1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Popups, other problems

Discussion in 'Virus & Other Malware Removal' started by tutatut, Jun 3, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. tutatut

    tutatut Thread Starter

    Joined:
    Jun 3, 2008
    Messages:
    11
    ComboFix:

    ComboFix 08-06-04.3 - me 2008-06-09 17:32:44.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.246 [GMT -7:00]
    Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM27662e2d.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\mcrh.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
    .

    2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
    2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
    2008-06-08 14:07 . 2008-06-08 14:07 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2008-06-08 14:07 . 2008-06-08 14:19 34,990 --a------ C:\WINDOWS\DIIUnin.dat
    2008-06-08 14:07 . 2008-06-08 14:07 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-07 17:36 . 2008-06-07 17:36 96,256 --a------ C:\WINDOWS\system32\qyygcmdk.dll
    2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-06-06 17:30 . 2008-06-06 17:30 96,256 --a------ C:\WINDOWS\system32\gxxjvhmr.dll
    2008-06-06 17:27 . 2008-06-06 17:27 90,624 --a------ C:\WINDOWS\system32\ghjmlnex.dll
    2008-06-05 17:33 . 2008-06-06 16:51 4,157,328 ---hs---- C:\WINDOWS\system32\oiurttfs.ini
    2008-06-05 17:30 . 2008-06-05 17:30 95,744 --a------ C:\WINDOWS\system32\twtrrlor.dll
    2008-06-05 17:25 . 2008-06-05 17:25 91,136 --a------ C:\WINDOWS\system32\btirosfv.dll
    2008-06-04 22:50 . 2008-06-04 22:50 95,232 --a------ C:\WINDOWS\system32\ldwhpryi.dll
    2008-06-04 22:47 . 2008-06-05 17:24 2,874,355 ---hs---- C:\WINDOWS\system32\xclgrhhl.ini
    2008-06-04 22:42 . 2008-06-04 22:42 91,136 --a------ C:\WINDOWS\system32\rviwhajb.dll
    2008-06-04 15:59 . 2008-06-04 15:59 95,232 --a------ C:\WINDOWS\system32\qjkhouqg.dll
    2008-06-04 15:56 . 2008-06-04 22:41 1,552,055 ---hs---- C:\WINDOWS\system32\lffvlsea.ini
    2008-06-04 15:55 . 2008-06-04 15:55 91,136 --a------ C:\WINDOWS\system32\hhedrfcq.dll
    2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
    2008-06-02 16:52 . 2008-06-04 15:55 1,561,386 --ahs---- C:\WINDOWS\system32\edcqdtyp.ini
    2008-06-02 15:46 . 2008-06-02 15:47 1,503,601 --ahs---- C:\WINDOWS\system32\bppyihvj.ini
    2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-06-01 13:42 . 2008-06-02 15:46 1,503,311 --ahs---- C:\WINDOWS\system32\jtpmwkft.ini
    2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
    2008-05-22 23:38 . 2008-06-08 16:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-22 23:38 . 2008-05-22 23:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-11 16:07 . 2008-05-11 16:07 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-11 16:07 . 2008-05-11 16:55 <DIR> d-------- C:\Documents and Settings\me\Application Data\Audacity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-08 21:24 --------- d-----w C:\Program Files\Diablo II
    2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-06-08 20:45 --------- d-----w C:\Program Files\Starcraft
    2008-06-08 03:22 --------- d-----w C:\Program Files\Lx_cats
    2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
    2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
    2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-21 02:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
    2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
    2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
    2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
    2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
    2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
    2008-04-19 03:31 --------- d-----w C:\Program Files\QuickTime
    2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-15 03:35 --------- d-----w C:\Program Files\Sun
    2008-04-15 03:34 --------- d-----w C:\Program Files\Java
    2008-04-15 02:21 --------- d-----w C:\Program Files\Common Files\Java
    1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897c62d-5f01-4186-8df8-168a47709e1f}]
    2008-06-07 17:36 96256 --a------ C:\WINDOWS\system32\qyygcmdk.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
    "lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
    "EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
    "Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
    --a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
    --a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
    --a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
    C:\WINDOWS\system32\kxvo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Nexon\\MapleStory\\MapleStory.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\kav\\kav7\\setup.exe"=

    R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
    R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
    R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
    R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
    R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
    R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
    R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
    R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
    R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
    R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
    R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
    R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
    R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
    R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
    R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
    R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
    R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
    R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
    R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
    R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
    R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
    S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-09 17:50:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\AhnLab\V3IS2007\msproxy.ahn
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\system32\lxbxcoms.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-09 17:52:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-10 00:52:32
    ComboFix2.txt 2008-06-06 00:20:42
    ComboFix3.txt 2008-06-05 05:20:27
    ComboFix4.txt 2008-02-11 04:17:05

