1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Pop-ups, Voice ADs and fast Task Manager on start-up

Discussion in 'Virus & Other Malware Removal' started by LadyDi2, Aug 21, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    This is my second post with more details. The last one I closed as it went on to page 7 with no reply. Shutting down my system and restarting (from a normal shutdown) causes the, I think, the Properties page of the task manager to flash really quick. Next, I get IE pop-ups but I mainly use Firefox with some invisible pop-ups trying to load?!?! if that makes sense. Also, "you have been selected to win...." is heard but no AD seen. I'll be back with my HJT log after run it. Thank you for reading.

    EDIT - HJT text added.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:05:26 PM, on 8/21/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\CA82f17k.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [WPNT511] C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/component/VZWDLManager.cab
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7663 bytes
     
  2. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    ComboFix log:

    ComboFix 08-08-19.06 - Owner 2008-08-21 19:09:57.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1388 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\LGMJK8UY\interclick.com
    C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\#SharedObjects\LGMJK8UY\interclick.com\ud.sol
    C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\NetworkService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
    .

    2008-08-21 15:47 . 2008-08-21 15:47 <DIR> d-------- C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Malwarebytes
    2008-08-21 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-21 15:46 . 2008-08-21 15:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-21 15:46 . 2008-08-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-21 15:46 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-18 20:34 . 2008-08-19 09:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-08-14 21:35 . 2008-08-18 21:04 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-08-14 15:02 . 2008-08-14 21:12 80,898 --------- C:\WINDOWS\system32\CA82f17k.exe
    2008-08-14 01:40 . 2008-08-14 01:40 <DIR> d-------- C:\Program Files\StreamingStar
    2008-07-30 21:32 . 2007-12-06 18:41 220,032 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
    2008-07-30 21:32 . 2007-12-06 18:09 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
    2008-07-30 21:32 . 2007-12-06 18:08 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
    2008-07-30 21:32 . 2007-12-06 18:20 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
    2008-07-30 21:32 . 2007-12-06 19:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-21 23:05 --------- d-----w C:\Program Files\Trend Micro
    2008-08-21 22:54 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
    2008-08-21 22:54 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
    2008-08-19 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-19 13:15 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\SUPERAntiSpyware.com
    2008-08-19 12:43 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 03:42 --------- d-----w C:\Program Files\Microsoft Works
    2008-08-06 00:31 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-06 00:30 --------- d-----w C:\Program Files\iTunes
    2008-08-06 00:30 --------- d-----w C:\Program Files\iPod
    2008-07-20 20:52 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Apple Computer
    2008-07-20 18:47 --------- d-----w C:\Program Files\LG Data Transfer
    2008-07-16 01:57 --------- d-----w C:\Program Files\QuickTime
    2008-07-11 01:14 --------- d-----w C:\Program Files\Windows Live
    2008-07-11 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-10 18:44 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Avanquest
    2008-07-10 18:37 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Talkback
    2008-07-10 18:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Avanquest
    2008-07-10 03:09 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Share-to-Web Upload Folder
    2008-07-09 19:51 --------- d-----w C:\Program Files\Windows Defender
    2008-07-09 01:02 --------- d-----w C:\Program Files\DivX
    2008-06-30 19:11 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
    2008-06-28 02:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-24 18:05 --------- d-----w C:\Program Files\WinPcap
    2008-06-24 01:43 --------- d-----w C:\Program Files\ACT
    2008-06-24 01:15 --------- d-----w C:\Program Files\MozBackup
    2008-06-23 19:40 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\WordWeb
    2008-06-05 05:05 206 ------w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\wklnhst.dat
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-11-17 09:45 33,968 ------w C:\Documents and Settings\Lady Di\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-31 04:17 0 ------w C:\Documents and Settings\Lady Di\Application Data\wklnhst.dat
    2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
    2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
    2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
    2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    2008-03-02 20:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-21_15.06.42.78 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
    + 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
    - 2008-08-14 03:42:22 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-08-21 22:46:45 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-08-14 03:42:23 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
    + 2008-08-21 22:46:45 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
    - 2008-06-10 03:06:17 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-08-21 22:46:57 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-06-10 03:06:17 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    + 2008-08-21 22:46:57 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15:59 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WPNT511"="C:\Program Files\NETGEAR\WPNT511\wpnt511.exe" [2005-11-18 06:45 1822720]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 18:45 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:20 1024000]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-25 11:38 43008 C:\WINDOWS\system32\WFXSNT40.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

