Strange pop-ups & security overides help plz

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
Well my problem consist of strange pop ups, strange warnings popping up in my task bar, and icons showing up on my desktop. HELP:confused::confused::confused:
This is my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:12 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} -

C:\WINDOWS\system32\zfwq.dll
O2 - BHO: GNX Rolex - {2A76890C-7934-4BC0-B4B9-BC88FBA03A42} -

C:\WINDOWS\drnpfdxsnt.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} -

C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164

\swg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program

Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} -

C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} -

C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {59A31135-1D61-47BE-88C0-E5ED82BBD53F} -

C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US

ee://aol/imApp
O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7

-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -

http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) -

http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84

85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84

85.255.112.191
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: altvxvm - {4663160C-1A13-44E3-A53E-567284199DE1} -

C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {59FD8704-1606-4E7C-8D6E-AF3A8ECCE09D} -

C:\WINDOWS\bokpkov.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group

- C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5052 bytes:confused::confused:
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome!
The Hijack This log is hard to read.
Please rescan with Hijack This.
When the log opens in Notepad, go to Format and select Wordwrap.
Then copy and paste the log here.
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
Ok ive got the new one right here


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:38 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
O2 - BHO: GNX Rolex - {2A76890C-7934-4BC0-B4B9-BC88FBA03A42} - C:\WINDOWS\drnpfdxsnt.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {59A31135-1D61-47BE-88C0-E5ED82BBD53F} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: altvxvm - {4663160C-1A13-44E3-A53E-567284199DE1} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {59FD8704-1606-4E7C-8D6E-AF3A8ECCE09D} - C:\WINDOWS\bokpkov.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5052 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Thanks, that is easier

Run Hijack This and click Open the Misc Tools section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of this log.
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
Hey thanks for the help heres the log like you asked:


7-Zip 4.42
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8
Adobe Shockwave Player
AIM 6
Alibre Design
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
AviSynth 2.5
Belarc Advisor 7.1
CDCheck
Cheat Engine 5.4
C-Media WDM Audio Driver
Diablo II
DivX Content Uploader
DivX Web Player
Evrsoft First Page 2006
Google Desktop
Guild Wars
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LimeWire PRO 4.14.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Morpheus Toolbar
Mozilla Firefox (2.0.0.13)
MSN Gaming Zone
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Norton™ Security Scan
NVIDIA Drivers
Nvu 1.0
OpenOffice.org 2.3
QuickTime
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Serif PhotoPlus 6.0
SoftV92 Data Fax Modem
Solid State ION Internet Explorer Plugin
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
VeohTV BETA
VIA Audio Driver Setup Program
Videora iPod Converter 0.91
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordPerfect Office 11
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Uninstall the following from Add or Remove Programs:

Morpheus Toolbar
Viewpoint Media Player


Then:

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • ...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
Hey this is the ComboFix log

ComboFix 08-04-10.4 - Dylan 2008-04-10 18:10:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT -4:00]
Running from: C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Error Cleaner.url
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Privacy Protector.url
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Error Cleaner.url
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Privacy Protector.url
C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\FunWebProducts
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Error Cleaner.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Privacy Protector.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Error Cleaner.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Privacy Protector.url
C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Dxc.log
C:\Documents and Settings\Taylor\Application Data\ShoppingReport
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Taylor\Application Data\WeatherDPA
C:\Documents and Settings\Taylor\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Taylor\Desktop\Error Cleaner.url
C:\Documents and Settings\Taylor\Desktop\Privacy Protector.url
C:\Documents and Settings\Taylor\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Taylor\Favorites\Error Cleaner.url
C:\Documents and Settings\Taylor\Favorites\Privacy Protector.url
C:\Documents and Settings\Taylor\Favorites\Spyware&Malware Protection.url
C:\Program Files\autorun.inf
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\default.htm
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\mcrh.tmp
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-05 20:19 . 2008-04-07 20:13 106,496 --a------ C:\WINDOWS\DUMP8908.tmp
2008-04-05 20:19 . 2008-04-07 19:52 106,496 --a------ C:\WINDOWS\DUMP8709.tmp
2008-04-05 20:19 . 2008-04-07 19:24 106,496 --a------ C:\WINDOWS\DUMP860f.tmp
2008-04-05 20:19 . 2008-04-07 19:21 106,496 --a------ C:\WINDOWS\DUMP85d3.tmp
2008-04-05 17:53 . 2008-04-05 17:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-18 01:28 . 2008-03-17 20:22 245,760 --a------ C:\WINDOWS\drnpfdxsnt.dll
2008-03-18 01:28 . 2008-03-17 20:22 229,376 --a------ C:\WINDOWS\altvxvm.dll
2008-03-18 01:28 . 2008-03-17 20:22 221,184 --a------ C:\WINDOWS\bokpkov.dll
2008-03-18 01:28 . 2008-03-17 20:22 172,032 --a------ C:\WINDOWS\etlrlws.dll
2008-03-18 01:28 . 2008-03-17 20:22 94,208 --a------ C:\WINDOWS\fmsxwqs.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 22:03 --------- d-----w C:\Program Files\Viewpoint
2008-04-10 22:03 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\Viewpoint
2008-04-10 22:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-04-10 21:59 --------- d-----w C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\OpenOffice.org2
2008-04-09 23:50 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\LimeWire
2008-04-09 23:24 --------- d-----w C:\Program Files\Trend Micro
2008-04-08 00:49 --------- d-----w C:\Program Files\Warcraft III
2008-04-07 22:20 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-07 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-05 22:24 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\OpenOffice.org2
2008-04-05 05:53 106,496 ----a-w C:\WINDOWS\DUMP89a8.tmp
2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Taylor\Application Data\OpenOffice.org2
2008-04-04 20:22 106,496 ----a-w C:\WINDOWS\DUMP826c.tmp
2008-03-17 03:05 --------- d-----w C:\Program Files\Incomplete
2008-03-17 02:42 --------- d-----w C:\Program Files\LimeWire
2008-03-09 17:24 --------- d-----w C:\Program Files\AIM6
2008-03-09 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-03-09 17:11 --------- d-----w C:\Program Files\Java
2008-03-08 16:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-08 15:58 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-08 15:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-03-03 00:59 --------- d-----w C:\Program Files\Diablo II
2008-03-01 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-03-01 21:03 101 ----a-w C:\Program Files\rs.abc
2008-02-19 03:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-11 00:32 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-02-07 23:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-07 23:01 249,856 ------w C:\WINDOWS\Setup1.exe
2007-06-12 22:23 372 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb6334.dat
2007-06-12 20:48 194 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb8467.dat
2007-06-12 20:48 18,432 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb41.dat
2007-06-10 15:44 372 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb6334.dat
2007-06-10 15:44 194 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb8467.dat
2007-06-10 15:44 18,432 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb41.dat
2006-04-04 00:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2001-05-15 17:51 249,059,328 ----a-r C:\Program Files\D2EXP.MPQ
2001-05-02 12:57 14,956,544 ----a-r C:\Program Files\D2COM_01.EXE
2000-04-06 12:00 263,168 ----a-r C:\Program Files\BINKW32.DLL
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new Hijack This log
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
This is the SDFix report


SDFix: Version 1.169
Run by Dylan on Fri 04/11/2008 at 06:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\-18669~1 - Deleted
C:\WINDOWS\drnpfdxsnt.dll - Deleted
C:\WINDOWS\altvxvm.dll - Deleted
C:\WINDOWS\bokpkov.dll - Deleted
C:\WINDOWS\etlrlws.dll - Deleted
C:\WINDOWS\fmsxwqs.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:52:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bf,63,e6,fa,46,ab,9e,1d,75,a6,ad,4a,58,bd,ea,9d,25,3b,69,aa,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,14,98,97,49,d5,ea,9b,4b,74,33,70,ab,e8,b5,04,f2,fa,..
"khjeh"=hex:2b,38,36,ee,91,49,20,16,2b,ae,f8,b3,2c,75,8d,70,df,e8,e7,9f,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,6c,35,a1,8e,6f,bd,0a,33,ba,ce,04,7a,b2,4b,e4,50,66,96,f7,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bf,63,e6,fa,46,ab,9e,1d,75,a6,ad,4a,58,bd,ea,9d,25,3b,69,aa,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,14,98,97,49,d5,ea,9b,4b,74,33,70,ab,e8,b5,04,f2,fa,..
"khjeh"=hex:2b,38,36,ee,91,49,20,16,2b,ae,f8,b3,2c,75,8d,70,df,e8,e7,9f,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,6c,35,a1,8e,6f,bd,0a,33,ba,ce,04,7a,b2,4b,e4,50,66,96,f7,ee,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 26 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Mon 7 Nov 2005 400 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v2ks.bla.bak"
Mon 7 Nov 2005 48 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v2ks.sec.bak"
Mon 7 Nov 2005 400 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v3ks.bla.bak"
Sat 28 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 25 Dec 2005 147,097 ..SHR --- "C:\Documents and Settings\Megan.VAUGHN-MSX9IRO5\Local Settings\Temp\gwx464.sys"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Mon 4 Feb 2008 32,776 A..H. --- "C:\Documents and Settings\Alex\My Documents\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP0.TMP"
Mon 4 Feb 2008 598 A..H. --- "C:\Documents and Settings\Alex\My Documents\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP1.TMP"
Sat 26 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv1key.bak"
Fri 20 Oct 2006 20 A..H. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 4 Dec 2005 488 A.SH. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv2key.bak"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\U3\temp\Launchpad Removal.exe"
Sat 26 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv1key.bak"
Tue 9 Jan 2007 20 A..H. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 4 Dec 2005 488 A.SH. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv2key.bak"
Sun 2 Mar 2008 194,048 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Stuff that needs to be here\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP0.TMP"
Sun 2 Mar 2008 1,016 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Stuff that needs to be here\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP1.TMP"

Finished!
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
This is the new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:20 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4341 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  2. The fix will begin; follow the prompts.
  3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  5. Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

Then rerun ComboFix and post the results please.
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
ok here is the Fixwareout report

Username "Dylan" - 04/11/2008 22:52:26 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.84 85.255.112.191" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Here is the new HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:26 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4158 bytes
 

Grimly

Thread Starter
Joined
Sep 30, 2007
Messages
16
This is the combo fix report

ComboFix 08-04-10.4 - Dylan 2008-04-12 16:44:15.4 - NTFSx86
Running from: C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 22:51 . 2008-04-11 22:55 <DIR> d-------- C:\fixwareout
2008-04-11 18:35 . 2008-04-11 18:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:31 . 2008-04-11 18:59 <DIR> d-------- C:\SDFix
2008-04-05 20:19 . 2008-04-07 20:13 106,496 --a------ C:\WINDOWS\DUMP8908.tmp
2008-04-05 20:19 . 2008-04-07 19:52 106,496 --a------ C:\WINDOWS\DUMP8709.tmp
2008-04-05 20:19 . 2008-04-07 19:24 106,496 --a------ C:\WINDOWS\DUMP860f.tmp
2008-04-05 20:19 . 2008-04-07 19:21 106,496 --a------ C:\WINDOWS\DUMP85d3.tmp
2008-04-05 17:53 . 2008-04-05 17:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 13:57 --------- d-----w C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\OpenOffice.org2
2008-04-12 02:44 --------- d-----w C:\Program Files\Warcraft III
2008-04-12 01:56 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\OpenOffice.org2
2008-04-10 22:18 --------- d-----w C:\Program Files\MorpheusBar
2008-04-10 22:03 --------- d-----w C:\Program Files\Viewpoint
2008-04-10 22:03 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\Viewpoint
2008-04-10 22:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-04-09 23:50 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\LimeWire
2008-04-09 23:24 --------- d-----w C:\Program Files\Trend Micro
2008-04-07 22:20 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-07 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-05 05:53 106,496 ----a-w C:\WINDOWS\DUMP89a8.tmp
2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Taylor\Application Data\OpenOffice.org2
2008-04-04 20:22 106,496 ----a-w C:\WINDOWS\DUMP826c.tmp
2008-03-17 03:05 --------- d-----w C:\Program Files\Incomplete
2008-03-17 02:42 --------- d-----w C:\Program Files\LimeWire
2008-03-09 17:24 --------- d-----w C:\Program Files\AIM6
2008-03-09 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-03-09 17:11 --------- d-----w C:\Program Files\Java
2008-03-08 16:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-08 15:58 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-08 15:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-03-03 00:59 --------- d-----w C:\Program Files\Diablo II
2008-03-01 22:58 --------- d-----w C:\Program Files\Cheat Engine
2008-03-01 21:03 101 ----a-w C:\Program Files\rs.abc
2008-02-19 03:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-11 00:32 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-02-07 23:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-07 23:01 249,856 ------w C:\WINDOWS\Setup1.exe
2007-06-12 22:23 372 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb6334.dat
2007-06-12 20:48 194 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb8467.dat
2007-06-12 20:48 18,432 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb41.dat
2007-06-10 15:44 372 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb6334.dat
2007-06-10 15:44 194 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb8467.dat
2007-06-10 15:44 18,432 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb41.dat
2006-04-04 00:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2001-05-15 17:51 249,059,328 ----a-r C:\Program Files\D2EXP.MPQ
2001-05-02 12:57 14,956,544 ----a-r C:\Program Files\D2COM_01.EXE
2000-04-06 12:00 263,168 ----a-r C:\Program Files\BINKW32.DLL

((((((((((((((((((((((((((((( snapshot_2008-04-10_18.24.40.80 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-11 22:36:06 5,582,848 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-11 22:36:06 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-11 22:35:55 5,582,848 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-11 22:35:55 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{151C4BDC-A76A-D89A-1A1B-898DB95285ED}]
2007-06-20 10:49 60928 --a------ C:\WINDOWS\system32\zfwq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

C:\Documents and Settings\Alex\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dylan.VAUGHN-MSX9IRO5^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\cpmrotate.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BB2ctc]
C:\WINDOWS\kffcawh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-09-04 20:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1133220432\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hxsugm]
--a------ 2005-12-09 01:34 37512 C:\Program Files\Ggrx\Wcvhot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
C:\WINDOWS\hmixcsft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
C:\Program Files\SurfAccuracy\SAcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-19 20:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.0.275.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\kffcawh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\kffcawh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6481979-7d24-11dc-9a30-00e04c931fe9}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 16:05:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 16:51:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-04-12 16:56:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 20:56:48
ComboFix2.txt 2008-04-11 22:23:32
ComboFix3.txt 2008-04-10 22:25:12
ComboFix4.txt 2007-10-02 22:38:32
Pre-Run: 15,229,288,448 bytes free
Post-Run: 15,253,241,856 bytes free
.
2008-04-10 02:16:03 --- E O F ---
.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.



        [*]NOTE:
        If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
=========================================================

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip

Run the program and click the Web button as shown here:




Use this URL to copy into the address bar of the Download script window:

http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.


If you have any questions about the use of BFU please read here:

http://metallica.geekstogo.com/BFUinstructions.html


========================================================

Open Notepad and copy and paste the text in the quote box below into it:



Folder::
C:\Program Files\MorpheusBar
C:\Program Files\Ggrx
C:\PROGRA~1\MYWEBS~1
C:\Program Files\outlook
C:\Program Files\SurfAccuracy
C:\Program Files\Zango
C:\Program Files\ISTsvc

File::
C:\WINDOWS\kffcawh.exe
C:\WINDOWS\hmixcsft.exe


Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top