    Pre-Run: 16,734,142,464 bytes free
    Post-Run: 16,774,524,928 bytes free

    195



    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:54:12 PM, on 6/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
    C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
    C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
    C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe
    C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
    C:\Program Files\Lexmark 7100 Series\ezprint.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\lxbxcoms.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020508 serial=PE02CBX-0000003-NMD lang=EN
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {306BDCAE-B7BF-4966-82A8-DFFC9DC3B4A9} (ONSEDownLoad Control) - http://club.shinbiro.com/common/ONSEUpDown.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205619002671
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
    O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
    O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
    O23 - Service: AhnLab Log Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
    O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --
    End of file - 5866 bytes
     
  2. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    Remove bad HijackThis entries
    • Run HijackThis
    • Click on do a system scan only
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll
      O16 - DPF: {306BDCAE-B7BF-4966-82A8-DFFC9DC3B4A9} (ONSEDownLoad Control) - http://club.shinbiro.com/common/ONSEUpDown.cab

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    COMBOFIX-Script

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File::  
      C:\WINDOWS\system32\qyygcmdk.dll
      C:\WINDOWS\system32\gxxjvhmr.dll
      C:\WINDOWS\system32\ghjmlnex.dll
      C:\WINDOWS\system32\oiurttfs.ini
      C:\WINDOWS\system32\twtrrlor.dll
      C:\WINDOWS\system32\btirosfv.dll
      C:\WINDOWS\system32\ldwhpryi.dll
      C:\WINDOWS\system32\xclgrhhl.ini
      C:\WINDOWS\system32\rviwhajb.dll
      C:\WINDOWS\system32\qjkhouqg.dll
      C:\WINDOWS\system32\lffvlsea.ini
      C:\WINDOWS\system32\hhedrfcq.dll
      C:\WINDOWS\system32\edcqdtyp.ini
      C:\WINDOWS\system32\bppyihvj.ini
      C:\WINDOWS\system32\jtpmwkft.ini
      
      Registry:: 
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897c62d-5f01-4186-8df8-168a47709e1f}]
      
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     
  3. tutatut

    tutatut Thread Starter

    Joined:
    Jun 3, 2008
    Messages:
    11
    ComboFix Log:

    ComboFix 08-06-04.3 - me 2008-06-10 18:57:18.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.265 [GMT -7:00]
    Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\me\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\bppyihvj.ini
    C:\WINDOWS\system32\btirosfv.dll
    C:\WINDOWS\system32\edcqdtyp.ini
    C:\WINDOWS\system32\ghjmlnex.dll
    C:\WINDOWS\system32\gxxjvhmr.dll
    C:\WINDOWS\system32\hhedrfcq.dll
    C:\WINDOWS\system32\jtpmwkft.ini
    C:\WINDOWS\system32\ldwhpryi.dll
    C:\WINDOWS\system32\lffvlsea.ini
    C:\WINDOWS\system32\oiurttfs.ini
    C:\WINDOWS\system32\qjkhouqg.dll
    C:\WINDOWS\system32\qyygcmdk.dll
    C:\WINDOWS\system32\rviwhajb.dll
    C:\WINDOWS\system32\twtrrlor.dll
    C:\WINDOWS\system32\xclgrhhl.ini
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\bppyihvj.ini
    C:\WINDOWS\system32\btirosfv.dll
    C:\WINDOWS\system32\edcqdtyp.ini
    C:\WINDOWS\system32\ghjmlnex.dll
    C:\WINDOWS\system32\gxxjvhmr.dll
    C:\WINDOWS\system32\hhedrfcq.dll
    C:\WINDOWS\system32\jtpmwkft.ini
    C:\WINDOWS\system32\ldwhpryi.dll
    C:\WINDOWS\system32\lffvlsea.ini
    C:\WINDOWS\system32\oiurttfs.ini
    C:\WINDOWS\system32\qjkhouqg.dll
    C:\WINDOWS\system32\rviwhajb.dll
    C:\WINDOWS\system32\twtrrlor.dll
    C:\WINDOWS\system32\xclgrhhl.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
    .

    2008-06-09 22:52 . 2008-06-09 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-09 22:52 . 2008-06-09 22:52 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
    2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
    2008-06-08 14:07 . 2008-06-08 14:07 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2008-06-08 14:07 . 2008-06-08 14:19 34,990 --a------ C:\WINDOWS\DIIUnin.dat
    2008-06-08 14:07 . 2008-06-08 14:07 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
    2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
    2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-11 16:07 . 2008-05-11 16:07 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-11 16:07 . 2008-05-11 16:55 <DIR> d-------- C:\Documents and Settings\me\Application Data\Audacity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-11 00:49 --------- d-----w C:\Program Files\Starcraft
    2008-06-11 00:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-06-10 08:21 --------- d-----w C:\Program Files\Lx_cats
    2008-06-10 05:52 --------- d-----w C:\Program Files\QuickTime
    2008-06-08 21:24 --------- d-----w C:\Program Files\Diablo II
    2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
    2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
    2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
    2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
    2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
    2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
    2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
    2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
    2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-15 03:35 --------- d-----w C:\Program Files\Sun
    2008-04-15 03:34 --------- d-----w C:\Program Files\Java
    2008-04-15 02:21 --------- d-----w C:\Program Files\Common Files\Java
    1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
    "lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
    "EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
    "Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
    --a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
    --a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
    --a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
    C:\WINDOWS\system32\kxvo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Nexon\\MapleStory\\MapleStory.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\kav\\kav7\\setup.exe"=

    R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
    R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
    R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
    R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
    R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
    R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
    R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
    R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
    R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
    R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
    R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
    R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
    R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
    R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
    R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
    R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
    R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
    R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
    R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
    R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
    R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
    S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 18:59:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-10 19:00:16
    ComboFix-quarantined-files.txt 2008-06-11 02:00:12
    ComboFix2.txt 2008-06-10 00:52:40
    ComboFix3.txt 2008-06-06 00:20:42
    ComboFix4.txt 2008-06-05 05:20:27
    ComboFix5.txt 2008-02-11 04:17:05

    Pre-Run: 16,709,406,720 bytes free
    Post-Run: 16,690,929,664 bytes free

    195
     
  4. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    Hi,

    Hows your computer running? Any better?

    Kaspersky online scan.

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  5. tutatut

    tutatut Thread Starter

    Joined:
    Jun 3, 2008
    Messages:
    11
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, June 12, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, June 13, 2008 00:56:48
    Records in database: 857859
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 68067
    Threat name: 4
    Infected objects: 11
    Suspicious objects: 0
    Duration of the scan: 02:53:19


    File name / Threat name / Threats count
    C:\Documents and Settings\me\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Homles.bs 1
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080610-185454-816.dll Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\btirosfv.dll.vir Infected: Trojan-Downloader.Win32.Agent.seh 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\ghjmlnex.dll.vir Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\gxxjvhmr.dll.vir Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\hhedrfcq.dll.vir Infected: Trojan.Win32.Pakes.day 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\iykwdjvk.dll.vir Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\rnblxywn.dll.vir Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\rviwhajb.dll.vir Infected: Trojan.Win32.Pakes.day 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\twtrrlor.dll.vir Infected: Trojan.Win32.Monder.gen 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\ybmpoeyq.dll.vir Infected: Trojan.Win32.Monder.gen 1

    The selected area was scanned.



    No popups, and sites load now, but it's pretty slow... Also, don't know if it's related but I frequently get disconnected to internet for a few seconds even when my modem shows that the connection is fine.
     
  6. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    Remove bad HijackThis entries
    • Run HijackThis
    • Click on do a system scan only
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: {f1e90774-a861-8fd8-6814-10f5d26c798f} - {f897c62d-5f01-4186-8df8-168a47709e1f} - C:\WINDOWS\system32\qyygcmdk.dll

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    COMBOFIX-Script

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File:: 
      C:\WINDOWS\system32\kxvo.exe
      
      Registry:: 
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
      
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    So please post back:
    Fresh HJT log
    CFScript
    Info on how your computer is running. Any better?
     
  7. tutatut

    tutatut Thread Starter

    Joined:
    Jun 3, 2008
    Messages:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:34:36 PM, on 6/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\RSSoft\RedSwoosh.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
    C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
    C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
    C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
    C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\lxbxcoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=020508 serial=PE02CBX-0000003-NMD lang=EN
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205619002671
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
    O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
    O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
    O23 - Service: AhnLab Log Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
    O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --
    End of file - 5617 bytes























    ComboFix 08-06-15.4 - me 2008-06-15 18:28:48.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.254 [GMT -7:00]
    Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\me\Desktop\CFscript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\kxvo.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
    .

    2008-06-15 15:07 . 2008-06-15 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-15 15:07 . 2008-06-15 15:07 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-13 19:43 . 2008-06-13 19:43 <DIR> d-------- C:\Documents and Settings\1V1ine\Application Data\Malwarebytes
    2008-06-10 22:33 . 2008-06-15 18:25 <DIR> d-------- C:\Program Files\RSSoft
    2008-06-08 15:43 . 2008-06-08 15:43 <DIR> d----c--- C:\VundoFix Backups
    2008-06-08 15:42 . 2001-05-21 11:46 198,656 --a------ C:\WINDOWS\system32\Comdlg32.ocx
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-07 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-07 21:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-07 21:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-06 18:25 . 2008-06-06 18:26 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d----c--- C:\kav
    2008-06-01 20:57 . 2008-06-01 20:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-05-29 16:26 . 2008-05-29 16:26 <DIR> d-------- C:\Program Files\portalgraphics
    2008-05-18 10:49 . 2008-05-18 10:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-05-18 09:46 . 2008-05-18 09:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-18 09:42 . 2008-05-18 09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-15 17:54 --------- d-----w C:\Program Files\Lx_cats
    2008-06-15 04:01 --------- d-----w C:\Program Files\Starcraft
    2008-06-12 22:33 --------- d-----w C:\Documents and Settings\1V1ine\Application Data\GRETECH
    2008-06-11 00:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-06-10 05:52 --------- d-----w C:\Program Files\QuickTime
    2008-06-08 21:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-06-08 21:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-06-08 21:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-06-05 05:42 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
    2008-06-01 01:27 --------- d-----w C:\Program Files\Cellosoft
    2008-05-29 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-15 08:27 1,452,800 ----a-w C:\WINDOWS\system32\drivers\V3Engine.sys
    2008-05-14 08:55 70,528 ----a-w C:\WINDOWS\system32\drivers\ahnsze.sys
    2008-05-11 23:55 --------- d-----w C:\Documents and Settings\me\Application Data\Audacity
    2008-05-11 23:07 --------- d-----w C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-08 22:55 --------- d-----w C:\Program Files\Verizon
    2008-05-08 22:55 --------- d-----w C:\Program Files\Common Files\SupportSoft
    2008-05-01 23:36 --------- d-----w C:\Documents and Settings\me\Application Data\Apple Computer
    2008-04-19 22:17 --------- d-----w C:\Program Files\Tablet
    2008-04-19 03:28 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-19 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-19 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-26 18:30 62436]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 06:32 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 06:32 455168]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
    "AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
    "lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43 196608]
    "EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24 61440]
    "Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08 69632]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 08:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-19 15:17:54 114688]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AhnLab Session Process]
    --a------ 2007-11-20 03:10 54862 C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
    --a------ 2008-01-28 18:23 199368 C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
    --a------ 2004-11-01 07:05 241664 C:\WINDOWS\system32\HncUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Nexon\\MapleStory\\MapleStory.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\kav\\kav7\\setup.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh

    R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
    R2 AhnLab Application Service;AhnLab Application Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" [2007-09-09 17:25]
    R2 AhnLab Guarantee Service;AhnLab Guarantee Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" [2007-11-22 10:56]
    R2 AhnLab Information Service;AhnLab Information Service;"C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" [2007-09-09 17:26]
    R2 AhnLab Log Service;AhnLab Log Service;"C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe" [2007-08-10 10:55]
    R2 AhnLab Task Scheduler;AhnLab Task Scheduler;"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" [2008-01-28 18:23]
    R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
    R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
    R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-20 13:08]
    R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
    R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-05-14 01:55]
    R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
    R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
    R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
    R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
    R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
    R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
    R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-20 13:28]
    R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-05-15 01:27]
    R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
    R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
    S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]
    S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-19 03:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-15 18:30:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-15 18:31:56
    ComboFix-quarantined-files.txt 2008-06-16 01:31:47
    ComboFix2.txt 2008-06-11 02:00:17
    ComboFix3.txt 2008-06-10 00:52:40
    ComboFix4.txt 2008-06-06 00:20:42
    ComboFix5.txt 2008-06-05 05:20:27

    Pre-Run: 16,689,086,464 bytes free
    Post-Run: 16,727,265,280 bytes free

    162





    Couldn't find the one you mentioned in HijackThis...
    Internet + popup problem was fixed after running Malwarebytes' Anti-Malware, but after that, no significant change about the computer running slow.
     
  8. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    IMJPMIG.EXE (MS Input Method Editor) process can be removed to free up resources without compromising system performance. This is a valid program but it is not required to run on startup. imjpmig.exe belongs to the Microsoft Input Method Editor. It is used to simplify the input of Asian (Chinese, Korean and this one is Japanese) characters in the Microsoft Office suite. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


    soundman.exe (Realtek AC97 Audio Sound Manager) process can be removed to free up resources without compromising system performance. System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE


    You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe



    You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

    O4 &#8209; HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" &#8209;atboottime

    There is a small program that will prevent QuickTime from resetting itself.
    Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to http://www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.


    • Run Disk Defragmenter. Go Start > Programs > Accessories > System Tools > Disk Defragmenter, and click on Defragment.


    Can you tell me how much RAM you have on your computer? And how much free hard drive space is available?


    Thanks.
     
  9. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    Hi,

    Its been quite a few days, are you still with us?
     
  10. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    Due to the level of inactivity i have now unsuscribed from this topic
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/717953