    C:\Documents and Settings\Lady Di\Start Menu\Programs\Startup\
    WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-10-28 17:32:45 44384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.WonderWorld2Go^Start Menu^Programs^Startup^WordWeb.lnk]
    backup=C:\WINDOWS\pss\WordWeb.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --------- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    --------- 2005-11-12 00:40 1236992 C:\WINDOWS\system32\WLTRAY.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-02-12 15:59 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    --------- 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3a\J2GDllCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --------- 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    --------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --------- 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --------- 2006-05-23 22:22 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --------- 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --------- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2007-12-06 18:20 1024000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --------- 2004-11-05 12:47 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --------- 2008-02-15 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
    --------- 2007-09-01 07:58 173312 C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    --------- 2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\WS_FTP Pro\\ftpfind.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\msiexec.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\BitPim\\bitpimw.exe"=
    "C:\\Program Files\\LG Data Transfer\\DpLauncher.exe"=
    "C:\\Program Files\\LG Data Transfer\\CellConn.exe"=
    "C:\\Program Files\\LG Data Transfer\\DPUpdate.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\LG Data Transfer\\DPilot.exe"=
    "C:\\Program Files\\Watermark Factory 2\\watermark factory.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=

    R2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 15:57]
    R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 07:58]
    S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2005-10-29 11:05]
    S3 ndsdatamax;ndsdatamax;C:\WINDOWS\system32\Drivers\ndsdatamax.sys [2007-02-08 08:45]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 03:33]

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
    - C:\Program Files\AntiSpywareApp\AntiSpyware.exe []

    2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
    - C:\Program Files\AntiSpywareApp []

    2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-08-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Mozilla\Firefox\Profiles\h3r9tjzq.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=en&nui=1&ltmpl=default
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 19:12:59
    Windows 5.1.2600 Service Pack 3, v.3311 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-21 19:14:05
    ComboFix-quarantined-files.txt 2008-08-21 23:13:42
    ComboFix2.txt 2008-08-21 19:29:56
    ComboFix3.txt 2008-08-21 19:07:06

    Pre-Run: 105,834,373,120 bytes free
    Post-Run: 105,826,652,160 bytes free

    256 --- E O F --- 2008-08-21 22:47:01
     
  3. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    I got this this morning
     

    Attached Files:

  4. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    I've made a contribution (small), will this get a reply!?!? I know people here are busy, just asking... (waves hi to cybertech)
     
  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Go to this web site: http://virusscan.jotti.org/
    In the File to upload & scan box copy and paste

    C:\WINDOWS\system32\CA82f17k.exe

    Then click the Submit button.

    Copy the results and paste them back here in your next reply with a new HJT log.
     
  6. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    Online Malware Scan

    File: CA82f17k.exe
    Status:
    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: 27c916afa6ee3bdc238da286659e20ba
    Packers detected:
    -
    Scanner results
    Scan taken on 24 Aug 2008 17:12:21 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found TR/Crypt.ULPM.Gen
    ArcaVir
    Found nothing
    Avast
    Found Win32:Trojan-gen {Other}
    AVG Antivirus
    Found Clicker.PIM
    BitDefender
    Found Trojan.Adclicker.HB
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found Trojan.DownLoad.3459
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found PossibleThreat (probable variant)
    Ikarus
    Found Trojan-Downloader.Win32.Agent.vvi
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found a variant of Win32/TrojanClicker.Agent.NEB
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found Generic
    Sophos Antivirus
    Found Mal/HckPk-A
    VirusBuster
    Found nothing
    VBA32
    Found Win32.Trojan-Downloader (probable variant)

    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:15:05 PM, on 8/24/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\CA82f17k.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [WPNT511] C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/component/VZWDLManager.cab
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7897 bytes
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Close any open browsers.

