|
| | | New Member
Group: Forum Members
Last Login: 8/5/2008 8:47 PM
Posts: 18, Visits: 31 |
| Here is my HJT LOG ...
any body help me please..i dont like those anoying adverstiments
thanks in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:06 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uinst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\TTOE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [StUnInst] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uinst.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL5.tmp
O4 - HKLM\..\Run: [{5D-D7-76-6F-DW}] C:\WINDOWS\system32\winz1\begmgr11.exe DWram
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [Winsock2 driver] TTOE.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [_3DWonder] \_3DWonder.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_SE4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Winsock2 driver] TTOE.EXE
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ctfmon.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\winz1\begmgr11.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: ctfmon.exe (User 'Default user')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\winz1\begmgr11.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ctfmon.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\winz1\begmgr11.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1D3EE2-13D7-4DC1-AB46-31FA389108AF}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D33CD-B9CF-490F-B1D4-295FAD4CC4D0}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C69BEBA3-6593-4570-8991-78E35344E6B1}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
--
End of file - 11809 bytes
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,169, Visits: 54,734 |
| Welcome
Download Fixwareout from the link below:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it.
Click Next,then Install,make sure "Run fixit" is checked and click Finish.
The fix will begin,follow the prompts.
Your firewall may give an alert,(because this tool will download an additional file from the internet),please don't let your firewall block it,allow it instead.
Then you will be asked to reboot your computer,please do so.
Your system may take longer than usual to load,this is normal.
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.
Please Note:
Only do the following if you have connection problems after performing the above steps:
Go to Start>Control Panel,and choose 'Network Connections'.
Then right click on your default connection,usually 'Local Area Connection' or 'Dial-up Connection' if you are using Dial-up,then left click on 'Properties'.
Double-click on the 'Internet Protocol (TCP/IP)' item and select the radio button that says: 'Obtain DNS servers Automatically'.
Click OK twice,restart your computer.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
__________________________________________________
ASAP & UNITE member since 2006
 |
| |
| | | New Member
Group: Forum Members
Last Login: 8/5/2008 8:47 PM
Posts: 18, Visits: 31 |
| Thanks For helping me ...
Here is the Reports.\\
this is the first one from the first program:
Username "Compaq_Owner" - 04/04/2008 10:17:15 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.73 85.255.112.150"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3E1D3EE2-13D7-4DC1-AB46-31FA389108AF}
"nameserver"="85.255.116.73,85.255.112.150"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{933D33CD-B9CF-490F-B1D4-295FAD4CC4D0}
"nameserver"="85.255.116.73,85.255.112.150"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C69BEBA3-6593-4570-8991-78E35344E6B1}
"nameserver"="85.255.116.73,85.255.112.150"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4B7E0D0C-4F12-43E9-AD5F-13B2A68BDAFA}
"DhcpNameServer"="85.255.116.73,85.255.112.150"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C69BEBA3-6593-4570-8991-78E35344E6B1}
"DhcpNameServer"="85.255.116.73,85.255.112.150"
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdjus.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"VTTimer"="VTTimer.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Labtec\\WebCam10\\WebCam10.exe\" /hide"
"StUnInst"="C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\uinst.exe"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"AlcxMonitor"="ALCXMNTR.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"AutoInclude"="C:\\WINDOWS\\TEMP\\DIL5.tmp"
"{5D-D7-76-6F-DW}"="C:\\WINDOWS\\system32\\winz1\\begmgr11.exe DWram"
"PostSetupCheck"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\atgban.dll\" DllStart"
"Winsock2 driver"="TTOE.EXE"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"_3DWonder"="\\_3DWonder.exe"
"Orb"="\"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe\" /background"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"EPSON Stylus CX4400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAA.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SE4.tmp\" /EF \"HKCU\""
"MP4 Player"="\"C:\\Program Files\\MP4 Player\\mp4Player.exe\" hmw"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
---------------------------------------------------------------------------------------------------------------
Here is the Second one From
COMBO FIX LOG
ComboFix 08-04-03.5 - Compaq_Owner 2008-04-04 10:29:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\7.tmp
C:\A.tmp
C:\Autorun.inf
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\temp\tn3
C:\WINDOWS\hosts
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\system32\79F731E9B5.dll
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\isapnpp.sys
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
D:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISAPNPP
-------\Legacy_NNSERV
-------\Service_isapnpp
-------\Service_NNServ
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-04-04 10:14 . 2008-04-04 10:23d--------C:\fixwareout
2008-04-04 00:08 . 2008-04-04 00:08d--------C:\Program Files\Trend Micro
2008-04-03 14:22 . 2008-04-03 14:241,355--a------C:\WINDOWS\imsins.BAK
2008-04-03 13:20 . 2008-04-03 13:24d--------C:\NoLopBackups
2008-04-03 13:14 . 2008-04-03 13:14d--------C:\Program Files\Windows Defender
2008-04-03 12:51 . 2004-10-20 10:47d--------C:\Documents and Settings\Administrator\WINDOWS
2008-04-03 12:51 . 2004-10-21 06:13d--------C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-03 12:51 . 2004-10-21 02:40d--------C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-03 12:51 . 2004-10-21 02:40d--------C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-03 12:51 . 2004-10-20 10:31d--------C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-04-03 12:51 . 2004-10-20 10:47d--------C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-03 12:17 . 2008-04-03 12:17d--------C:\Program Files\Microsoft Silverlight
2008-04-02 23:15 . 2008-04-02 23:15d--------C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-01 07:33 . 2008-04-02 09:26d--------C:\WINDOWS\system32\xTmp
2008-04-01 07:33 . 2008-04-01 07:33d--------C:\WINDOWS\system32\winz1
2008-04-01 07:33 . 2008-04-01 07:33d--------C:\WINDOWS\system32\IDME
2008-04-01 07:33 . 2008-04-01 07:33d--------C:\WINDOWS\system32\bz3
2008-04-01 07:33 . 2008-04-01 07:33d--------C:\WINDOWS\system32\aqVreo04
2008-04-01 07:33 . 2008-04-01 07:33d--hs----C:\WINDOWS\RnJhbmtsaW4gU29yaWE
2008-04-01 07:33 . 2008-04-01 07:3339,883--a------C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-28 12:44 . 2008-03-28 12:44d--------C:\Documents and Settings\Compaq_Owner\Application Data\Talkback
2008-03-20 15:57 . 2008-03-20 16:03d--------C:\Program Files\Opera
2008-03-15 08:45 . 2008-03-15 08:4545,056--a------C:\WINDOWS\system32\aqVreo04\aqVreo041066.exe
2008-03-14 14:19 . 2008-03-14 14:20d--------C:\Program Files\MP4 Player
2008-03-14 14:19 . 2008-03-14 14:1936---h-----C:\WINDOWS\system32\swk.ini
2008-03-08 02:01 . 2008-03-08 02:01d--------C:\Program Files\Windows Media Connect 2
2008-03-08 01:58 . 2008-03-08 01:59d--------C:\WINDOWS\system32\drivers\UMDF
2008-03-04 01:04 . 2008-03-04 01:04d--------C:\Program Files\Outsim
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 18:17---------d--h--wC:\Program Files\InstallShield Installation Information
2008-04-03 17:35---------d-----wC:\Program Files\VstPlugins
2008-04-03 16:06---------d-----wC:\Program Files\Free Offers from Freeze.com
2008-04-03 15:58---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 15:37---------d-----wC:\Program Files\CopyPod
2008-04-03 15:35---------d-----wC:\Program Files\SUPERAntiSpyware
2008-04-03 04:51---------d-----wC:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
2008-03-04 05:05---------d-----wC:\Program Files\Image-Line
2008-02-19 05:42---------d-----wC:\Documents and Settings\Compaq_Owner\Application Data\DivX
2008-02-19 04:45---------d-----wC:\Program Files\DivX
2008-02-19 04:41---------d-----wC:\Documents and Settings\All Users\Application Data\Protexis
2008-02-16 21:30---------d-----wC:\Program Files\WinZix
2008-02-10 05:39---------d-----wC:\Program Files\VirtualDJ
2007-10-30 18:0944,050-c--a-wC:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-09-26 14:1524,192-c--a-wC:\Documents and Settings\Compaq_Owner\usbsermptxp.sys
2007-09-26 14:1522,768-c--a-wC:\Documents and Settings\Compaq_Owner\usbsermpt.sys
2006-09-23 01:18602,112-c--a-wC:\Documents and Settings\Compaq_Owner\chatlnk.exe
2006-06-07 22:30774,144-c--a-wC:\Program Files\RngInterstitial.dll
2005-11-25 13:08836-c--a-wC:\Documents and Settings\Compaq_Owner\Application Data\ViewerApp.dat
2005-11-15 02:0866-c--a-wC:\Documents and Settings\Compaq_Owner\Application Data\SQSDRVRM.SYS
2004-07-22 14:513,432,656-c--a-wC:\Program Files\ManagedDX.CAB
2004-07-20 02:581,156,363-c--a-wC:\Program Files\BDANT.cab
2004-07-20 02:53976,020-c--a-wC:\Program Files\BDAXP.cab
2004-07-09 18:1713,265,040-c--a-wC:\Program Files\dxnt.cab
2004-07-09 13:13703,080-c--a-wC:\Program Files\BDA.cab
2004-07-09 13:1315,493,481-c--a-wC:\Program Files\DirectX.cab
2004-07-09 08:08483,840-c--a-wC:\Program Files\dxsetup.exe
2004-07-09 08:082,242,560-c--a-wC:\Program Files\dsetup32.dll
2002-12-11 14:5860,416-c--a-wC:\Program Files\Dsetup.dll
2005-06-21 09:4590,112-csha-rC:\WINDOWS\system\admdll.dll
2005-06-21 09:4529,408-csha-rC:\WINDOWS\system\raddrv.dll
2007-08-24 16:3156--sh--rC:\WINDOWS\system32\516F697679.sys
2007-08-24 16:311,682--sha-wC:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2007-06-13 06:23 1044480 82baa457874d552421e10409a7d06885C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1076224 7cc1014bd4fddee3a281bbd1d74f7045C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2004-08-04 08:00 1364480 5de8ffe4acd3c0a3c0166a6129a12241C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 26624]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1396736]
"_3DWonder"="\_3DWonder.exe" [ ]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2007-06-08 21:28 388344]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"EPSON Stylus CX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.exe" [2007-01-25 07:00 190464]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 09:00 654336]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 driver"="TTOE.EXE" [2007-06-08 12:57 140800 C:\WINDOWS\system32\ttoe.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 96768]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 73728]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 11:01 188416]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 278528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 01:55 495616]
"VTTimer"="VTTimer.exe" []
"SiSPower"="SiSPower.dll" [2004-09-24 12:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 23:13 110592]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 00:54 266240]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 22:41 241664]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 16:07 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 69632 C:\WINDOWS\ALCXMNTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1638400 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 364544]
"{5D-D7-76-6F-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-04-04 10:41 94218]
"Winsock2 driver"="TTOE.EXE" [2007-06-08 12:57 140800 C:\WINDOWS\system32\ttoe.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AutoInclude"="C:\WINDOWS\TEMP\DIL5.tmp" [2008-04-04 10:40 8192]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-04-04 10:40 37376]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\pcntnkdn.exe" [2008-04-04 10:41 196678]
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-27 11:48:29 124928]
ctfmon.exe [2006-06-27 15:23:42 65536]
Deewoo.lnk - C:\WINDOWS\system32\pcntnkdn.exe [2008-04-04 10:41:25 196678]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-04-04 10:41:13 94218]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"c:\\6.tmp"=
"c:\\9.tmp"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgrre.exe"=
"C:\\WINDOWS\\system32\\ttoe.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"F:\\Ares\\Ares.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3333:TCP"= 3333:TCP:svchost
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys [2007-12-29 02:32]
R3 RDID1009;EDIROL UM-1;C:\WINDOWS\system32\Drivers\rdwm1009.sys [2005-06-03 14:36]
S2 r_server;Service Host Controller;"C:\WINDOWS\system\svchost.exe" /service []
S3 maxidemo;Maxi_Vista_Demo_Driver;C:\WINDOWS\system32\DRIVERS\maxidemo.sys []
S3 msvad_multi;Samson Audio (WDM);C:\WINDOWS\system32\drivers\SWAudWDM.sys [2006-12-12 16:34]
S3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-01-12 15:04]
S3 SamsonLLDriver;Samson LL Driver;C:\WINDOWS\system32\Drivers\SamsonLLDriver.sys [2006-12-12 16:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - F:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{199ca86e-b0e5-11dc-accc-0011d81dc8ed}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 13:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 14:42:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-04 00:34:00 C:\WINDOWS\Tasks\WebReg 20050701203408.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe_/TaskName 20050701203408 /N
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 10:39:56
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Winsock2 driver = TTOE.EXE?makakoz?#matrixxxx?matrix1234??????Winsock2 driver?????Admin?Raudo2????????????mIRC v6.03 Khaled Mardam-Bey??????A???A
scanning hidden files ...
C:\WINDOWS\system32\msnav32.ax 128 bytes
C:\WINDOWS\system32\rwwnw64d.exe 94218 bytes executable
C:\WINDOWS\system32\winpfz33.sys 937 bytes
C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes
scan completed successfully
hidden files: 4
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\pcntnkdn.exe DWram"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\DIL4.tmp
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-04 10:59:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 14:59:16
Pre-Run: 3,066,654,720 bytes free
Post-Run: 2,990,313,472 bytes free
.
2007-12-13 15:06:36--- E O F ---
Thanks you very very much for helping me. HOpe to hear from you soon
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,169, Visits: 54,734 |
| Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy ALL the text inside the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\WINDOWS\system32\xTmp
C:\WINDOWS\system32\winz1
C:\WINDOWS\system32\bz3
C:\WINDOWS\system32\aqVreo04
C:\WINDOWS\RnJhbmtsaW4gU29yaWE
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\aqVreo04\aqVreo041066.exe
C:\WINDOWS\system32\swk.ini
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\WinZix
C:\WINDOWS\system32\unpr.sys
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\DW_Start.lnk
Return to OTMoveIt, right click on the "Paste List of Files/Folders to Move" window under the "yellow" bar,and choose Paste,see image below:
Click the red text Moveit! button 
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.
Copy and paste ALL the following text in the code box below into Notepad.
Click on Start/All Programs/Accessories/Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge the information into the registry,then restart your pc.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{5D-D7-76-6F-DW}"=-
"Winsock2 driver"=-
"AutoInclude"=-
"runner1"=-
"g]eeV\mWhjlnspB"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\6.tmp"=-
"c:\\9.tmp"=-
Also post a new Hijackthis log please.
__________________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 8/5/2008 8:47 PM
Posts: 18, Visits: 31 |
| OK here is what i got
C:\WINDOWS\RnJhbmtsaW4gU29yaWE moved successfully.
C:\WINDOWS\system32\targetedbanner-uninst.exe moved successfully.
File/Folder C:\WINDOWS\system32\aqVreo04\aqVreo041066.exe not found.
C:\WINDOWS\system32\swk.ini moved successfully.
C:\Program Files\Free Offers from Freeze.com moved successfully.
C:\Program Files\WinZix moved successfully.
C:\WINDOWS\system32\unpr.sys moved successfully.
C:\WINDOWS\system32\msnav32.ax moved successfully.
C:\WINDOWS\system32\rwwnw64d.exe moved successfully.
C:\WINDOWS\s |
| |
|
