| Bill10 |
| (new user) |
| Sat Feb 09 2008 07:24 PM |
Can't see desktop icons and it keeps refreshing
|
Hi - after i rebooted my computer (because the desktop went blank) on rebooting and loading the desktop only showed the background and nothing else - then the icons appear but then after about 8 or so seconds it seems to refresh and they disappear again it keeps doing it
- i did read a thread with similar problem so i thought i would send my log.
i also through task manager can run explorer.exe and it starts the process again but the icons still wont stay - can you help please?
=======================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:00, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PCI GW-US54GD Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.filefarmer.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121516275756
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200149955209
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} (ClientControl Class) - http://192.168.1.66/plugin/client.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.1.101/plugin/h263ctrl.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 11544 bytes
| bricat |
| (HijackThis Helper) |
| Sat Feb 09 2008 11:11 PM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Welcome to the Webuser forum.
I don't see any malware in your log, it could be system files missing/corrupted.
try running sfc \scannow
to see if any system files are missing.
put your XP disc in the drive.
click on START\RUN and type CMD into the address bar and click OK.
At the DOS PROMPT type SFC /SCANNOW. note the space between SFC and /SCANNOW. hit enter.
let us know how you get on.
| Bill10 |
| (new user) |
| Sun Feb 10 2008 12:07 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Hi there,
Im also now getting lots of avast warnings.. one of the hundreds that i have had popping up over the last 2 hours or so while i try to sort this out
Avast! Virus warning
Suspicious Message!
There are too many identical e-mails in appointed time
Sender: "Mukesh lorusso" <Mukesh-ketoa@SattlerMachine.com>
Recipient: hellsband@gmail.com
Subject: Leave her speechless with your new legenda
-----------
lots like that from and to unknown people - i also ran one of my 3 spyware programs and it found a trojan?! and a keylogger.. and to top that i cant restart my firewall
windows cant locate it :\
i cant get into safe mode to run SDFix from command prompt as it hangs on loading/starting the prompt urgh what a mess do you have any ideas? pls!
| Bill10 |
| (new user) |
| Sun Feb 10 2008 12:13 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>sfc \scannow
Microsoft(R) Windows XP Windows File Checker Version 5.1
(C) 1999-2000 Microsoft Corp. All rights reserved
Scans all protected system files and replaces incorrect versions with correct Mi
crosoft versions.
SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/REVERT] [/PURGECACHE] [/CACHESIZE=x]
/SCANNOW Scans all protected system files immediately.
/SCANONCE Scans all protected system files once at the next boot.
/SCANBOOT Scans all protected system files at every boot.
/REVERT Return scan to default setting.
/PURGECACHE Purges the file cache.
/CACHESIZE=x Sets the file cache size.
| bricat |
| (HijackThis Helper) |
| Sun Feb 10 2008 01:30 AM |
|
|
|
Re: Can't see desktop icons and it keeps refreshing
|
* Please visit this webpage for instructions for downloading and running ComboFix:
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
| Bill10 |
| (new user) |
| Sun Feb 10 2008 02:14 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Combo Fix Log:
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
==================================
HiJackThis Log
==================================
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
---
ps. i did also ran a trojan remover and that found a trojan v something or other and a .dll something like iiii(more letters).dll
| Bill10 |
| (new user) |
| Sun Feb 10 2008 02:19 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
i think someone on another thread has the same.. as Trojan vundo rings a bell when i was just reading the other persons thread too. - hope this information helps
| bricat |
| (HijackThis Helper) |
| Sun Feb 10 2008 09:07 AM |
|
|
|
Re: Can't see desktop icons and it keeps refreshing
|
i've only fixed thousands of vundo infections .
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
| Bill10 |
| (new user) |
| Sun Feb 10 2008 09:20 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Hi,
I have posted the log in my previous post
Cheers
| Bill10 |
| (new user) |
| Sun Feb 10 2008 10:03 AM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Hello again,
I have redone combofix my new log is below:) (im also still getting loads of avast warnings about emails trying to send, its very hard even writing because so many boxes/warnings are coming up.
There are too many identical e-mails in appointed time
similar to this:
Sender: "Fabiola Moberly" <_kcojnioc@Burnells.com>
Recipient: armelle.forestier@sauzon.com
Subject: Don't let your life pass you by, click here
----------------------------------------------
ComboFix 08-02.05.3 - Ben 2008-02-10 9:40:20.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1438 [GMT 0:00]
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\Ben\Application Data\inst.exe
C:\Program Files\Helper
C:\Program Files\Helper\1202577003.dll
C:\Program Files\Helper\1202577005.dll
C:\Program Files\Helper\1202577059.dll.vir
C:\WINDOWS\start.exe
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 09:17 . 2008-02-10 09:17 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-02-10 02:40 . 2008-02-10 02:40 <DIR> d-------- C:\VundoFix Backups
2008-02-10 02:24 . 2008-02-10 02:24 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\AdwareAlert
2008-02-10 02:12 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-10 01:17 . 2008-02-10 01:17 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-10 01:17 . 2008-02-10 01:17 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Simply Super Software
2008-02-10 01:17 . 2008-02-10 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-10 01:17 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2008-02-10 01:17 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2008-02-10 01:17 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2008-02-10 01:17 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2008-02-10 01:17 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2008-02-10 00:37 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\dllcache\usr1801.sys
2008-02-10 00:36 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\dllcache\tridxp.dll
2008-02-10 00:35 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\dllcache\stlnata.sys
2008-02-10 00:34 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\sgiul50.dll
2008-02-10 00:33 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\dllcache\r2mdkxga.sys
2008-02-10 00:32 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\ovcodek2.sys
2008-02-10 00:31 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\nv3.sys
2008-02-10 00:30 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\SYSTEM32\dllcache\mgaum.sys
2008-02-10 00:29 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\dllcache\ltsm.sys
2008-02-10 00:28 . 2004-08-04 08:56 152,576 --a------ C:\WINDOWS\SYSTEM32\dllcache\irftp.exe
2008-02-10 00:27 . 2004-08-04 08:56 702,845 --a------ C:\WINDOWS\SYSTEM32\dllcache\i81xdnt5.dll
2008-02-10 00:26 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\dllcache\g400d.dll
2008-02-10 00:25 . 2001-08-17 13:28 595,647 --a------ C:\WINDOWS\SYSTEM32\dllcache\es56cvmp.sys
2008-02-10 00:24 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\dllcache\el656ct5.sys
2008-02-10 00:23 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\dllcache\diwan.sys
2008-02-10 00:22 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\dllcache\cicap.sys
2008-02-10 00:21 . 2001-08-17 13:28 714,698 --a------ C:\WINDOWS\SYSTEM32\dllcache\cbmdmkxx.sys
2008-02-10 00:20 . 2001-08-23 12:00 195,618 --a------ C:\WINDOWS\SYSTEM32\dllcache\c_10002.nls
2008-02-10 00:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\dllcache\bcmdm.sys
2008-02-10 00:18 . 2001-08-17 14:55 382,592 --a------ C:\WINDOWS\SYSTEM32\dllcache\atidrab.dll
2008-02-10 00:11 . 2001-08-17 12:19 747,392 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8830.sys
2008-02-10 00:11 . 2001-08-17 12:19 584,448 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8810.sys
2008-02-10 00:11 . 2001-08-17 12:19 553,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8820.sys
2008-02-10 00:11 . 2001-08-17 14:07 101,888 --a------ C:\WINDOWS\SYSTEM32\dllcache\adpu160m.sys
2008-02-10 00:11 . 2001-08-17 12:11 46,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\adptsf50.sys
2008-02-10 00:11 . 2002-08-29 07:00 10,880 --a------ C:\WINDOWS\SYSTEM32\dllcache\admjoy.sys
2008-02-09 22:12 . 2008-02-09 22:12 <DIR> d-------- C:\SDFiX
2008-02-09 19:53 . 2008-02-09 19:53 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-09 19:12 . 2008-02-09 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 18:33 . 2008-02-09 18:33 <DIR> d--hs---- C:\FOUND.005
2008-02-09 17:10 . 2008-02-09 17:10 58,368 --a------ C:\wpohl.exe
2008-02-09 17:10 . 54,764 C:\WINDOWS\SYSTEM32\4fdw.dll
2008-02-09 17:10 . 2008-02-09 17:10 0 --a------ C:\1061129285
2008-02-09 17:09 . 2008-02-09 17:10 43,520 --a------ C:\arbfikac.exe
2008-02-09 17:07 . 2008-02-10 01:27 272,973 --a------ C:\WINDOWS\SYSTEM32\ffiii.ini.vir
2008-02-09 17:07 . 2008-02-10 01:27 272,859 --a------ C:\WINDOWS\SYSTEM32\ffiii.ini2.vir
2008-02-09 17:02 . 2008-02-09 17:02 40,960 --a------ C:\WINDOWS\SYSTEM32\ssqnklk.dll.vir
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Program Files\Sprite Software
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Sprite Software
2008-02-03 18:12 . 2008-02-03 18:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 16:31 . 2008-02-03 16:31 <DIR> d-------- C:\Program Files\Microsoft Voice Command
2008-01-21 21:07 . 2008-01-21 21:07 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-21 21:05 . 2008-01-21 21:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-21 21:00 . 2008-01-21 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 12:06 . 2008-01-13 12:06 <DIR> d--hs---- C:\FOUND.004
2008-01-13 02:04 . 2008-01-13 02:04 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-01-12 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-12 16:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 09:47 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 09:47 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 18:35 16,036,327 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-01 19:31 250,664 ----a-w C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 22:09 3,818 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-01-06 20:45 --------- d-----w C:\Program Files\Ventrilo
2008-01-02 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-17 21:18 --------- d-----w C:\Program Files\PurePlay
2007-12-17 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PurePlay
2007-12-16 10:55 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2007-12-09 01:54 3,211,264 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-08-07 18:35 47,360 ----a-w C:\Documents and Settings\Ben\Application Data\pcouffin.sys
2007-06-02 17:58 166 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-02-22 22:47 3,066,880 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-02-22 22:47 1,854,464 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-05-30 15:36 21,376 ----a-w C:\WINDOWS\inf\hopperp.sys
2006-03-12 11:43 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2003-10-29 20:56 136 ----a-w C:\Program Files\jpegconva.dll
2002-10-13 15:11 266 --sh--w C:\Program Files\desktop.ini
2002-10-13 15:11 11,079 ---h--w C:\Program Files\folder.htt
2003-01-03 03:39 32 --sha-w C:\WINDOWS\{59E39CC2-72C1-4DF4-A9AB-A38FDEB251F9}.dat
2003-01-03 03:38 32 --sha-w C:\WINDOWS\{5001BB73-2152-48B8-9A9F-C97304793254}.dat
2003-01-03 03:39 32 --sha-w C:\WINDOWS\{D32E6505-B456-4CCC-B1E4-C5A9A17D00C6}.dat
2003-01-03 03:39 32 --sha-w C:\WINDOWS\{722C86AC-03EA-4778-AF18-1B460DE4C620}.dat
2003-01-03 03:40 32 --sha-w C:\WINDOWS\{177F1C27-8F8C-432D-81CE-F87DB35CA320}.dat
2003-01-03 03:42 32 --sha-w C:\WINDOWS\{4DF297F9-820D-40DE-92D8-A5AF7AFDF5D4}.dat
2003-01-03 03:42 32 --sha-w C:\WINDOWS\{757935AA-AF64-42D2-ACB3-F3CE52BEC94B}.dat
2003-01-03 03:38 32 --sha-w C:\WINDOWS\SYSTEM32\{8F8D239C-C1D9-4CFA-A369-8F1C8AACC556}.dat
2003-01-03 03:39 32 --sha-w C:\WINDOWS\SYSTEM32\{358B7B53-A364-4946-AA6E-CC47E40E532D}.dat
2003-01-03 03:39 32 --sha-w C:\WINDOWS\SYSTEM32\{B45C7C51-F8AF-48B3-8CBC-4B117B53F8C5}.dat
2003-01-03 03:39 32 --sha-w C:\WINDOWS\SYSTEM32\{CC0EB9FF-F07C-4F1F-BEC7-6BF013F1BD97}.dat
2003-01-03 03:40 32 --sha-w C:\WINDOWS\SYSTEM32\{B11BC8C4-6C69-4295-94B9-9C52DC1F05EB}.dat
2003-01-03 03:42 32 --sha-w C:\WINDOWS\SYSTEM32\{44B7C4BD-69D8-4CB7-8600-345D9A4FCB1D}.dat
2003-01-03 03:42 32 --sha-w C:\WINDOWS\SYSTEM32\{7211C028-E59B-41F7-A73C-F78C85A5FD11}.dat
2007-09-09 11:23 88 --sh--r C:\WINDOWS\SYSTEM32\702B164095.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2415B9C9-4661-4693-8A8F-9487A1752318}]
C:\WINDOWS\system32\iiiff.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe]
"EPoXUSDM"="C:\Program Files\EPOX\USDM\USDM.exe" [2004-01-29 12:08 1017344]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 17:01 135168]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 11:22 543232]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 12:33 2037088]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-12 18:40:40 593920]
PCI GW-US54GD Utility.lnk - C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe [2007-04-23 14:19:49 512000]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-03 21:33:36 126136]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 7.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IP surveillance]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-08-15 20:46 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2003-05-16 20:24 851968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--------- 2005-10-24 15:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchingService]
--a------ 2005-08-24 10:27 77824 c:\program files\d-link d-viewcam\exes\wdsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 18:29 35328 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"StarWindService"=2 (0x2)
"D-Link_ST3402"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RealPlayer"="F:\Internet Progs\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 HopperP;WiFi Hopper;C:\WINDOWS\system32\DRIVERS\hopperp.sys [2006-05-30 15:36]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-01 15:46]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2005-02-03 10:52]
S3 NuVision;Hauppauge WinTV USB Live;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-04-30 15:59]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 14:56]
S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2003-02-26 15:01]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 14:55]
S3 US54GDBU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GD 54Mbps Wireless LAN USB Adapter(PLANEX COMMUNICATIONS INC.);C:\WINDOWS\system32\DRIVERS\US54GDBu.sys [2005-10-28 11:38]
S3 WDM_Capture_220A;DVB-T TV Receiver;C:\WINDOWS\system32\Drivers\WDM_Capture_220A.sys [2006-03-20 16:06]
S3 WDM_Loader_220A;DVB-T TV Loader;C:\WINDOWS\system32\Drivers\WDM_Loader_220A.sys [2006-06-12 14:33]
S4 DzlUsb;Dazzle DVC USB Device;C:\WINDOWS\system32\DRIVERS\DzlUsb.sys [1999-09-17 17:28]
S4 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 17:24:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-23 07:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-23 09:36:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1181550903.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-02-10 09:31:30 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 09:51:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2008-02-10 9:56:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 09:56:10
.
2007-12-13 03:01:45 --- E O F ---
| Bill10 |
| (new user) |
| Sun Feb 10 2008 12:15 PM |
|
Re: Can't see desktop icons and it keeps refreshing
|
done some more removal with virtu removal tools 2x of them and this is my latest HiJacklog
-- the emails are stil trying to be sent
cant seem to stop it - avast is going mad-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:46, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPOX\USDM\USDM.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Ben\Application Data\Simply Super Software\Trojan Remover\mav5D.exe
C:\Documents and Settings\Ben\Application Data\Simply Super Software\Trojan Remover\mav5D.exe
C:\Documents and Settings\Ben\Desktop\VundoFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PCI GW-US54GD Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.filefarmer.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121516275756
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200149955209
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} (ClientControl Class) - http://192.168.1.66/plugin/client.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.1.101/plugin/h263ctrl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 13390 bytes
| bricat |
| (HijackThis Helper) |
| Sun Feb 10 2008 07:05 PM |
|
|
|
Re: Can't see desktop icons and it keeps refreshing
|
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
Folder::
C:\1061129285
C:\Documents and Settings\Ben\Application Data\Simply Super Software
C:\Documents and Settings\All Users\Application Data\Simply Super Software
File::
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\arbfikac.exe
C:\WINDOWS\SYSTEM32\ffiii.ini.vir
C:\WINDOWS\SYSTEM32\ffiii.ini2.vir
C:\WINDOWS\SYSTEM32\ssqnklk.dll.vir
C:\Program Files\jpegconva.dll
C:\WINDOWS\{5001BB73-2152-48B8-9A9F-C97304793254}.dat
C:\WINDOWS\{D32E6505-B456-4CCC-B1E4-C5A9A17D00C6}.dat
C:\WINDOWS\{722C86AC-03EA-4778-AF18-1B460DE4C620}.dat
C:\WINDOWS\{177F1C27-8F8C-432D-81CE-F87DB35CA320}.dat
C:\WINDOWS\{4DF297F9-820D-40DE-92D8-A5AF7AFDF5D4}.dat
C:\WINDOWS\{757935AA-AF64-42D2-ACB3-F3CE52BEC94B}.dat
C:\WINDOWS\SYSTEM32\{8F8D239C-C1D9-4CFA-A369-8F1C8AACC556}.dat
C:\WINDOWS\SYSTEM32\{358B7B53-A364-4946-AA6E-CC47E40E532D}.dat
C:\WINDOWS\SYSTEM32\{B45C7C51-F8AF-48B3-8CBC-4B117B53F8C5}.dat
C:\WINDOWS\SYSTEM32\{CC0EB9FF-F07C-4F1F-BEC7-6BF013F1BD97}.dat
C:\WINDOWS\SYSTEM32\{B11BC8C4-6C69-4295-94B9-9C52DC1F05EB}.dat
C:\WINDOWS\SYSTEM32\{44B7C4BD-69D8-4CB7-8600-345D9A4FCB1D}.dat
C:\WINDOWS\SYSTEM32\{7211C028-E59B-41F7-A73C-F78C85A5FD11}.dat
C:\WINDOWS\SYSTEM32\702B164095.sys
C:\WINDOWS\system32\iiiff.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{2415B9C9-4661-4693-8A8F-9487A1752318}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
| Bill10 |
| (new user) |
| Sun Feb 10 2008 08:43 PM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Hi there,
the logs are below. Just wanted to add a site note; when i dropped the txt over combofix and it began working (with the small blue screen) it said something like access violation .....'other stuff' (like about 8 numbers, sorry i couldn't write it down fast enough) and ended ntdll.dll.
(hope the above helps somewhat
System seems ok so far - i have opened firefox and IE and no more avast mail boxes come up (fingers crossed!) - i look forward to seeing what you think of the logs now
-----------------------------------
hijackthis.log
-----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:15, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPOX\USDM\USDM.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PCI GW-US54GD Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000" target="_blank">res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000</a>
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - C:\Documents and Settings\Ben\Desktop\WPT Casino.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.filefarmer.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121516275756
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200149955209
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} (ClientControl Class) - http://192.168.1.66/plugin/client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.1.101/plugin/h263ctrl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 13396 bytes
--------------------------------------
combofix.log
--------------------------------------
ComboFix 08-02.05.3 - Ben 2008-02-10 20:13:51.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1511 [GMT 0:00]
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\arbfikac.exe
C:\Program Files\jpegconva.dll
C:\WINDOWS\{177F1C27-8F8C-432D-81CE-F87DB35CA320}.dat
C:\WINDOWS\{4DF297F9-820D-40DE-92D8-A5AF7AFDF5D4}.dat
C:\WINDOWS\{5001BB73-2152-48B8-9A9F-C97304793254}.dat
C:\WINDOWS\{722C86AC-03EA-4778-AF18-1B460DE4C620}.dat
C:\WINDOWS\{757935AA-AF64-42D2-ACB3-F3CE52BEC94B}.dat
C:\WINDOWS\{D32E6505-B456-4CCC-B1E4-C5A9A17D00C6}.dat
C:\WINDOWS\SYSTEM32\{358B7B53-A364-4946-AA6E-CC47E40E532D}.dat
C:\WINDOWS\SYSTEM32\{44B7C4BD-69D8-4CB7-8600-345D9A4FCB1D}.dat
C:\WINDOWS\SYSTEM32\{7211C028-E59B-41F7-A73C-F78C85A5FD11}.dat
C:\WINDOWS\SYSTEM32\{8F8D239C-C1D9-4CFA-A369-8F1C8AACC556}.dat
C:\WINDOWS\SYSTEM32\{B11BC8C4-6C69-4295-94B9-9C52DC1F05EB}.dat
C:\WINDOWS\SYSTEM32\{B45C7C51-F8AF-48B3-8CBC-4B117B53F8C5}.dat
C:\WINDOWS\SYSTEM32\{CC0EB9FF-F07C-4F1F-BEC7-6BF013F1BD97}.dat
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\WINDOWS\SYSTEM32\702B164095.sys
C:\WINDOWS\SYSTEM32\ffiii.ini.vir
C:\WINDOWS\SYSTEM32\ffiii.ini2.vir
C:\WINDOWS\system32\iiiff.dll
C:\WINDOWS\SYSTEM32\ssqnklk.dll.vir
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\1061129285\
C:\Documents and Settings\All Users\Application Data\Simply Super Software
C:\Documents and Settings\Ben\Application Data\Simply Super Software
C:\Documents and Settings\Ben\Application Data\Simply Super Software\Trojan Remover\CLEANUP.BAT
C:\Documents and Settings\Ben\Application Data\Simply Super Software\Trojan Remover\gfx2.exe
C:\Program Files\jpegconva.dll
C:\WINDOWS\{177F1C27-8F8C-432D-81CE-F87DB35CA320}.dat
C:\WINDOWS\{4DF297F9-820D-40DE-92D8-A5AF7AFDF5D4}.dat
C:\WINDOWS\{5001BB73-2152-48B8-9A9F-C97304793254}.dat
C:\WINDOWS\{722C86AC-03EA-4778-AF18-1B460DE4C620}.dat
C:\WINDOWS\{757935AA-AF64-42D2-ACB3-F3CE52BEC94B}.dat
C:\WINDOWS\{D32E6505-B456-4CCC-B1E4-C5A9A17D00C6}.dat
C:\WINDOWS\SYSTEM32\{358B7B53-A364-4946-AA6E-CC47E40E532D}.dat
C:\WINDOWS\SYSTEM32\{44B7C4BD-69D8-4CB7-8600-345D9A4FCB1D}.dat
C:\WINDOWS\SYSTEM32\{7211C028-E59B-41F7-A73C-F78C85A5FD11}.dat
C:\WINDOWS\SYSTEM32\{8F8D239C-C1D9-4CFA-A369-8F1C8AACC556}.dat
C:\WINDOWS\SYSTEM32\{B11BC8C4-6C69-4295-94B9-9C52DC1F05EB}.dat
C:\WINDOWS\SYSTEM32\{B45C7C51-F8AF-48B3-8CBC-4B117B53F8C5}.dat
C:\WINDOWS\SYSTEM32\{CC0EB9FF-F07C-4F1F-BEC7-6BF013F1BD97}.dat
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\WINDOWS\SYSTEM32\702B164095.sys
C:\WINDOWS\SYSTEM32\ffiii.ini.vir
C:\WINDOWS\SYSTEM32\ffiii.ini2.vir
C:\WINDOWS\SYSTEM32\ssqnklk.dll.vir
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 17:37 . 2008-02-10 17:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-10 17:37 . 2008-02-10 17:44 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-10 17:29 . 2008-02-10 20:28 3,376,127 --a------ C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-80611102}.BAK
2008-02-10 12:22 . 2008-02-10 12:22 <DIR> d-------- C:\Program Files\CCleaner
2008-02-10 10:14 . 2008-02-10 10:14 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Grisoft
2008-02-10 10:13 . 2008-02-10 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 10:13 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-02-10 09:17 . 2008-02-10 09:17 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-02-10 02:40 . 2008-02-10 02:40 <DIR> d-------- C:\VundoFix Backups
2008-02-10 02:24 . 2008-02-10 02:24 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\AdwareAlert
2008-02-10 02:12 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-10 02:04 . 2004-08-04 08:56 388,608 --a------ C:\kmd.exe
2008-02-10 01:17 . 2008-02-10 01:17 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-10 01:17 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2008-02-10 01:17 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2008-02-10 01:17 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2008-02-10 01:17 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2008-02-10 01:17 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2008-02-10 00:37 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\dllcache\usr1801.sys
2008-02-10 00:36 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\dllcache\tridxp.dll
2008-02-10 00:35 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\dllcache\stlnata.sys
2008-02-10 00:34 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\sgiul50.dll
2008-02-10 00:33 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\dllcache\r2mdkxga.sys
2008-02-10 00:32 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\ovcodek2.sys
2008-02-10 00:31 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\nv3.sys
2008-02-10 00:30 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\SYSTEM32\dllcache\mgaum.sys
2008-02-10 00:29 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\dllcache\ltsm.sys
2008-02-10 00:28 . 2004-08-04 08:56 152,576 --a------ C:\WINDOWS\SYSTEM32\dllcache\irftp.exe
2008-02-10 00:27 . 2004-08-04 08:56 702,845 --a------ C:\WINDOWS\SYSTEM32\dllcache\i81xdnt5.dll
2008-02-10 00:26 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\dllcache\g400d.dll
2008-02-10 00:25 . 2001-08-17 13:28 595,647 --a------ C:\WINDOWS\SYSTEM32\dllcache\es56cvmp.sys
2008-02-10 00:24 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\dllcache\el656ct5.sys
2008-02-10 00:23 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\dllcache\diwan.sys
2008-02-10 00:22 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\dllcache\cicap.sys
2008-02-10 00:21 . 2001-08-17 13:28 714,698 --a------ C:\WINDOWS\SYSTEM32\dllcache\cbmdmkxx.sys
2008-02-10 00:20 . 2001-08-23 12:00 195,618 --a------ C:\WINDOWS\SYSTEM32\dllcache\c_10002.nls
2008-02-10 00:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\dllcache\bcmdm.sys
2008-02-10 00:18 . 2001-08-17 14:55 382,592 --a------ C:\WINDOWS\SYSTEM32\dllcache\atidrab.dll
2008-02-10 00:11 . 2001-08-17 12:19 747,392 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8830.sys
2008-02-10 00:11 . 2001-08-17 12:19 584,448 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8810.sys
2008-02-10 00:11 . 2001-08-17 12:19 553,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8820.sys
2008-02-10 00:11 . 2001-08-17 14:07 101,888 --a------ C:\WINDOWS\SYSTEM32\dllcache\adpu160m.sys
2008-02-10 00:11 . 2001-08-17 12:11 46,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\adptsf50.sys
2008-02-10 00:11 . 2002-08-29 07:00 10,880 --a------ C:\WINDOWS\SYSTEM32\dllcache\admjoy.sys
2008-02-09 22:12 . 2008-02-09 22:12 <DIR> d-------- C:\SDFiX
2008-02-09 19:53 . 2008-02-09 19:53 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-09 19:12 . 2008-02-09 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 18:33 . 2008-02-09 18:33 <DIR> d--hs---- C:\FOUND.005
2008-02-09 17:10 . 2008-02-09 17:10 58,368 --a------ C:\WPOHL.0XE
2008-02-09 17:10 . 2008-02-09 17:10 0 --a------ C:\1061129285
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Program Files\Sprite Software
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Sprite Software
2008-02-03 18:12 . 2008-02-03 18:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 16:31 . 2008-02-03 16:31 <DIR> d-------- C:\Program Files\Microsoft Voice Command
2008-01-21 21:07 . 2008-01-21 21:07 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-21 21:05 . 2008-01-21 21:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-21 21:00 . 2008-01-21 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 12:06 . 2008-01-13 12:06 <DIR> d--hs---- C:\FOUND.004
2008-01-13 02:04 . 2008-01-13 02:04 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-01-12 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-12 16:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 20:22 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 20:22 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 18:35 16,036,327 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-01 19:31 250,664 ----a-w C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 22:09 3,818 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-01-06 20:45 --------- d-----w C:\Program Files\Ventrilo
2008-01-02 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-17 21:18 --------- d-----w C:\Program Files\PurePlay
2007-12-17 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PurePlay
2007-12-16 10:55 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2007-12-09 01:54 3,211,264 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-08-07 18:35 47,360 ----a-w C:\Documents and Settings\Ben\Application Data\pcouffin.sys
2007-06-02 17:58 166 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-02-22 22:47 3,066,880 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-02-22 22:47 1,854,464 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-05-30 15:36 21,376 ----a-w C:\WINDOWS\inf\hopperp.sys
2006-03-12 11:43 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2002-10-13 15:11 266 --sh--w C:\Program Files\desktop.ini
2002-10-13 15:11 11,079 ---h--w C:\Program Files\folder.htt
2003-01-03 03:39 32 --sha-w C:\WINDOWS\{59E39CC2-72C1-4DF4-A9AB-A38FDEB251F9}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe]
"EPoXUSDM"="C:\Program Files\EPOX\USDM\USDM.exe" [2004-01-29 12:08 1017344]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 17:01 135168]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 11:22 543232]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 12:33 2037088]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-12 18:40:40 593920]
PCI GW-US54GD Utility.lnk - C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe [2007-04-23 14:19:49 512000]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-03 21:33:36 126136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 7.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IP surveillance]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-08-15 20:46 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2003-05-16 20:24 851968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--------- 2005-10-24 15:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchingService]
--a------ 2005-08-24 10:27 77824 c:\program files\d-link d-viewcam\exes\wdsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 18:29 35328 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"StarWindService"=2 (0x2)
"D-Link_ST3402"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RealPlayer"="F:\Internet Progs\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 HopperP;WiFi Hopper;C:\WINDOWS\system32\DRIVERS\hopperp.sys [2006-05-30 15:36]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-01 15:46]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01]
S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2005-02-03 10:52]
S3 NuVision;Hauppauge WinTV USB Live;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-04-30 15:59]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 14:56]
S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2003-02-26 15:01]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 14:55]
S3 US54GDBU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GD 54Mbps Wireless LAN USB Adapter(PLANEX COMMUNICATIONS INC.);C:\WINDOWS\system32\DRIVERS\US54GDBu.sys [2005-10-28 11:38]
S3 WDM_Capture_220A;DVB-T TV Receiver;C:\WINDOWS\system32\Drivers\WDM_Capture_220A.sys [2006-03-20 16:06]
S3 WDM_Loader_220A;DVB-T TV Loader;C:\WINDOWS\system32\Drivers\WDM_Loader_220A.sys [2006-06-12 14:33]
S4 DzlUsb;Dazzle DVC USB Device;C:\WINDOWS\system32\DRIVERS\DzlUsb.sys [1999-09-17 17:28]
S4 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 17:24:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-23 07:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-23 09:36:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1181550903.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-02-10 09:31:30 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 20:28:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2008-02-10 20:34:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 20:34:40
ComboFix2.txt 2008-02-10 09:56:24
.
2007-12-13 03:01:45 --- E O F ---
| Bill10 |
| (new user) |
| Sun Feb 10 2008 09:16 PM |
|
Re: Can't see desktop icons and it keeps refreshing
|
I just started an online Panda ActiveScan as earlier today it was failing so i thought with it all looking better now (on the worm/malware front) [spoke to soon i fear], i thought i would run it - it began fine then Avast came up saying this.
Maybe i should cancel avast while this panda activescan runs?
------------------------------------------------------------------------------
File name: C:\WINDOWS\system32\ACTIVE~1\pskavs.dll
Malware name: Win32:CTX
Malware type: Virus/Worm
VPS version: 080210-0, 10/02/2008
| bricat |
| (HijackThis Helper) |
| Sun Feb 10 2008 09:18 PM |
|
|
|
Re: Can't see desktop icons and it keeps refreshing
|
just a few files to remove.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
Folder::
C:\1061129285
File::
C:\WPOHL.0XE
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
| Bill10 |
| (new user) |
| Sun Feb 10 2008 09:47 PM |
|
Re: Can't see desktop icons and it keeps refreshing
|
Hello, done that logs are below - thank you
------------------------
combofix log
------------------------
ComboFix 08-02.05.3 - Ben 2008-02-10 21:26:15.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1606 [GMT 0:00]
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WPOHL.0XE
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1061129285\
C:\WPOHL.0XE
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 20:10 . 2004-08-04 08:56 388,608 --a------ C:\kmd.exe
2008-02-10 17:37 . 2008-02-10 17:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-10 17:37 . 2008-02-10 21:11 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-10 17:29 . 2008-02-10 21:35 3,376,127 --a------ C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-80611102}.BAK
2008-02-10 12:22 . 2008-02-10 12:22 <DIR> d-------- C:\Program Files\CCleaner
2008-02-10 10:14 . 2008-02-10 10:14 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Grisoft
2008-02-10 10:13 . 2008-02-10 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 10:13 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-02-10 09:17 . 2008-02-10 09:17 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-02-10 02:40 . 2008-02-10 02:40 <DIR> d-------- C:\VundoFix Backups
2008-02-10 02:24 . 2008-02-10 02:24 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\AdwareAlert
2008-02-10 02:12 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-10 01:17 . 2008-02-10 01:17 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-10 01:17 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2008-02-10 01:17 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2008-02-10 01:17 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2008-02-10 01:17 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2008-02-10 01:17 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2008-02-10 00:37 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\dllcache\usr1801.sys
2008-02-10 00:36 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\dllcache\tridxp.dll
2008-02-10 00:35 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\dllcache\stlnata.sys
2008-02-10 00:34 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\sgiul50.dll
2008-02-10 00:33 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\dllcache\r2mdkxga.sys
2008-02-10 00:32 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\ovcodek2.sys
2008-02-10 00:31 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\nv3.sys
2008-02-10 00:30 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\SYSTEM32\dllcache\mgaum.sys
2008-02-10 00:29 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\dllcache\ltsm.sys
2008-02-10 00:28 . 2004-08-04 08:56 152,576 --a------ C:\WINDOWS\SYSTEM32\dllcache\irftp.exe
2008-02-10 00:27 . 2004-08-04 08:56 702,845 --a------ C:\WINDOWS\SYSTEM32\dllcache\i81xdnt5.dll
2008-02-10 00:26 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\dllcache\g400d.dll
2008-02-10 00:25 . 2001-08-17 13:28 595,647 --a------ C:\WINDOWS\SYSTEM32\dllcache\es56cvmp.sys
2008-02-10 00:24 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\dllcache\el656ct5.sys
2008-02-10 00:23 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\dllcache\diwan.sys
2008-02-10 00:22 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\dllcache\cicap.sys
2008-02-10 00:21 . 2001-08-17 13:28 714,698 --a------ C:\WINDOWS\SYSTEM32\dllcache\cbmdmkxx.sys
2008-02-10 00:20 . 2001-08-23 12:00 195,618 --a------ C:\WINDOWS\SYSTEM32\dllcache\c_10002.nls
2008-02-10 00:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\dllcache\bcmdm.sys
2008-02-10 00:18 . 2001-08-17 14:55 382,592 --a------ C:\WINDOWS\SYSTEM32\dllcache\atidrab.dll
2008-02-10 00:11 . 2001-08-17 12:19 747,392 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8830.sys
2008-02-10 00:11 . 2001-08-17 12:19 584,448 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8810.sys
2008-02-10 00:11 . 2001-08-17 12:19 553,984 --a------ C:\WINDOWS\SYSTEM32\dllcache\adm8820.sys
2008-02-10 00:11 . 2001-08-17 14:07 101,888 --a------ C:\WINDOWS\SYSTEM32\dllcache\adpu160m.sys
2008-02-10 00:11 . 2001-08-17 12:11 46,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\adptsf50.sys
2008-02-10 00:11 . 2002-08-29 07:00 10,880 --a------ C:\WINDOWS\SYSTEM32\dllcache\admjoy.sys
2008-02-09 22:12 . 2008-02-09 22:12 <DIR> d-------- C:\SDFiX
2008-02-09 19:53 . 2008-02-09 19:53 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-09 19:12 . 2008-02-09 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 18:33 . 2008-02-09 18:33 <DIR> d--hs---- C:\FOUND.005
2008-02-09 17:10 . 2008-02-09 17:10 0 --a------ C:\1061129285
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Program Files\Sprite Software
2008-02-09 17:00 . 2008-02-09 17:00 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Sprite Software
2008-02-03 18:12 . 2008-02-03 18:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 16:31 . 2008-02-03 16:31 <DIR> d-------- C:\Program Files\Microsoft Voice Command
2008-01-21 21:07 . 2008-01-21 21:07 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-21 21:05 . 2008-01-21 21:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-21 21:00 . 2008-01-21 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 12:06 . 2008-01-13 12:06 <DIR> d--hs---- C:\FOUND.004
2008-01-13 02:04 . 2008-01-13 02:04 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-01-12 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-12 16:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 21:32 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 21:32 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 18:35 16,036,327 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-01 19:31 250,664 ----a-w C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 22:09 3,818 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-01-06 20:45 --------- d-----w C:\Program Files\Ventrilo
2008-01-02 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-17 21:18 --------- d-----w C:\Program Files\PurePlay
2007-12-17 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PurePlay
2007-12-16 10:55 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2007-12-09 01:54 3,211,264 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-08-07 18:35 47,360 ----a-w C:\Documents and Settings\Ben\Application Data\pcouffin.sys
2007-06-02 17:58 166 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-02-22 22:47 3,066,880 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-02-22 22:47 1,854,464 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-05-30 15:36 21,376 ----a-w C:\WINDOWS\inf\hopperp.sys
2006-03-12 11:43 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2002-10-13 15:11 266 --sh--w C:\Program Files\desktop.ini
2002-10-13 15:11 11,079 ---h--w C:\Program Files\folder.htt
2003-01-03 03:39 32 --sha-w C:\WINDOWS\{59E39CC2-72C1-4DF4-A9AB-A38FDEB251F9}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe]
"EPoXUSDM"="C:\Program Files\EPOX\USDM\USDM.exe" [2004-01-29 12:08 1017344]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 17:01 135168]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 11:22 543232]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 12:33 2037088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-12 18:40:40 593920]
PCI GW-US54GD Utility.lnk - C:\Program Files\bRoad Lanner Wave\GW-US54GD\GW-US54GD.exe [2007-04-23 14:19:49 512000]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-03 21:33:36 126136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 7.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IP surveillance]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-08-15 20:46 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2003-05-16 20:24 851968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--------- 2005-10-24 15:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchingService]
--a------ 2005-08-24 10:27 77824 c:\program files\d-link d-viewcam\exes\wd