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


    Open Notepad and copy and paste the text in the quote box below into it:

    Save this as CFScript.txt in the same location as ComboFix.exe

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.
     
  8. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    Cybertech - thanks once again for coming to the rescue. I do appreciate it if I haven't said it as yet. About the system, my virus program started up on reboot, an update for Combofix came up as well as an Adobe update. Spybot was almost installed but not finished. Now that that's all out of the way so you don't fuss at me... here's the new Combofix log:

    ComboFix text

    ComboFix 08-08-24.03 - Owner 2008-08-25 11:12:20.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1404 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner.WonderWorld2Go\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\CA82f17k.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\NetworkService\Cookies\system@spamblockerutility[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
    C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\#SharedObjects\ZAX9JQQ5\interclick.com
    C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\#SharedObjects\ZAX9JQQ5\interclick.com\ud.sol
    C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\WINDOWS\system32\CA82f17k.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
    .

    2008-08-24 22:39 . 2008-08-24 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-24 22:39 . 2008-08-24 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-22 21:53 . 2008-08-22 21:55 652 --ah----- C:\IPH.PH
    2008-08-21 15:47 . 2008-08-21 15:47 <DIR> d-------- C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Malwarebytes
    2008-08-21 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-21 15:46 . 2008-08-21 15:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-21 15:46 . 2008-08-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-21 15:46 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-18 20:34 . 2008-08-19 09:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-08-14 21:35 . 2008-08-18 21:04 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-08-14 01:40 . 2008-08-14 01:40 <DIR> d-------- C:\Program Files\StreamingStar
    2008-07-30 21:32 . 2007-12-06 18:41 220,032 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
    2008-07-30 21:32 . 2007-12-06 18:09 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
    2008-07-30 21:32 . 2007-12-06 18:08 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
    2008-07-30 21:32 . 2007-12-06 18:20 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
    2008-07-30 21:32 . 2007-12-06 19:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-21 23:05 --------- d-----w C:\Program Files\Trend Micro
    2008-08-19 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-19 13:15 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\SUPERAntiSpyware.com
    2008-08-19 12:43 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 03:42 --------- d-----w C:\Program Files\Microsoft Works
    2008-08-06 00:31 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-06 00:30 --------- d-----w C:\Program Files\iTunes
    2008-08-06 00:30 --------- d-----w C:\Program Files\iPod
    2008-07-20 20:52 --------- d-----w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\Apple Computer
    2008-07-20 18:47 --------- d-----w C:\Program Files\LG Data Transfer
    2008-07-16 01:57 --------- d-----w C:\Program Files\QuickTime
    2008-07-11 01:14 --------- d-----w C:\Program Files\Windows Live
    2008-07-11 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-10 18:44 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Avanquest
    2008-07-10 18:37 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Talkback
    2008-07-10 03:09 --------- d-----w C:\Documents and Settings\Jeremiah\Application Data\Share-to-Web Upload Folder
    2008-07-09 19:51 --------- d-----w C:\Program Files\Windows Defender
    2008-07-09 01:02 --------- d-----w C:\Program Files\DivX
    2008-06-28 02:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-05 05:05 206 ------w C:\Documents and Settings\Owner.WonderWorld2Go\Application Data\wklnhst.dat
    2007-11-17 09:45 33,968 ------w C:\Documents and Settings\Lady Di\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-31 04:17 0 ------w C:\Documents and Settings\Lady Di\Application Data\wklnhst.dat
    2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
    2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
    2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
    2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    2008-03-02 20:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-21_15.06.42.78 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
    + 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
    - 2008-08-14 03:42:22 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-08-21 22:46:45 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-08-14 03:42:23 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
    + 2008-08-21 22:46:45 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
    - 2008-06-10 03:06:17 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-08-21 22:46:57 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-06-10 03:06:17 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    + 2008-08-21 22:46:57 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    - 2008-08-21 18:59:35 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
    + 2008-08-25 15:16:17 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
    - 2008-08-21 18:59:38 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
    + 2008-08-25 15:16:19 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15:59 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WPNT511"="C:\Program Files\NETGEAR\WPNT511\wpnt511.exe" [2005-11-18 06:45 1822720]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 18:45 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:20 1024000]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-25 11:38 43008 C:\WINDOWS\system32\WFXSNT40.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

