWS\Installer\{4a99e4b6-1bc9-40b5-900f-4f286235b364} - Removed
    Folder C:\Program Files\AntiSpywareMaster - Removed
    Folder C:\WINDOWS\privacy_danger - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 23:12:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 3


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
    "C:\\Program Files\\SecondLifeADITI\\SLVoice.exe"="C:\\Program Files\\SecondLifeADITI\\SLVoice.exe:*:Enabled:SLVoice"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 15 Apr 2008 16,464 ..SHR --- "C:\Program Files\tmp0.exe"
    Tue 15 Apr 2008 16,464 ..SHR --- "C:\Program Files\tmp1.exe"
    Tue 15 Apr 2008 16,464 ..SHR --- "C:\Program Files\tmp2.exe"
    Tue 15 Apr 2008 16,464 ..SHR --- "C:\Program Files\tmp3.exe"
    Wed 30 Jun 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
    Wed 30 Jun 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
    Wed 30 Jun 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
    Mon 10 Apr 2006 38,925 ..SH. --- "C:\WINDOWS\system32\awtqo.dll"
    Thu 8 Jun 2006 13,837 A.SH. --- "C:\WINDOWS\system32\pmkhfdd.dll"
    Wed 16 Apr 2008 1,557,196 A.SH. --- "C:\WINDOWS\system32\slyflnrk.tmp"
    Sun 17 Sep 2006 232,824 A..H. --- "C:\WINDOWS\system32\winlogin.exe"
    Sat 7 Jun 2003 77,824 A..H. --- "C:\bundle\PictureIt\PIP\LAUNCHER.EXE"
    Tue 29 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 14 Dec 2007 272 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiE1.tmp"
    Thu 7 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Tue 29 Mar 2005 4,348 ...H. --- "C:\Documents and Settings\Josh\My Documents\My Music\License Backup\drmv1key.bak"
    Sun 18 Dec 2005 20 A..H. --- "C:\Documents and Settings\Josh\My Documents\My Music\License Backup\drmv1lic.bak"
    Mon 20 Jun 2005 488 A.SH. --- "C:\Documents and Settings\Josh\My Documents\My Music\License Backup\drmv2key.bak"
    Fri 5 Dec 2003 1,176,292 ...H. --- "C:\Program Files\Shockwave.com\My Mix\product\data\My Mix.exe"

    Finished!



    its kinda funny to see my sons name allover some of these files.................
     
  3. CanuckGame

    CanuckGame Thread Starter

    Joined:
    Apr 17, 2006
    Messages:
    20
    last reply before i wait for help


    COMBOFIX REPORT AND NEW HIJACK THIS REPORT


    ComboFix 08-04-16.5 - Owner 2008-04-16 23:32:07.1 - NTFSx86

    Running from: C:\Documents and Settings\Owner\Desktop\combofix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ADS - svchost.exe: deleted 68 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\deskbar_e13.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktop\Error Cleaner.url
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktop\Privacy Protector.url
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopblackbird.jpg
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\DesktopEditorFKWP1.5.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\DesktopEditorFKWP2.0.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopfilemanagerclient.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopfkwp1.5.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopfkwp2.0.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopfwebd.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\DesktopFWebdEditor.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\DesktopTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Desktopvirii
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Favorites\Error Cleaner.url
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Favorites\Privacy Protector.url
    C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\592U7D6Y\www.broadcaster.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Owner\Desktop\Error Cleaner.url
    C:\Documents and Settings\Owner\Desktop\Privacy Protector.url
    C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Owner\Desktopblackbird.jpg
    C:\Documents and Settings\Owner\DesktopEditorFKWP1.5.exe
    C:\Documents and Settings\Owner\DesktopEditorFKWP2.0.exe
    C:\Documents and Settings\Owner\Desktopfilemanagerclient.exe
    C:\Documents and Settings\Owner\Desktopfkwp1.5.exe
    C:\Documents and Settings\Owner\Desktopfkwp2.0.exe
    C:\Documents and Settings\Owner\Desktopfwebd.exe
    C:\Documents and Settings\Owner\DesktopFWebdEditor.exe
    C:\Documents and Settings\Owner\DesktopTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Owner\Desktopvirii
    C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
    C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
    C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\antiviirus.exe
    C:\Program Files\IE Defender
    C:\Program Files\IE Defender\iedefender.db1
    C:\Program Files\IE Defender\iedefender.db2
    C:\Program Files\IE Defender\iedefender.db3
    C:\Program Files\IE Defender\iedefender.db4
    C:\Program Files\IE Defender\iedefender.db5
    C:\Program Files\IE Defender\iedefender.exe
    C:\Program Files\IE Defender\Uninstall.exe
    C:\Program Files\iMeshBar
    C:\Program Files\tmp0.exe
    C:\Program Files\tmp1.exe
    C:\Program Files\tmp2.exe
    C:\Program Files\tmp3.exe
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\keyboard1.dat
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\NDNuninstall6_90.exe
    C:\WINDOWS\newname.dat
    C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\awtuvtqN.dll
    C:\WINDOWS\system32\cftmon.exe
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\khfDwxUN.dll
    C:\WINDOWS\system32\krnlfyls.dll
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\NUxwDfhk.ini
    C:\WINDOWS\system32\NUxwDfhk.ini2
    C:\WINDOWS\system32\pmkhfdd.dll
    C:\WINDOWS\system32\slyflnrk.ini
    C:\WINDOWS\system32\slyflnrk.ini2
    C:\WINDOWS\system32\slyflnrk.tmp
    C:\WINDOWS\system32\winlogin.exe
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\[email protected]@@k.dll
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32smp
    C:\WINDOWS\system32smp\msrc.exe
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32VBIEWER.OCX
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\Web\def.htm
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
    .

    2008-04-16 23:53 . 2008-04-16 23:53 102,400 --a------ C:\WINDOWS\system32\stgxwtmn.exe
    2008-04-16 23:53 . 2008-04-16 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-16 23:53 . 2008-04-16 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-16 23:24 . 2008-04-16 23:24 102,400 --a------ C:\WINDOWS\system32\ijexmxsh.exe
    2008-04-16 21:48 . 2008-04-16 21:48 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-16 20:58 . 2008-04-16 20:58 <DIR> d-------- C:\%systemdrive%
    2008-04-15 18:21 . 2008-04-15 18:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
    2008-04-15 18:21 . 2008-04-15 18:21 106,496 --a------ C:\WINDOWS\system32\fwxsjkvk.exe
    2008-04-15 15:28 . 2008-04-16 14:32 <DIR> d-------- C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Application Data\TmpRecentIcons
    2008-04-15 14:15 . 2008-04-15 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\bqpqvahy
    2008-04-15 14:15 . 2008-04-15 11:07 217,088 --a------ C:\WINDOWS\omlbpkaw.dll
    2008-04-15 14:15 . 2008-04-15 11:07 172,032 --a------ C:\WINDOWS\pmsoarbf.dll
    2008-04-15 14:15 . 2008-04-15 11:07 151,552 --a------ C:\WINDOWS\qtvglped.dll
    2008-04-15 14:15 . 2008-04-15 14:15 98,304 --a------ C:\WINDOWS\system32\xspqfslu.exe
    2008-04-15 14:15 . 2008-04-15 11:07 94,208 --a------ C:\WINDOWS\npqtsrak.exe
    2008-04-15 14:15 . 2008-04-15 11:07 81,920 --a------ C:\WINDOWS\rtqmekwg.exe
    2008-04-15 14:15 . 2008-04-15 14:15 10,240 --a------ C:\WINDOWS\system32\wlcstp32.dll
    2008-04-11 02:09 . 2008-04-11 02:09 <DIR> d-------- C:\WINDOWS\system32\QuickTime
    2008-04-11 02:09 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
    2008-04-11 02:08 . 2008-04-11 02:08 <DIR> d-------- C:\Program Files\TechSmith
    2008-04-11 02:08 . 2008-04-11 02:08 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
    2008-04-11 00:19 . 2008-04-11 00:19 <DIR> d-------- C:\Program Files\Safari
    2008-04-11 00:16 . 2008-04-11 00:16 <DIR> d-------- C:\Program Files\iPod
    2008-04-05 09:45 . 2008-04-16 17:33 24 --a------ C:\url_history.xml
    2008-04-04 19:49 . 2008-04-04 19:56 <DIR> d-------- C:\Program Files\Game Cam V2
    2008-04-03 13:43 . 2007-12-04 15:47 2,166 --a------ C:\WINDOWS\system32\webmail2.ico
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-17 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-17 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
    2008-04-15 15:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
    2008-04-11 07:17 --------- d-----w C:\Program Files\iTunes
    2008-04-11 07:13 --------- d-----w C:\Program Files\QuickTime
    2008-04-10 21:18 --------- d-----w C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Application Data\SecondLife
    2008-04-03 20:42 --------- d-----w C:\Program Files\TELUS
    2008-04-03 20:42 --------- d-----w C:\Program Files\Common Files\Motive
    2008-04-03 02:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-03 02:04 --------- d-----w C:\Program Files\ArcSoft
    2008-04-03 01:56 --------- d-----w C:\Program Files\Google
    2008-04-03 01:54 --------- d-----w C:\Program Files\Microsoft Games
    2008-03-27 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
    2008-03-27 04:28 --------- d-----w C:\Program Files\Kodak
    2008-03-27 04:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
    2008-03-10 16:57 --------- d-----w C:\Program Files\SecondLife
    2008-03-09 00:55 --------- d-----w C:\Program Files\Technitium
    2008-03-09 00:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\SecondLife
    2007-05-28 01:58 174 ----a-w C:\Documents and Settings\Ashley.YOUR-U3EF4OUUIR\Application Data\wklnhst.dat
    2007-02-16 00:48 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2007-01-16 12:46 0 ----a-w C:\Documents and Settings\Owner\bdnmohay.exe
    2005-09-07 04:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-02-27 03:59 457 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52676F4A-D830-4513-BE81-3A0C28B32C2F}]
    C:\WINDOWS\lgmxvpatkmb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7348D74C-731B-DECE-9F8A-A37D8214708E}]
    2008-04-15 14:15 10240 --a------ C:\WINDOWS\system32\wlcstp32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C8F0EE32-3AF7-4730-9D8C-9EB9D0315290}"= "C:\WINDOWS\qtvglped.dll" [2008-04-15 11:07 151552]

    [HKEY_CLASSES_ROOT\clsid\{c8f0ee32-3af7-4730-9d8c-9eb9d0315290}]
    [HKEY_CLASSES_ROOT\qtvglped.1]
    [HKEY_CLASSES_ROOT\TypeLib\{E802C3EE-8324-48FC-8290-32F38433386A}]
    [HKEY_CLASSES_ROOT\qtvglped]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
    "agsalylb"="C:\WINDOWS\system32\fwxsjkvk.exe" [2008-04-15 18:21 106496]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
    "nmuxghfp"="C:\WINDOWS\system32\ijexmxsh.exe" [2008-04-16 23:24 102400]
    "jfxlamil"="C:\WINDOWS\system32\stgxwtmn.exe" [2008-04-16 23:53 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 16:18 135168]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
    "nwiz"="nwiz.exe" [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-03 10:29 46080]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29 2904064]
    "nForce Tray Options"="sstray.exe" [2003-09-02 18:25 73728 C:\WINDOWS\system32\sstray.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 03:32 50688]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 18:10 409600]
    "CHotkey"="zHotkey.exe" [2004-05-17 19:30 543232 C:\WINDOWS\zHotkey.exe]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-08 17:02 190024]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "TELUS_eCare_Lite_McciTrayApp"="C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-24 14:55 1007720]
    "TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 10:10 2061816]
    "TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-07 23:16 1462272]
    "TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 11:01 543232]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    C:\Documents and Settings\Josh\Start Menu\Programs\Startup\
    cftmon.exe [2006-09-05 15:42:34 188204]
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-10-24 15:13:12 2826064]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
    PowerReg Scheduler V3.exe [2007-06-01 19:10:50 225280]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-07 03:33:49 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "TCYHioNNr4"= C:\Documents and Settings\All Users\Application Data\bqpqvahy\potivwvo.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CWShredder Service"=2 (0x2)
    "AOL ACS"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\SecondLife\\SLVoice.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 10:43]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
    R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-07 13:07]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-07 13:07]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-11 19:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-08-25 04:35:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 23:54:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    "ImagePath"="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5MFCX6F\cwshredder
    [1].exe service"


    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CWShredder Service]
    "ImagePath"="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5MFCX6F\cwshredder
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-17 0:08:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-17 07:07:25
    ComboFix2.txt 2006-09-24 22:37:54

    Pre-Run: 106,621,829,120 bytes free
    Post-Run: 109,536,989,184 bytes free
    .
    2008-04-09 10:06:20 --- E O F ---


    -------------------------------
     
  4. CanuckGame

    CanuckGame Thread Starter

    Joined:
    Apr 17, 2006
    Messages:
    20
    HIJACKTHIS


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:10, on 08-04-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\All Users\Application Data\bqpqvahy\potivwvo.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
    C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
    C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\fwxsjkvk.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
    O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
    O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
    O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [agsalylb] C:\WINDOWS\system32\fwxsjkvk.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [nmuxghfp] C:\WINDOWS\system32\ijexmxsh.exe
    O4 - HKCU\..\Run: [jfxlamil] C:\WINDOWS\system32\stgxwtmn.exe
    O4 - HKLM\..\Policies\Explorer\Run: [TCYHioNNr4] C:\Documents and Settings\All Users\Application Data\bqpqvahy\potivwvo.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Josh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/cinematycoon.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C80854DE-91B6-453C-AB7C-DA90E5925D9A}: NameServer = 192.168.1.254,192.168.1.254
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 12255 bytes
     
  5. CanuckGame

    CanuckGame Thread Starter

    Joined:
    Apr 17, 2006
    Messages:
    20
    bump please help

    my comps running pretty good now but i still get the ocassional popup advertising a spyware protector
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704523

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice