1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: slooooow computer :(

Discussion in 'Virus & Other Malware Removal' started by Captain Planet, Sep 29, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    I was attacked by some trojans the other day and hopefully I got rid of all of their remnants, but I'm not sure if I'm clean or not. My websites used to be redirected and each webpage was doubled on the screen, but that seems to have healed overnight. (??) Is my HijackThis logfile clean?

    Logfile of HijackThis v1.99.1
    Scan saved at 6:55:02 PM, on 9/29/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\DOCUME~1\TRACIF~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
    C:\WINDOWS\system32\MsiExec.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM376968b1] Rundll32.exe "C:\WINDOWS\system32\ookyajjb.dll",s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton AntiVirus" /m "C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll" /prefetch:1 (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Thanks so much!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!


    Visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  3. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    I already went through the combofix process and it won't let me do it again (I was using the wrong windows recovery). I'm trying to find my old combofix log (I'm pretty sure I saved it). Is there anything else I could do?
     
  4. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    OLD COMBOFIX

    ComboFix 08-09-27.06 - Traci Fitzharris 2008-09-28 18:21:08.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.194 [GMT -7:00]
    Running from: C:\Documents and Settings\Traci Fitzharris\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Traci Fitzharris\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM376968b1.txt
    C:\WINDOWS\BM376968b1.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\awtusssr.dll
    C:\WINDOWS\system32\ieupdates.exe.tmp
    C:\WINDOWS\system32\JSssDcfe.ini
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\ysqoqraq.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
    .