    C:\Documents and Settings\Lady Di\Start Menu\Programs\Startup\
    WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-10-28 17:32:45 44384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.WonderWorld2Go^Start Menu^Programs^Startup^WordWeb.lnk]
    backup=C:\WINDOWS\pss\WordWeb.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --------- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    --------- 2005-11-12 00:40 1236992 C:\WINDOWS\system32\WLTRAY.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-02-12 15:59 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    --------- 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3a\J2GDllCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --------- 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    --------- 2007-08-31 13:01 1037736 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --------- 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --------- 2006-05-23 22:22 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --------- 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --------- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2007-12-06 18:20 1024000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --------- 2004-11-05 12:47 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --------- 2008-02-15 18:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
    --------- 2007-09-01 07:58 173312 C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    --------- 2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\WS_FTP Pro\\ftpfind.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\msiexec.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\BitPim\\bitpimw.exe"=
    "C:\\Program Files\\LG Data Transfer\\DpLauncher.exe"=
    "C:\\Program Files\\LG Data Transfer\\CellConn.exe"=
    "C:\\Program Files\\LG Data Transfer\\DPUpdate.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\LG Data Transfer\\DPilot.exe"=
    "C:\\Program Files\\Watermark Factory 2\\watermark factory.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=

    R2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 15:57]
    R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 07:58]
    S3 Airgo3P;NETGEAR RangeMax(TM) 240 Wireless Notebook Adapter WPNT511;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2005-10-29 11:05]
    S3 ndsdatamax;ndsdatamax;C:\WINDOWS\system32\Drivers\ndsdatamax.sys [2007-02-08 08:45]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 03:33]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
    - C:\Program Files\AntiSpywareApp\AntiSpyware.exe []

    2008-08-14 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
    - C:\Program Files\AntiSpywareApp []

    2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 11:17:06
    Windows 5.1.2600 Service Pack 3, v.3311 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\WLTRYSVC.EXE
    C:\WINDOWS\system32\BCMWLTRY.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-08-25 11:23:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-25 15:23:05
    ComboFix2.txt 2008-08-21 23:14:05
    ComboFix3.txt 2008-08-21 19:29:56
    ComboFix4.txt 2008-08-21 19:07:06

    Pre-Run: 104,996,896,768 bytes free
    Post-Run: 105,104,936,960 bytes free

    258 --- E O F --- 2008-08-21 22:47:01
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Does your Malwarebytes scan come up clean?
     
  10. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    I haven't run it as yet but I will now. BRB
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
  12. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    Malwarebytes log

    Malwarebytes' Anti-Malware 1.25
    Database version: 1087
    Windows 5.1.2600 Service Pack 3, v.3311

    3:23:56 PM 8/25/2008
    mbam-log-08-25-2008 (15-23-56).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 150375
    Time elapsed: 39 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Now Cybertech, do I need to remove Malwarebytes, HJT and/or Combofix and related files? Thanks always!!
     
  13. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    You can remove Malwarebytes in add/remove programs if you don't want to keep it.

    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Now you should Clean up your PC


    You're welcome!
     
  14. LadyDi2

    LadyDi2 Thread Starter

    Joined:
    Jan 30, 2008
    Messages:
    16
    Yep Cybertech all but the defrag is done. It's been a pleasure and I really do appreciate your time and effort!! I'll marked this solved now.
     
  15. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Great!

    Take care.

    :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/742401