Thread: Win32.Trojan.RX
View Single Post
Old 04-25-2007, 03:55 PM   #4 (permalink)
ThePaper88
Registered User
 
Join Date: Apr 2007
Posts: 15
OS: Windows XP


Re: Win32.Trojan.RX
Thank you for the welcoming!

I completely understand, and I greatly appreciate your time. Yes, I'm still have malware issues and it seems to get worse with time, like a deadly disease.


After running Combofix, it restarted my computer unexpectedly and I lost the first OTMoveit results. So I re-ran it and this is what I came up with.

Quote:
File/Folder C:\windows\system32\uvnx.exe not found.
File/Folder C:\WINDOWS\sysrlb32.exe not found.
File/Folder C:\WINDOWS\system32\hgni_ecol.dll not found.
C:\WINDOWS\system32\msnhlp32.dll unregistered successfully.
C:\WINDOWS\system32\msnhlp32.dll moved successfully.

Created on 04/25/2007 17:09:49





Quote:
"The Paper (Host)" - 07-04-25 17:00:18 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\The Paper (Host)\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\1036.exe
C:\WINDOWS\system32\7084.exe
C:\WINDOWS\764.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\winhp32.exe
C:\WINDOWS\system32\bfmoxrnvva_navps.dat
C:\WINDOWS\system32\bfmoxrnvva.exe
C:\WINDOWS\system32\bfmoxrnvva.dat
C:\WINDOWS\system32\msvcrl.dll


((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))


2007-04-25 16:41 <DIR> d-------- C:\Program Files\CCleaner
2007-04-25 16:14 18,432 --a------ C:\WINDOWS\sysrlb32.exe
2007-04-25 15:59 32,512 --a------ C:\WINDOWS\Biprep.exe
2007-04-25 15:59 31,232 --a------ C:\WINDOWS\mssvr.exe
2007-04-25 15:59 16,128 --a------ C:\WINDOWS\2020search2.dll
2007-04-25 15:59 15,872 --a------ C:\WINDOWS\2020search.dll
2007-04-25 15:59 13,312 --a------ C:\WINDOWS\bi.dll
2007-04-25 08:08 10,756 --a------ C:\WINDOWS\loader.exe
2007-04-24 17:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-23 23:31 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-23 23:31 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-23 23:31 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-23 23:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-23 19:13 <DIR> d-------- C:\Program Files\SpyAway
2007-04-23 06:49 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-04-23 06:26 31,232 --a------ C:\WINDOWS\vxddsk.exe
2007-04-23 06:26 30,208 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-23 06:26 29,696 --a------ C:\WINDOWS\system32\wml.exe
2007-04-23 06:26 28,672 --a------ C:\WINDOWS\wml.exe
2007-04-23 06:26 26,368 --a------ C:\WINDOWS\satmat.exe
2007-04-23 06:26 16,128 --a------ C:\WINDOWS\SUSP.exe
2007-04-23 06:26 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-23 06:25 9,728 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-04-23 06:25 81,412 --a------ C:\WINDOWS\system32\idleserv.exe
2007-04-23 06:25 32,256 --a------ C:\WINDOWS\stcloader.exe
2007-04-23 06:25 31,488 --a------ C:\WINDOWS\salm.exe
2007-04-23 06:25 30,976 --a------ C:\WINDOWS\updatetc.exe
2007-04-23 06:25 30,976 --a------ C:\WINDOWS\saiemod.dll
2007-04-23 06:25 29,952 --a------ C:\WINDOWS\cdsm32.dll
2007-04-23 06:25 29,696 --a------ C:\WINDOWS\mspphe.dll
2007-04-23 06:25 28,416 --a------ C:\WINDOWS\flt.dll
2007-04-23 06:25 28,160 --a------ C:\WINDOWS\bjam.dll
2007-04-23 06:25 26,624 --a------ C:\WINDOWS\7search.dll
2007-04-23 06:25 24,832 --a------ C:\WINDOWS\180ax.exe
2007-04-23 06:25 20,480 --a------ C:\WINDOWS\swin32.dll
2007-04-23 06:25 17,664 --a------ C:\WINDOWS\voiceip.dll
2007-04-23 06:25 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
2007-04-23 06:25 16,896 --a------ C:\WINDOWS\pbar.dll
2007-04-23 06:25 13,312 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-04-23 06:25 12,800 --a------ C:\WINDOWS\system32\user_32.dll
2007-04-23 06:25 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-23 06:25 10,752 --a------ C:\WINDOWS\bokja.exe
2007-04-23 06:25 0 --a------ C:\WINDOWS\system32\msnhlp32.dll
2007-04-22 15:54 155,648 --a------ C:\WINDOWS\mgrab.exe
2007-04-20 11:55 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-04-20 11:55 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-04-18 09:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-18 09:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-18 09:58 <DIR> d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\Lavasoft
2007-04-15 17:02 36,864 --a------ C:\WINDOWS\ul.exe
2007-04-12 15:12 0 --a------ C:\WINDOWS\system32\692D963F.exe
2007-04-12 11:48 80,384 --a------ C:\WINDOWS\installer.exe
2007-04-09 16:09 <DIR> d-------- C:\DOCUME~1\THEPAP~1\havenROp
2007-04-08 14:18 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 14:18 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-08 14:18 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-08 14:18 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-08 14:18 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 14:18 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 14:18 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-08 14:18 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 14:18 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-08 14:18 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-08 14:15 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-08 13:26 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-08 13:18 <DIR> d-------- C:\Program Files\Lineage II
2007-04-06 20:07 248,988 --a------ C:\WINDOWS\system32\bfmoxrnvva_nav.dat
2007-04-03 19:24 <DIR> d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\Ventrilo
2007-04-03 19:23 <DIR> d-------- C:\Program Files\Ventrilo
2007-04-03 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-03 13:43 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-03 13:05 <DIR> d-------- C:\Dell
2007-04-03 12:00 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-03 11:59 <DIR> d-------- C:\ATI
2007-04-03 10:12 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-03 10:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-03 09:02 <DIR> d-------- C:\Program Files\Silkroad
2007-03-28 00:43 <DIR> d-------- C:\Program Files\Neat Image


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver pe386 is present. ... attempting disinfection
msguard ...... driver unloaded successfully.
ADS removed - system32: deleted 78070 bytes in 1 streams.

2007-04-25 16:54 -------- d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\skype
2007-04-18 14:01 -------- d-------- C:\Program Files\mirc
2007-04-08 13:18 -------- d--h----- C:\Program Files\installshield installation information
2007-03-23 17:31 1423 --a------ C:\WINDOWS\mozver.dat
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 06:14 -------- d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\vlc
2007-03-08 05:28 -------- d-------- C:\Program Files\videolan
2007-01-29 15:49 65536 --a------ C:\WINDOWS\ifinst27.exe
2007-01-25 21:19 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-01-25 21:19 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-25 21:19 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-25 21:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-25 21:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-25 21:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-25 21:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-25 21:13 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-25 21:13 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-25 21:13 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-25 21:13 738906 --a------ C:\WINDOWS\system32\divx.dll
2007-01-25 21:13 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-25 21:13 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-01-25 21:13 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-25 21:13 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-01-25 21:13 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-25 21:13 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-25 21:13 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-25 21:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-25 18:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-25 16:56 0 -rahs---- C:\MSDOS.SYS
2007-01-25 16:56 0 -rahs---- C:\IO.SYS
2007-01-25 16:56 0 --a------ C:\CONFIG.SYS
2007-01-25 16:56 0 --a------ C:\AUTOEXEC.BAT
2007-01-25 16:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-24 18:58 62 --ahs---- C:\DOCUME~1\THEPAP~1\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SpyAway"="C:\\Program Files\\SpyAway\\spyaway.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000001

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 17:05:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-25 17:07:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-25 17:07
Quote:
Logfile of HijackThis v1.99.1
Scan saved at 5:56:37 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\WINDOWS\system32\idleserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\The Paper (Host)\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\spyaway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

List:


1. The results report from OTMoveIt. [x]
2. The reports from VirusTotal. [x]
3. The log from the ComboFix scan. [x]
4. The log from the Panda scan. [Error]
5. The log from the Kaspersky scan. [Error]
6. A new HijackThis log. [x]



I couldn't run the Panda Scan, or the Kasperky Lab Scan. For some reason my Internet Explorer isn't working "because msvcl.dll was not found" or some such. When I try to install Internet Explorer 7 my computer goes to a blue screen then reboots. I hope those last two scans do not hinder the process of my CPU's recovery.
Last edited by ThePaper88; 04-25-2007 at 04:01 PM.
ThePaper88 is offline