    2008-09-28 17:28 . 2008-09-28 17:28 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-09-28 17:24 . 2008-09-28 17:24 <DIR> d----c--- C:\VundoFix Backups
    2008-09-28 14:51 . 2008-09-28 15:06 <DIR> d-------- C:\Program Files\Sophos
    2008-09-28 12:51 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
    2008-09-28 12:50 . 2008-09-28 15:34 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-09-28 12:50 . 2008-09-28 12:54 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2008-09-28 12:50 . 2008-09-28 12:50 <DIR> d-------- C:\Documents and Settings\Traci Fitzharris\Application Data\PC Tools
    2008-09-28 12:50 . 2008-09-28 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-09-28 12:50 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-28 12:50 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-28 12:50 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-28 12:50 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-09-28 01:20 . 2008-09-28 01:19 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-09-28 01:19 . 2008-09-28 01:19 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-09-28 01:19 . 2008-09-28 01:19 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-09-28 01:18 . 2008-09-28 01:18 <DIR> d-------- C:\WINDOWS\system32\drivers\NAV
    2008-09-28 01:18 . 2008-09-28 01:18 <DIR> d-------- C:\Program Files\Windows Sidebar
    2008-09-28 01:18 . 2008-09-28 01:18 <DIR> d-------- C:\Program Files\NortonInstaller
    2008-09-28 01:18 . 2008-09-28 01:19 <DIR> d-------- C:\Program Files\Norton AntiVirus
    2008-09-28 01:18 . 2008-09-28 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-09-28 01:18 . 2008-09-28 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
    2008-09-28 00:55 . 2008-09-28 01:19 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-09-28 00:55 . 2008-09-28 01:19 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-09-28 00:53 . 2008-09-28 00:53 <DIR> d-------- C:\Program Files\Symantec_Client_Security
    2008-09-28 00:53 . 2008-09-28 01:19 <DIR> d-------- C:\Program Files\Symantec
    2008-09-28 00:53 . 2008-09-28 01:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-09-28 00:01 . 2006-04-04 15:55 591,632 --------- C:\WINDOWS\system32\WinSSWebAgent.dll
    2008-09-27 23:23 . 2008-09-27 23:23 128,000 --a------ C:\WINDOWS\system32\tthugigd.dll
    2008-09-27 23:21 . 2008-09-27 23:21 105,984 --a------ C:\WINDOWS\system32\ookyajjb.dll
    2008-09-27 23:20 . 2008-09-28 14:02 888,844 --ahs---- C:\WINDOWS\system32\JSssDcfe.ini2
    2008-09-27 17:17 . 2008-04-13 17:11 32,768 --a------ C:\WINDOWS\system32\dllcache\ativtmxx.dll
    2008-09-27 17:17 . 2008-04-13 17:11 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
    2008-09-27 16:58 . 2008-09-28 02:16 <DIR> d-------- C:\WINDOWS\system32\EV19
    2008-09-27 16:58 . 2008-09-27 16:58 <DIR> d----c--- C:\Temp\xp34
    2008-09-27 16:58 . 2008-09-27 16:59 <DIR> d----c--- C:\Temp
    2008-09-22 01:20 . 2008-09-22 01:20 <DIR> d-------- C:\Documents and Settings\Traci Fitzharris\Application Data\deskPDF
    2008-09-22 01:15 . 2008-09-22 01:16 <DIR> d-------- C:\Program Files\Docudesk
    2008-09-22 01:15 . 2008-03-25 13:51 18,790 --a------ C:\WINDOWS\system32\ddmon.dll
    2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d-------- C:\Program Files\AVG
    2008-09-06 15:05 . 2008-09-06 15:06 1,594 --a------ C:\WINDOWS\VPNUnInstall.MIF
    2008-09-05 23:45 . 2008-09-05 23:45 <DIR> d----c--- C:\Nexon
    2008-09-05 23:45 . 2008-09-06 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 01:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-28 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-28 00:08 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\ATI
    2008-09-25 06:54 --------- d--h--w C:\Documents and Settings\Traci Fitzharris\Application Data\Move Networks
    2008-09-22 02:03 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\Azureus
    2008-09-22 01:21 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\BitTorrent
    2008-09-06 22:53 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\Toshiba
    2008-09-06 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-06 22:13 --------- d-----w C:\Program Files\Symantec Client Security
    2008-08-23 19:28 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-23 19:25 --------- d-----w C:\Program Files\iTunes
    2008-08-23 19:24 --------- d-----w C:\Program Files\iPod
    2008-08-23 19:22 --------- d-----w C:\Program Files\QuickTime
    2008-08-23 19:22 --------- d-----w C:\Program Files\Bonjour
    2007-10-28 00:03 81,920 ----a-w C:\Documents and Settings\Traci Fitzharris\Application Data\ezpinst.exe
    2007-10-28 00:03 47,360 ----a-w C:\Documents and Settings\Traci Fitzharris\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 127035]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-09 185896]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
    "BM376968b1"="C:\WINDOWS\system32\ookyajjb.dll" [2008-09-27 105984]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 C:\WINDOWS\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-22 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    --a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    --a------ 2006-03-01 11:58 712704 C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "C:\\Nexon\\Combat Arms\\NMService.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22004
    "137:TCP"= 137:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-137:TCP
    "445:TCP"= 445:TCP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22005
    "23:TCP"= 23:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-23:TCP
    "25:TCP"= 25:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-25:TCP
    "80:TCP"= 80:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-80:TCP
    "20:TCP"= 20:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-20:TCP
    "21:TCP"= 21:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-21:TCP
    "113:TCP"= 113:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-113:TCP
    "443:TCP"= 443:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-443:TCP
    "1025:TCP"= 1025:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-1025:TCP
    "135:UDP"= 135:UDP:128.32.30.64/255.255.255.224:Enabled:SNS-135:UDP
    "137:UDP"= 137:UDP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22001

    R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-09-28 309296]
    R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-09-28 254512]
    R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-09-28 362544]
    R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20080923.001\IDSxpx86.sys [2008-09-28 274808]
    R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
    R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
    S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\6B.tmp [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    HKLM-Run-MSKDetectorExe - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    Notify-mlJDvSLe - mlJDvSLe.dll
    MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
    MSConfigStartUp-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Traci Fitzharris\Application Data\Mozilla\Firefox\Profiles\mqztgdll.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF -: plugin - C:\Documents and Settings\Traci Fitzharris\Application Data\Mozilla\Firefox\Profiles\mqztgdll.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
    FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 18:27:49
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
    "ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\C:\WINDOWS\system32\6B.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-28 18:36:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-29 01:35:57

    Pre-Run: 6,701,834,240 bytes free
    Post-Run: 7,564,591,104 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    265 --- E O F --- 2008-09-10 01:33:49
     
  5. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    i ran combofix again, but i'm still using the wrong window's recovery (i should be using the sp2 pro because i have windows xp sp3 media center edition, but instead i ran a home recovery). will this not work? am i messing up my computer?

    ComboFix 08-09-30.03 - Traci Fitzharris 2008-09-30 19:17:29.1 - NTFSx86
    Running from: C:\Documents and Settings\Traci Fitzharris\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM376968b1.txt
    C:\WINDOWS\BM376968b1.xml
    C:\WINDOWS\pskt.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
    .

    2008-09-30 19:24 . 2008-09-30 19:24 113,053 --a------ C:\WINDOWS\BM376968b1.xml
    2008-09-29 22:23 . 2008-09-29 22:23 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-09-29 18:56 . 2008-09-29 18:57 <DIR> d-------- C:\Program Files\iTunes
    2008-09-29 18:56 . 2008-09-29 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-29 18:52 . 2008-09-29 18:53 <DIR> d-------- C:\Program Files\QuickTime
    2008-09-29 18:41 . 2008-09-29 18:41 <DIR> d-------- C:\Program Files\Bonjour
    2008-09-28 17:28 . 2008-09-28 23:41 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-09-28 17:24 . 2008-09-28 17:24 <DIR> d----c--- C:\VundoFix Backups
    2008-09-28 14:51 . 2008-09-28 15:06 <DIR> d-------- C:\Program Files\Sophos
    2008-09-28 12:51 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
    2008-09-28 12:50 . 2008-09-30 19:23 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-09-28 12:50 . 2008-09-28 12:54 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2008-09-28 12:50 . 2008-09-28 12:50 <DIR> d-------- C:\Documents and Settings\Traci Fitzharris\Application Data\PC Tools
    2008-09-28 12:50 . 2008-09-28 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-09-28 12:50 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-28 12:50 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-28 12:50 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-28 12:50 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-09-28 01:19 . 2008-09-28 01:19 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-09-28 01:19 . 2008-09-28 01:19 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-09-28 01:18 . 2008-09-28 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-09-28 01:18 . 2008-09-29 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
    2008-09-28 00:55 . 2008-09-28 01:19 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-09-28 00:55 . 2008-09-28 01:19 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-09-28 00:53 . 2008-09-28 00:53 <DIR> d-------- C:\Program Files\Symantec_Client_Security
    2008-09-28 00:53 . 2008-09-28 01:19 <DIR> d-------- C:\Program Files\Symantec
    2008-09-28 00:53 . 2008-09-28 01:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-09-28 00:01 . 2006-04-04 15:55 591,632 --------- C:\WINDOWS\system32\WinSSWebAgent.dll
    2008-09-27 23:23 . 2008-09-27 23:23 128,000 --a------ C:\WINDOWS\system32\tthugigd.dll
    2008-09-27 23:21 . 2008-09-27 23:21 105,984 --a------ C:\WINDOWS\system32\ookyajjb.dll
    2008-09-27 23:20 . 2008-09-28 14:02 888,844 --ahs---- C:\WINDOWS\system32\JSssDcfe.ini2
    2008-09-27 17:17 . 2008-04-13 17:11 32,768 --a------ C:\WINDOWS\system32\dllcache\ativtmxx.dll
    2008-09-27 17:17 . 2008-04-13 17:11 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
    2008-09-27 16:58 . 2008-09-28 02:16 <DIR> d-------- C:\WINDOWS\system32\EV19
    2008-09-27 16:58 . 2008-09-27 16:58 <DIR> d----c--- C:\Temp\xp34
    2008-09-27 16:58 . 2008-09-27 16:59 <DIR> d----c--- C:\Temp
    2008-09-22 01:20 . 2008-09-22 01:20 <DIR> d-------- C:\Documents and Settings\Traci Fitzharris\Application Data\deskPDF
    2008-09-22 01:15 . 2008-09-22 01:16 <DIR> d-------- C:\Program Files\Docudesk
    2008-09-22 01:15 . 2008-03-25 13:51 18,790 --a------ C:\WINDOWS\system32\ddmon.dll
    2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d-------- C:\Program Files\AVG
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-09-06 15:05 . 2008-09-06 15:06 1,594 --a------ C:\WINDOWS\VPNUnInstall.MIF
    2008-09-05 23:45 . 2008-09-05 23:45 <DIR> d----c--- C:\Nexon
    2008-09-05 23:45 . 2008-09-06 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 02:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-30 01:56 --------- d-----w C:\Program Files\iPod
    2008-09-30 01:52 --------- d-----w C:\Program Files\Common Files\Apple
    2008-09-28 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-28 00:08 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\ATI
    2008-09-25 06:54 --------- d--h--w C:\Documents and Settings\Traci Fitzharris\Application Data\Move Networks
    2008-09-22 02:03 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\Azureus
    2008-09-22 01:21 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\BitTorrent
    2008-09-06 22:53 --------- d-----w C:\Documents and Settings\Traci Fitzharris\Application Data\Toshiba
    2008-09-06 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-06 22:13 --------- d-----w C:\Program Files\Symantec Client Security
    2008-08-23 19:28 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-28 00:03 81,920 ----a-w C:\Documents and Settings\Traci Fitzharris\Application Data\ezpinst.exe
    2007-10-28 00:03 47,360 ----a-w C:\Documents and Settings\Traci Fitzharris\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 127035]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-09 185896]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "BM376968b1"="C:\WINDOWS\system32\ookyajjb.dll" [2008-09-27 105984]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 C:\WINDOWS\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-22 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    --a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    --a------ 2006-03-01 11:58 712704 C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "C:\\Nexon\\Combat Arms\\NMService.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22004
    "137:TCP"= 137:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-137:TCP
    "445:TCP"= 445:TCP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22005
    "23:TCP"= 23:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-23:TCP
    "25:TCP"= 25:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-25:TCP
    "80:TCP"= 80:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-80:TCP
    "20:TCP"= 20:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-20:TCP
    "21:TCP"= 21:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-21:TCP
    "113:TCP"= 113:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-113:TCP
    "443:TCP"= 443:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-443:TCP
    "1025:TCP"= 1025:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-1025:TCP
    "135:UDP"= 135:UDP:128.32.30.64/255.255.255.224:Enabled:SNS-135:UDP
    "137:UDP"= 137:UDP:128.32.30.64/255.255.255.224:Enabled:mad:xpsp2res.dll,-22001

    R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
    S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\6B.tmp [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    *Newly Created Service* - MCHINJDRV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-vptray - C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Traci Fitzharris\Application Data\Mozilla\Firefox\Profiles\csqkh8n9.default\
    FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF -: plugin - C:\Documents and Settings\Traci Fitzharris\Application Data\Mozilla\Firefox\Profiles\csqkh8n9.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
    FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
    FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 19:23:44
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\BM376968b1.txt 74 bytes
    C:\WINDOWS\BM376968b1.xml 113053 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\C:\WINDOWS\system32\6B.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\ookyajjb.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-30 19:29:02 - machine was rebooted [Traci Fitzharris]
    ComboFix-quarantined-files.txt 2008-10-01 02:28:57
    ComboFix2.txt 2008-09-29 01:36:04

    Pre-Run: 6,058,442,752 bytes free
    Post-Run: 6,888,837,120 bytes free

    242 --- E O F --- 2008-09-10 01:33:49
     
  6. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 7:38:51 PM, on 9/30/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM376968b1] Rundll32.exe "C:\WINDOWS\system32\ookyajjb.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Remind me, if I forget, to give you instructions for removing Recovery Console. You are ok for now.

    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        [*]Archives
        [*]Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.

    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
     
  8. Captain Planet

    Captain Planet Thread Starter

    Joined:
    Sep 28, 2008
    Messages:
    6
    Thank you for your help, but I think I have solved my problems already. :)
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I doubt it, but if you say so.

    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Now you should Clean up your PC


    Here are some additional links for you to check out to help you with your computer security.

    How did I get infected in the first place.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.



    You're welcome!
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/754651

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice