1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strange pop-ups & security overides help plz

Discussion in 'Virus & Other Malware Removal' started by Grimly, Apr 9, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    Well my problem consist of strange pop ups, strange warnings popping up in my task bar, and icons showing up on my desktop. HELP:confused::confused::confused:
    This is my HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:25:12 PM, on 4/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} -

    C:\WINDOWS\system32\zfwq.dll
    O2 - BHO: GNX Rolex - {2A76890C-7934-4BC0-B4B9-BC88FBA03A42} -

    C:\WINDOWS\drnpfdxsnt.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} -

    C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

    Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

    CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164

    \swg.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program

    Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL (file missing)
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} -

    C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} -

    C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: etlrlws - {59A31135-1D61-47BE-88C0-E5ED82BBD53F} -

    C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

    \NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US

    ee://aol/imApp
    O8 - Extra context menu item: &Search -

    http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7

    -f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -

    http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) -

    http://cdn1.acclaimdownloads.com/solidstateion.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84

    85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84

    85.255.112.191
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: altvxvm - {4663160C-1A13-44E3-A53E-567284199DE1} -

    C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {59FD8704-1606-4E7C-8D6E-AF3A8ECCE09D} -

    C:\WINDOWS\bokpkov.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group

    - C:\Program Files\Ares\chatServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google

    Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

    Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5052 bytes:confused::confused:
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome!
    The Hijack This log is hard to read.
    Please rescan with Hijack This.
    When the log opens in Notepad, go to Format and select Wordwrap.
    Then copy and paste the log here.
     
  3. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    Ok ive got the new one right here


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:06:38 PM, on 4/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
    O2 - BHO: GNX Rolex - {2A76890C-7934-4BC0-B4B9-BC88FBA03A42} - C:\WINDOWS\drnpfdxsnt.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL (file missing)
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: etlrlws - {59A31135-1D61-47BE-88C0-E5ED82BBD53F} - C:\WINDOWS\etlrlws.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O21 - SSODL: altvxvm - {4663160C-1A13-44E3-A53E-567284199DE1} - C:\WINDOWS\altvxvm.dll
    O21 - SSODL: bokpkov - {59FD8704-1606-4E7C-8D6E-AF3A8ECCE09D} - C:\WINDOWS\bokpkov.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5052 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Thanks, that is easier

    Run Hijack This and click Open the Misc Tools section.
    Click Open Uninstall Manager > Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of this log.
     
  5. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    Hey thanks for the help heres the log like you asked:


    7-Zip 4.42
    Ad-Aware SE Personal
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8
    Adobe Shockwave Player
    AIM 6
    Alibre Design
    AOL Uninstaller (Choose which Products to Remove)
    Apple Mobile Device Support
    Apple Software Update
    Ares 2.0.9
    AviSynth 2.5
    Belarc Advisor 7.1
    CDCheck
    Cheat Engine 5.4
    C-Media WDM Audio Driver
    Diablo II
    DivX Content Uploader
    DivX Web Player
    Evrsoft First Page 2006
    Google Desktop
    Guild Wars
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    iPod for Windows 2005-09-23
    iPod for Windows 2006-03-23
    iPod for Windows 2006-06-28
    iTunes
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    LimeWire PRO 4.14.8
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Morpheus Toolbar
    Mozilla Firefox (2.0.0.13)
    MSN Gaming Zone
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML4 Parser
    Norton™ Security Scan
    NVIDIA Drivers
    Nvu 1.0
    OpenOffice.org 2.3
    QuickTime
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946026)
    Serif PhotoPlus 6.0
    SoftV92 Data Fax Modem
    Solid State ION Internet Explorer Plugin
    Spybot - Search & Destroy 1.4
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    URGE
    VeohTV BETA
    VIA Audio Driver Setup Program
    Videora iPod Converter 0.91
    Viewpoint Media Player
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WordPerfect Office 11
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Uninstall the following from Add or Remove Programs:

    Morpheus Toolbar
    Viewpoint Media Player


    Then:

    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • ...
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  7. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    Hey this is the ComboFix log

    ComboFix 08-04-10.4 - Dylan 2008-04-10 18:10:05.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT -4:00]
    Running from: C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Error Cleaner.url
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Privacy Protector.url
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Error Cleaner.url
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Privacy Protector.url
    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\FunWebProducts
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Error Cleaner.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Privacy Protector.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Error Cleaner.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Privacy Protector.url
    C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Dxc.log
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Taylor\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Documents and Settings\Taylor\Application Data\WeatherDPA
    C:\Documents and Settings\Taylor\Application Data\WeatherDPA\Weather\WeatherStartup.xml
    C:\Documents and Settings\Taylor\Desktop\Error Cleaner.url
    C:\Documents and Settings\Taylor\Desktop\Privacy Protector.url
    C:\Documents and Settings\Taylor\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\Taylor\Favorites\Error Cleaner.url
    C:\Documents and Settings\Taylor\Favorites\Privacy Protector.url
    C:\Documents and Settings\Taylor\Favorites\Spyware&Malware Protection.url
    C:\Program Files\autorun.inf
    C:\Program Files\internet explorer\msimg32.dll
    C:\WINDOWS\dat.txt
    C:\WINDOWS\default.htm
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\rs.txt
    C:\WINDOWS\system32\mcrh.tmp
    ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
    .

    2008-04-05 20:19 . 2008-04-07 20:13 106,496 --a------ C:\WINDOWS\DUMP8908.tmp
    2008-04-05 20:19 . 2008-04-07 19:52 106,496 --a------ C:\WINDOWS\DUMP8709.tmp
    2008-04-05 20:19 . 2008-04-07 19:24 106,496 --a------ C:\WINDOWS\DUMP860f.tmp
    2008-04-05 20:19 . 2008-04-07 19:21 106,496 --a------ C:\WINDOWS\DUMP85d3.tmp
    2008-04-05 17:53 . 2008-04-05 17:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-03-18 01:28 . 2008-03-17 20:22 245,760 --a------ C:\WINDOWS\drnpfdxsnt.dll
    2008-03-18 01:28 . 2008-03-17 20:22 229,376 --a------ C:\WINDOWS\altvxvm.dll
    2008-03-18 01:28 . 2008-03-17 20:22 221,184 --a------ C:\WINDOWS\bokpkov.dll
    2008-03-18 01:28 . 2008-03-17 20:22 172,032 --a------ C:\WINDOWS\etlrlws.dll
    2008-03-18 01:28 . 2008-03-17 20:22 94,208 --a------ C:\WINDOWS\fmsxwqs.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 22:03 --------- d-----w C:\Program Files\Viewpoint
    2008-04-10 22:03 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\Viewpoint
    2008-04-10 22:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
    2008-04-10 21:59 --------- d-----w C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\OpenOffice.org2
    2008-04-09 23:50 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\LimeWire
    2008-04-09 23:24 --------- d-----w C:\Program Files\Trend Micro
    2008-04-08 00:49 --------- d-----w C:\Program Files\Warcraft III
    2008-04-07 22:20 --------- d-----w C:\Program Files\Norton Security Scan
    2008-04-07 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-05 22:24 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\OpenOffice.org2
    2008-04-05 05:53 106,496 ----a-w C:\WINDOWS\DUMP89a8.tmp
    2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Taylor\Application Data\OpenOffice.org2
    2008-04-04 20:22 106,496 ----a-w C:\WINDOWS\DUMP826c.tmp
    2008-03-17 03:05 --------- d-----w C:\Program Files\Incomplete
    2008-03-17 02:42 --------- d-----w C:\Program Files\LimeWire
    2008-03-09 17:24 --------- d-----w C:\Program Files\AIM6
    2008-03-09 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
    2008-03-09 17:11 --------- d-----w C:\Program Files\Java
    2008-03-08 16:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-03-08 15:58 --------- d-----w C:\Program Files\Common Files\AOL
    2008-03-08 15:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
    2008-03-03 00:59 --------- d-----w C:\Program Files\Diablo II
    2008-03-01 22:58 --------- d-----w C:\Program Files\Cheat Engine
    2008-03-01 21:03 101 ----a-w C:\Program Files\rs.abc
    2008-02-19 03:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-02-11 00:32 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
    2008-02-07 23:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-02-07 23:01 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-06-12 22:23 372 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb6334.dat
    2007-06-12 20:48 194 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb8467.dat
    2007-06-12 20:48 18,432 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb41.dat
    2007-06-10 15:44 372 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb6334.dat
    2007-06-10 15:44 194 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb8467.dat
    2007-06-10 15:44 18,432 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb41.dat
    2006-04-04 00:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2001-05-15 17:51 249,059,328 ----a-r C:\Program Files\D2EXP.MPQ
    2001-05-02 12:57 14,956,544 ----a-r C:\Program Files\D2COM_01.EXE
    2000-04-06 12:00 263,168 ----a-r C:\Program Files\BINKW32.DLL
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new Hijack This log
     
  9. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    This is the SDFix report


    SDFix: Version 1.169
    Run by Dylan on Fri 04/11/2008 at 06:38 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\-18669~1 - Deleted
    C:\WINDOWS\drnpfdxsnt.dll - Deleted
    C:\WINDOWS\altvxvm.dll - Deleted
    C:\WINDOWS\bokpkov.dll - Deleted
    C:\WINDOWS\etlrlws.dll - Deleted
    C:\WINDOWS\fmsxwqs.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 18:52:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:bf,63,e6,fa,46,ab,9e,1d,75,a6,ad,4a,58,bd,ea,9d,25,3b,69,aa,ea,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,14,98,97,49,d5,ea,9b,4b,74,33,70,ab,e8,b5,04,f2,fa,..
    "khjeh"=hex:2b,38,36,ee,91,49,20,16,2b,ae,f8,b3,2c,75,8d,70,df,e8,e7,9f,56,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:20,6c,35,a1,8e,6f,bd,0a,33,ba,ce,04,7a,b2,4b,e4,50,66,96,f7,ee,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:bf,63,e6,fa,46,ab,9e,1d,75,a6,ad,4a,58,bd,ea,9d,25,3b,69,aa,ea,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,14,98,97,49,d5,ea,9b,4b,74,33,70,ab,e8,b5,04,f2,fa,..
    "khjeh"=hex:2b,38,36,ee,91,49,20,16,2b,ae,f8,b3,2c,75,8d,70,df,e8,e7,9f,56,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:20,6c,35,a1,8e,6f,bd,0a,33,ba,ce,04,7a,b2,4b,e4,50,66,96,f7,ee,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sat 26 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
    Mon 7 Nov 2005 400 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v2ks.bla.bak"
    Mon 7 Nov 2005 48 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v2ks.sec.bak"
    Mon 7 Nov 2005 400 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\v3ks.bla.bak"
    Sat 28 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
    Sun 25 Dec 2005 147,097 ..SHR --- "C:\Documents and Settings\Megan.VAUGHN-MSX9IRO5\Local Settings\Temp\gwx464.sys"
    Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
    Mon 4 Feb 2008 32,776 A..H. --- "C:\Documents and Settings\Alex\My Documents\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP0.TMP"
    Mon 4 Feb 2008 598 A..H. --- "C:\Documents and Settings\Alex\My Documents\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP1.TMP"
    Sat 26 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv1key.bak"
    Fri 20 Oct 2006 20 A..H. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv1lic.bak"
    Sun 4 Dec 2005 488 A.SH. --- "C:\Documents and Settings\Alex\My Documents\My Music\License Backup\drmv2key.bak"
    Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\U3\temp\Launchpad Removal.exe"
    Sat 26 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv1key.bak"
    Tue 9 Jan 2007 20 A..H. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv1lic.bak"
    Sun 4 Dec 2005 488 A.SH. --- "C:\Documents and Settings\Taylor\My Documents\My Music\License Backup\drmv2key.bak"
    Sun 2 Mar 2008 194,048 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Stuff that needs to be here\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP0.TMP"
    Sun 2 Mar 2008 1,016 A..H. --- "C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\Stuff that needs to be here\hacks-maphack-cracked_d2maphack_v7.2\cracked_d2maphack_v7.2\AUTOMAP1.TMP"

    Finished!
     
  10. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    This is the new HJT log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:06:20 PM, on 4/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4341 bytes
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please print these instructions for reference, as you will have to restart your computer during the fix.

    Please download FixWareout from Here or Here.

    Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
    1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    2. The fix will begin; follow the prompts.
    3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
    4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    5. Once the desktop loads a text file will open (report.txt).
      Please post the C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

    Then rerun ComboFix and post the results please.
     
  12. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    ok here is the Fixwareout report

    Username "Dylan" - 04/11/2008 22:52:26 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.116.84 85.255.112.191" <Value cleared.

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    Here is the new HJT report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:26 PM, on 4/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {151C4BDC-A76A-D89A-1A1B-898DB95285ED} - C:\WINDOWS\system32\zfwq.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4158 bytes
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Was Combo rerun too?
     
  14. Grimly

    Grimly Thread Starter

    Joined:
    Sep 30, 2007
    Messages:
    16
    This is the combo fix report

    ComboFix 08-04-10.4 - Dylan 2008-04-12 16:44:15.4 - NTFSx86
    Running from: C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
    .

    2008-04-11 22:51 . 2008-04-11 22:55 <DIR> d-------- C:\fixwareout
    2008-04-11 18:35 . 2008-04-11 18:35 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-11 18:31 . 2008-04-11 18:59 <DIR> d-------- C:\SDFix
    2008-04-05 20:19 . 2008-04-07 20:13 106,496 --a------ C:\WINDOWS\DUMP8908.tmp
    2008-04-05 20:19 . 2008-04-07 19:52 106,496 --a------ C:\WINDOWS\DUMP8709.tmp
    2008-04-05 20:19 . 2008-04-07 19:24 106,496 --a------ C:\WINDOWS\DUMP860f.tmp
    2008-04-05 20:19 . 2008-04-07 19:21 106,496 --a------ C:\WINDOWS\DUMP85d3.tmp
    2008-04-05 17:53 . 2008-04-05 17:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-12 13:57 --------- d-----w C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Application Data\OpenOffice.org2
    2008-04-12 02:44 --------- d-----w C:\Program Files\Warcraft III
    2008-04-12 01:56 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\OpenOffice.org2
    2008-04-10 22:18 --------- d-----w C:\Program Files\MorpheusBar
    2008-04-10 22:03 --------- d-----w C:\Program Files\Viewpoint
    2008-04-10 22:03 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\Viewpoint
    2008-04-10 22:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
    2008-04-09 23:50 --------- d-----w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\LimeWire
    2008-04-09 23:24 --------- d-----w C:\Program Files\Trend Micro
    2008-04-07 22:20 --------- d-----w C:\Program Files\Norton Security Scan
    2008-04-07 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-05 05:53 106,496 ----a-w C:\WINDOWS\DUMP89a8.tmp
    2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Taylor\Application Data\OpenOffice.org2
    2008-04-04 20:22 106,496 ----a-w C:\WINDOWS\DUMP826c.tmp
    2008-03-17 03:05 --------- d-----w C:\Program Files\Incomplete
    2008-03-17 02:42 --------- d-----w C:\Program Files\LimeWire
    2008-03-09 17:24 --------- d-----w C:\Program Files\AIM6
    2008-03-09 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
    2008-03-09 17:11 --------- d-----w C:\Program Files\Java
    2008-03-08 16:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-03-08 15:58 --------- d-----w C:\Program Files\Common Files\AOL
    2008-03-08 15:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
    2008-03-03 00:59 --------- d-----w C:\Program Files\Diablo II
    2008-03-01 22:58 --------- d-----w C:\Program Files\Cheat Engine
    2008-03-01 21:03 101 ----a-w C:\Program Files\rs.abc
    2008-02-19 03:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-02-11 00:32 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
    2008-02-07 23:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-02-07 23:01 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-06-12 22:23 372 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb6334.dat
    2007-06-12 20:48 194 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb8467.dat
    2007-06-12 20:48 18,432 ----a-w C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Application Data\internaldb41.dat
    2007-06-10 15:44 372 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb6334.dat
    2007-06-10 15:44 194 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb8467.dat
    2007-06-10 15:44 18,432 ----a-w C:\Documents and Settings\Taylor\Application Data\internaldb41.dat
    2006-04-04 00:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2001-05-15 17:51 249,059,328 ----a-r C:\Program Files\D2EXP.MPQ
    2001-05-02 12:57 14,956,544 ----a-r C:\Program Files\D2COM_01.EXE
    2000-04-06 12:00 263,168 ----a-r C:\Program Files\BINKW32.DLL

    ((((((((((((((((((((((((((((( snapshot_2008-04-10_18.24.40.80 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-04-11 22:36:06 5,582,848 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-04-11 22:36:06 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-04-11 22:35:55 5,582,848 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2008-04-11 22:35:55 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{151C4BDC-A76A-D89A-1A1B-898DB95285ED}]
    2007-06-20 10:49 60928 --a------ C:\WINDOWS\system32\zfwq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

    C:\Documents and Settings\Alex\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

    C:\Documents and Settings\Dad.VAUGHN-MSX9IRO5.000\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dylan.VAUGHN-MSX9IRO5^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Dylan.VAUGHN-MSX9IRO5\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
    C:\WINDOWS\system32\cpmrotate.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BB2ctc]
    C:\WINDOWS\kffcawh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-09-04 20:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1133220432\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hxsugm]
    --a------ 2005-12-09 01:34 37512 C:\Program Files\Ggrx\Wcvhot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-08-11 21:43 7630848 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-08-11 21:43 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
    C:\Program Files\outlook\outlook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
    C:\WINDOWS\hmixcsft.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
    C:\Program Files\SurfAccuracy\SAcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-04-19 20:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
    C:\Program Files\Zango\bin\10.0.275.0\OEAddOn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
    C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\kffcawh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Ӝ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\kffcawh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Ares\\Ares.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\AIM6\\aim6.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
    "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6481979-7d24-11dc-9a30-00e04c931fe9}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-22 16:05:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 16:51:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-12 16:56:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-12 20:56:48
    ComboFix2.txt 2008-04-11 22:23:32
    ComboFix3.txt 2008-04-10 22:25:12
    ComboFix4.txt 2007-10-02 22:38:32
    Pre-Run: 15,229,288,448 bytes free
    Post-Run: 15,253,241,856 bytes free
    .
    2008-04-10 02:16:03 --- E O F ---
    .
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.



          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    =========================================================

    Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip

    Run the program and click the Web button as shown here:

    [​IMG]


    Use this URL to copy into the address bar of the Download script window:

    http://metallica.geekstogo.com/alcanshorty.bfu

    Execute the script by clicking the Execute button.


    If you have any questions about the use of BFU please read here:

    http://metallica.geekstogo.com/BFUinstructions.html


    ========================================================

    Open Notepad and copy and paste the text in the quote box below into it:





    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702156

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice