Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Task manager greyed out, pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-11-2008, 07:53 PM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Task manager greyed out, pop-ups
extra.txtI got some kind of virus on my PC this morning. The task manager button is greyed out, both when I hit ctrl-alt-del and also if I right click the empty task bar area at the bottom of the screen. There is a pop-up about every minute from an icon on the bottom right of my screen saying I have spyware, and if I click on it, it tries to sell me software. It also added an "internet speed monitor" program, but I think I was able to delete that through add/remove programs. Here's my DSS report:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-11 18:29:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:20 PM, on 5/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\b2new.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kevin Butler.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A350914C-78B2-4012-AF9A-824333363C99} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINNT\system32\iifgGYop.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: iifgGYop - C:\WINNT\SYSTEM32\iifgGYop.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\b2new.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8128 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cmosa - c:\winnt\system32\drivers\cmosa.sys <Not Verified; Dell Computer Corporation.; DellŪ OpenManage Client Instrumentation>
R2 tcaicchg - c:\winnt\system32\tcaicchg.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic/Configuration>
R2 TCAITDI (TCAITDI Protocol) - c:\winnt\system32\drivers\tcaitdi.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic TDI Driver>
R3 hcwPP2 (Hauppauge WinTV PVR PCI II ([23|25|26]xxx)) - c:\winnt\system32\drivers\hcwpp2.sys <Not Verified; Hauppauge Computer Works, Inc.; WinTV>
R3 WinDriver6 - c:\winnt\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>
R3 X10UIF (%DESCRIPTION%) - c:\winnt\system32\drivers\x10uif.sys <Not Verified; X10 Wireless Technology, Inc.; X10 USB Control Interface>

S3 CA504AV (Mega Camera, WDM Video Capture) - c:\winnt\system32\drivers\ca504av.sys <Not Verified; Digital Camera.; Digital Camera Driver>
S3 DLPortIO (DriverLINX Port I/O Driver) - c:\winnt\system32\drivers\dlportio.sys
S3 Sunplus (Mega Camera Still Image Capture, Sunplus Version 1.00) - c:\winnt\system32\drivers\bulk504.sys <Not Verified; Sunplus; Bulk IO Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winnt\b2new.exe service
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\snapst~1\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\MGMT180\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\MGMT180\2&DABA3FF&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2006-09-04 17:20:39 426 --a------ C:\WINNT\Tasks\Symantec NetDetect.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:26:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_658.dat
2008-05-11 18:18:36 0 d-------- C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 15:02:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_27c.dat
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 14:19:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_284.dat
2008-05-11 10:47:21 21504 --a------ C:\WINNT\stcloader.exe
2008-05-11 10:47:19 13568 --a------ C:\WINNT\voiceip.dll
2008-05-11 10:47:19 31232 --a------ C:\WINNT\swin32.dll
2008-05-11 10:47:18 18432 --a------ C:\WINNT\cdsm32.dll
2008-05-11 10:47:18 25856 --a------ C:\WINNT\bokja.exe
2008-05-11 10:47:17 29440 --a------ C:\WINNT\mssvr.exe
2008-05-11 10:47:16 24064 --a------ C:\WINNT\mspphe.dll
2008-05-11 10:47:16 27136 --a------ C:\WINNT\bjam.dll
2008-05-11 10:47:15 22016 --a------ C:\WINNT\2020search2.dll
2008-05-11 10:47:14 22016 --a------ C:\WINNT\2020search.dll
2008-05-11 10:47:07 13824 --a------ C:\WINNT\saiemod.dll
2008-05-11 10:47:06 26368 --a------ C:\WINNT\msapasrc.dll
2008-05-11 10:47:06 25600 --a------ C:\WINNT\msa64chk.dll
2008-05-11 10:47:04 14848 --a------ C:\WINNT\shdocpl.dll
2008-05-11 10:47:03 12544 --a------ C:\WINNT\shdocpe.dll
2008-05-11 10:47:03 22016 --a------ C:\WINNT\ntnut.exe
2008-05-11 10:47:02 15616 --a------ C:\WINNT\winsb.dll
2008-05-11 10:47:02 31744 --a------ C:\WINNT\browserad.dll
2008-05-11 10:47:01 31744 --a------ C:\WINNT\aviwrap32.dll
2008-05-11 10:47:00 10752 --a------ C:\WINNT\avisynthex32.dll
2008-05-11 10:47:00 11008 --a------ C:\WINNT\avifile32.dll
2008-05-11 10:47:00 25600 --a------ C:\WINNT\autodisc32.dll
2008-05-11 10:46:59 11264 --a------ C:\WINNT\audiosrv32.dll
2008-05-11 10:46:59 24320 --a------ C:\WINNT\ati2dvag32.dll
2008-05-11 10:46:59 9216 --a------ C:\WINNT\ati2dvaa32.dll
2008-05-11 10:46:58 21248 --a------ C:\WINNT\athprxy32.dll
2008-05-11 10:46:58 25344 --a------ C:\WINNT\asycfilt32.dll
2008-05-11 10:46:57 16384 --a------ C:\WINNT\asferror32.dll
2008-05-11 10:46:57 30720 --a------ C:\WINNT\apphelp32.dll
2008-05-11 10:46:56 24832 --a------ C:\WINNT\changeurl_30.dll
2008-05-11 09:41:15 8069 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-05-11 09:36:13 0 d-------- C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:59 25728 --a------ C:\WINNT\system32\iifgGYop.dll
2008-05-11 09:35:56 0 d-------- C:\Program Files\QdrModule
2008-05-11 09:35:55 0 d-------- C:\Program Files\QdrDrive
2008-05-11 09:35:55 0 d-------- C:\Program Files\ISM
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-05-11 09:35:09 91563 --a------ C:\WINNT\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:35:09 91563 --a------ C:\WINNT\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:34:55 25600 --a------ C:\WINNT\b2new.exe
2008-05-09 12:10:08 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-09 11:10:10 229514 --a------ C:\WINNT\system32\000080.exe
2008-05-03 10:48:00 270709 --a------ C:\WINNT\system32\000060.exe
2008-05-01 17:52:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_28c.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-11 09:37:46 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat
2008-02-20 20:27:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5c4.dat
2008-02-20 20:11:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_e4.dat
2008-02-16 10:47:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
04/03/08 02:05p 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A350914C-78B2-4012-AF9A-824333363C99}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/11/08 09:36a 25728 --a------ C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/08 11:37a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [04/25/08 12:23p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINNT\system32\iifgGYop.dll [05/11/08 09:36a 25728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgGYop]
iifgGYop.dll 05/11/08 09:36a 25728 C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-11 18:31:36 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-15-2008, 01:57 AM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt report.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2008, 10:07 PM   #3 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
Sorry for the delay, my computer has gotten really bad and it's difficult to access the internet. I keep getting a Microsoft Visual C++ Runtime Library error saying "Buffer overrun detected! Program:C:\WINNT\Explorer.EXE A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated." At this point my PC freezes up completely and (since the task manager button is greyed out) I have to restart my computer. Here's a fresh DSS report:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-15 18:40:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:56 PM, on 5/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\b2new.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {BCA86068-A178-45AE-A05D-EBFD19A43265} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINNT\system32\iifgGYop.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: {721e2b5f-26e5-7a7a-bf04-89cc5a44f7bf} - {fb7f44a5-cc98-40fb-a7a7-5e62f5b2e127} - C:\WINNT\system32\qybjykpk.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [b880c3d9] rundll32.exe "C:\WINNT\system32\lvqwfjio.dll",b
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: iifgGYop - C:\WINNT\SYSTEM32\iifgGYop.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\b2new.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 8028 bytes

-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 18:40:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_638.dat
2008-05-15 17:23:13 98960 --a------ C:\WINNT\system32\qybjykpk.dll
2008-05-15 09:50:10 82960 --a------ C:\WINNT\system32\lvqwfjio.dll
2008-05-15 09:47:11 90304 --a------ C:\WINNT\system32\lnvepyvk.dll
2008-05-14 09:56:37 98928 --a------ C:\WINNT\system32\jewhhrgr.dll
2008-05-14 09:50:10 2048 --a------ C:\WINNT\system32\oajpqhhj.exe
2008-05-14 09:44:17 90208 --a------ C:\WINNT\system32\mkkibxpi.dll
2008-05-13 19:46:29 553548 ---h----- C:\WINNT\ShellIconCache
2008-05-13 09:53:12 98864 --a------ C:\WINNT\system32\eheejsbs.dll
2008-05-13 09:47:10 2048 --a------ C:\WINNT\system32\mqkjddwn.exe
2008-05-13 09:44:10 90176 --a------ C:\WINNT\system32\ndhfepxt.dll
2008-05-12 09:50:10 98896 --a------ C:\WINNT\system32\gkwigkko.dll
2008-05-12 09:47:10 2048 --a------ C:\WINNT\system32\qfldurte.exe
2008-05-12 09:44:10 90176 --a------ C:\WINNT\system32\ttofxqyb.dll
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-------- C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 15:02:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_27c.dat
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 14:19:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_284.dat
2008-05-11 10:47:21 21504 --a------ C:\WINNT\stcloader.exe
2008-05-11 10:47:19 13568 --a------ C:\WINNT\voiceip.dll
2008-05-11 10:47:19 31232 --a------ C:\WINNT\swin32.dll
2008-05-11 10:47:18 18432 --a------ C:\WINNT\cdsm32.dll
2008-05-11 10:47:18 25856 --a------ C:\WINNT\bokja.exe
2008-05-11 10:47:17 29440 --a------ C:\WINNT\mssvr.exe
2008-05-11 10:47:16 24064 --a------ C:\WINNT\mspphe.dll
2008-05-11 10:47:16 27136 --a------ C:\WINNT\bjam.dll
2008-05-11 10:47:15 22016 --a------ C:\WINNT\2020search2.dll
2008-05-11 10:47:14 22016 --a------ C:\WINNT\2020search.dll
2008-05-11 10:47:07 13824 --a------ C:\WINNT\saiemod.dll
2008-05-11 10:47:06 26368 --a------ C:\WINNT\msapasrc.dll
2008-05-11 10:47:06 25600 --a------ C:\WINNT\msa64chk.dll
2008-05-11 10:47:04 14848 --a------ C:\WINNT\shdocpl.dll
2008-05-11 10:47:03 12544 --a------ C:\WINNT\shdocpe.dll
2008-05-11 10:47:03 22016 --a------ C:\WINNT\ntnut.exe
2008-05-11 10:47:02 15616 --a------ C:\WINNT\winsb.dll
2008-05-11 10:47:02 31744 --a------ C:\WINNT\browserad.dll
2008-05-11 10:47:01 31744 --a------ C:\WINNT\aviwrap32.dll
2008-05-11 10:47:00 10752 --a------ C:\WINNT\avisynthex32.dll
2008-05-11 10:47:00 11008 --a------ C:\WINNT\avifile32.dll
2008-05-11 10:47:00 25600 --a------ C:\WINNT\autodisc32.dll
2008-05-11 10:46:59 11264 --a------ C:\WINNT\audiosrv32.dll
2008-05-11 10:46:59 24320 --a------ C:\WINNT\ati2dvag32.dll
2008-05-11 10:46:59 9216 --a------ C:\WINNT\ati2dvaa32.dll
2008-05-11 10:46:58 21248 --a------ C:\WINNT\athprxy32.dll
2008-05-11 10:46:58 25344 --a------ C:\WINNT\asycfilt32.dll
2008-05-11 10:46:57 16384 --a------ C:\WINNT\asferror32.dll
2008-05-11 10:46:57 30720 --a------ C:\WINNT\apphelp32.dll
2008-05-11 10:46:56 24832 --a------ C:\WINNT\changeurl_30.dll
2008-05-11 09:41:15 1221139 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-05-11 09:36:13 0 d-------- C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:59 25728 --a------ C:\WINNT\system32\iifgGYop.dll
2008-05-11 09:35:55 0 d-------- C:\Program Files\QdrDrive
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-05-11 09:35:09 91563 --a------ C:\WINNT\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:35:09 91563 --a------ C:\WINNT\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-11 09:34:55 25600 --a------ C:\WINNT\b2new.exe
2008-05-09 12:10:08 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-09 11:10:10 229514 --a------ C:\WINNT\system32\000080.exe
2008-05-03 10:48:00 270709 --a------ C:\WINNT\system32\000060.exe
2008-05-01 17:52:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_28c.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-11 09:37:46 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat
2008-02-20 20:27:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5c4.dat
2008-02-20 20:11:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_e4.dat
2008-02-16 10:47:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA86068-A178-45AE-A05D-EBFD19A43265}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/11/08 09:36a 25728 --a------ C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb7f44a5-cc98-40fb-a7a7-5e62f5b2e127}]
05/15/08 05:23p 98960 --a------ C:\WINNT\system32\qybjykpk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/08 11:37a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]
"b880c3d9"="C:\WINNT\system32\lvqwfjio.dll" [05/15/08 09:50a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINNT\system32\iifgGYop.dll [05/11/08 09:36a 25728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgGYop]
iifgGYop.dll 05/11/08 09:36a 25728 C:\WINNT\system32\iifgGYop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-15 18:42:11 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2008, 10:39 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Hi,

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2008, 05:56 PM   #5 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
After running Combofix, the task manager button is back. I'm still getting popups and the Visual C++ crash I discussed below. First, here's the combofix log:

ComboFix 08-05-15.3 - Kevin Butler 05/16/2008 13:07:14.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.176 [GMT -6:00]
Running from: C:\Documents and Settings\Kevin Butler\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\WINNT\123messenger.per
C:\WINNT\2020search.dll
C:\WINNT\2020search2.dll
C:\WINNT\apphelp32.dll
C:\WINNT\asferror32.dll
C:\WINNT\asycfilt32.dll
C:\WINNT\athprxy32.dll
C:\WINNT\ati2dvaa32.dll
C:\WINNT\ati2dvag32.dll
C:\WINNT\audiosrv32.dll
C:\WINNT\autodisc32.dll
C:\WINNT\avifile32.dll
C:\WINNT\avisynthex32.dll
C:\WINNT\aviwrap32.dll
C:\WINNT\b2new.exe
C:\WINNT\bjam.dll
C:\WINNT\bokja.exe
C:\WINNT\browserad.dll
C:\WINNT\cdsm32.dll
C:\WINNT\changeurl_30.dll
C:\WINNT\default.htm
C:\WINNT\didduid.ini
C:\WINNT\lfn.exe
C:\WINNT\licencia.txt
C:\WINNT\mainms.vpi
C:\WINNT\megavid.cdt
C:\WINNT\msa64chk.dll
C:\WINNT\msapasrc.dll
C:\WINNT\mspphe.dll
C:\WINNT\mssvr.exe
C:\WINNT\muotr.so
C:\WINNT\ntnut.exe
C:\WINNT\pskt.ini
C:\WINNT\saiemod.dll
C:\WINNT\shdocpe.dll
C:\WINNT\shdocpl.dll
C:\WINNT\stcloader.exe
C:\WINNT\swin32.dll
C:\WINNT\system32\000060.exe
C:\WINNT\system32\000080.exe
C:\WINNT\system32\bwmoxylf.dll
C:\WINNT\system32\eheejsbs.dll
C:\WINNT\system32\gkwigkko.dll
C:\WINNT\system32\HNWDNqru.ini
C:\WINNT\system32\HNWDNqru.ini2
C:\WINNT\system32\iifgGYop.dll
C:\WINNT\system32\jewhhrgr.dll
C:\WINNT\system32\jttrjxew.ini
C:\WINNT\system32\kmptuott.dll
C:\WINNT\system32\lnvepyvk.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\mkkibxpi.dll
C:\WINNT\system32\mqkjddwn.exe
C:\WINNT\system32\MSINET.oca
C:\WINNT\system32\ndhfepxt.dll
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\oajpqhhj.exe
C:\WINNT\system32\oijfwqvl.ini
C:\WINNT\system32\pac.txt
C:\WINNT\system32\pbyancum.ini
C:\WINNT\system32\qfldurte.exe
C:\WINNT\system32\qybjykpk.dll
C:\WINNT\system32\sft.res
C:\WINNT\system32\ttofxqyb.dll
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\system32\wxmmdigw.ini
C:\WINNT\telefonos.txt
C:\WINNT\textos.txt
C:\WINNT\voiceip.dll
C:\WINNT\Web\default.htt
C:\WINNT\winsb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 13:26 . 08-05-16 13:26 345 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-16 13:26 . 08-05-16 13:28 345 --ahs---- C:\WINNT\system32\HNWDNqru.ini
2008-05-16 13:26 . 08-05-16 13:26 294 ---hs---- C:\WINNT\system32\nhtjxvyk.ini
2008-05-16 09:58 . 08-05-16 09:58 82,992 --a------ C:\WINNT\system32\kyvxjthn.dll
2008-05-15 19:00 . 08-05-15 19:00 <DIR> d-------- C:\WINNT\McAfee.com
2008-05-13 19:46 . 08-05-13 19:46 553,548 ---h----- C:\WINNT\ShellIconCache
2008-05-12 09:44 . 08-05-16 09:46 109,807 --a------ C:\WINNT\BMbbb3f045.xml
2008-05-11 18:30 . 08-05-11 18:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 18:29 . 08-05-11 18:29 <DIR> d-------- C:\Deckard
2008-05-11 18:18 . 08-05-11 18:18 <DIR> d-a------ C:\WINNT\system32\BITS
2008-05-11 18:12 . 07-07-30 19:19 549,720 --a------ C:\WINNT\system32\wuapi.dll
2008-05-11 18:12 . 07-07-30 19:19 325,976 --a------ C:\WINNT\system32\wucltui.dll
2008-05-11 18:12 . 07-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll
2008-05-11 18:12 . 07-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 33,624 --a------ C:\WINNT\system32\wups.dll
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:04 . 08-05-11 18:04 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe
2008-05-11 16:29 . 08-05-11 16:31 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 14:52 . 08-05-11 14:58 2,822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28 . 08-05-11 14:59 <DIR> d-------- C:\Program Files\SmitfraudFix
2008-05-11 14:25 . 08-05-11 14:25 1,390,255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 09:41 . 08-05-11 09:41 316,464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:37 . 08-05-11 09:37 578 --a------ C:\WINNT\index.html
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-a------ C:\WINNT\system32\dFrnx06
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-------- C:\Temp\tmpvc14
2008-05-11 09:36 . 08-05-11 09:36 <DIR> d-------- C:\Temp
2008-05-01 17:52 . 08-05-01 17:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_28c.dat
2008-04-17 18:32 . 08-04-17 18:32 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-04-17 18:32 . 08-04-17 18:32 1,409 --a------ C:\WINNT\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 02:02 --------- d-----w C:\Program Files\Ahead
2008-04-02 01:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-02 01:46 830,293 ----a-w C:\WINNT\hpdvd840b_HJ86.exe
2008-02-23 03:59 50 ----a-w C:\tmp.bat
2007-10-01 02:06 60,720 ----a-w C:\Documents and Settings\Kevin Butler\Application Data\GDIPFONTCACHEV1.DAT
2007-09-16 22:02 40,738,456 ----a-w C:\Program Files\zlsSetup_70_337_000_en.exe
2007-08-21 03:14 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe
2007-08-21 01:48 247,608 ----a-w C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2007-05-15 04:44 23,875,478 ----a-w C:\Program Files\WinAVR-20060421-install.exe
2007-05-15 04:34 47,631,556 ----a-w C:\Program Files\aStudio4b460.exe
2007-05-15 04:20 77,414,298 ----a-w C:\Program Files\aStudio4b528.exe
2007-05-15 03:54 26,874,781 ----a-w C:\Program Files\aStudio412SP4b498.exe
2007-05-13 03:24 23,984,334 ----a-w C:\Program Files\WinAVR-20070122-install.exe
2007-04-29 22:00 943,376 ----a-w C:\Program Files\ttermp23.zip
2007-01-27 16:13 14,231,915 ----a-w C:\Program Files\moonshell16_with_dpgtools121.zip
2007-01-14 15:29 138 ----a-w C:\Program Files\DPGPlay.ini
2007-01-09 00:53 1,658,957 ----a-w C:\Program Files\gerbmagi.zip
2007-01-07 17:32 3,799,568 ----a-w C:\Program Files\BatchDPG_v1.2.zip
2007-01-07 17:31 3,799,092 ----a-w C:\Program Files\BatchDPG_v1.2.7z
2007-01-07 17:30 24,265,736 ----a-w C:\Program Files\dotnetfx.exe
2007-01-06 00:19 3,158,471 ----a-w C:\Program Files\Avisynth_256.exe
2006-12-31 04:24 836,783 ----a-w C:\Program Files\7z442.exe
2006-12-31 04:04 6,769,576 ----a-w C:\Program Files\moonshell10_dpgtools.zip
2006-12-28 03:24 602,688 ----a-w C:\Program Files\SP4Express_EN.exe
2006-12-28 02:58 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2006-12-28 02:34 11,293,184 ----a-w C:\Program Files\eagle-win-eng-4.16r2.exe
2006-12-08 23:33 1,876,384 ----a-w C:\Program Files\ezip35.exe
2006-11-15 00:08 556 ----a-w C:\Program Files\Readme.txt
2006-11-15 00:07 211,838 ----a-w C:\Program Files\dpgplay.exe
2006-11-15 00:04 6,621 ----a-w C:\Program Files\dpgplay.au3
2006-11-14 20:41 3,161 ----a-w C:\Program Files\demux.pb
2006-11-14 20:36 7,168 ----a-w C:\Program Files\demux.exe
2006-10-27 01:56 8,645,474 ----a-w C:\Program Files\ce2kmain.exe
2006-09-24 11:23 7,812,065 ----a-w C:\Program Files\mplayer.exe
2006-09-05 03:27 11,682,968 ----a-w C:\Program Files\setupeng.exe
2006-09-05 01:17 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-09-04 21:36 271 ---h--w C:\Program Files\desktop.ini
2006-09-04 21:36 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3405B89F-B93E-45A6-A932-8B32477CC11D}]
08-05-11 09:41 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38c60d79-637e-4e19-86a3-0d49aff229e0}]
08-05-16 13:32 98896 --a------ C:\WINNT\system32\uhuudgbf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [07-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 111376 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [04-07-15 11:42 4112384]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [04-07-15 11:42 843776 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [04-07-15 11:42 81920]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [04-08-18 13:07 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-06 18:08 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-10-10 20:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-11-14 17:05 919016]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [04-09-03 02:58 65536]
"BMbbb3f045"="C:\WINNT\system32\ibyvwkcp.dll" [08-05-16 13:29 90240]
"b880c3d9"="C:\WINNT\system32\jgxkcigu.dll" [08-05-16 13:30 82992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\urqNDWNH

R0 idebd;idebd;C:\WINNT\system32\DRIVERS\idebd.sys [00-05-30 00:00 ]
R0 IntelATA;IntelATA;C:\WINNT\system32\DRIVERS\intelata.sys [00-05-30 00:00 ]
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-03-29 11:31 ]
R1 cmosa;cmosa;C:\WINNT\system32\drivers\cmosa.sys [00-05-08 20:50 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 09:34 ]
R2 tcaicchg;tcaicchg;C:\WINNT\System32\tcaicchg.sys [00-06-06 18:08 ]
R2 TCAITDI;TCAITDI Protocol;C:\WINNT\system32\DRIVERS\TCAITDI.sys [00-06-07 20:49 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 06:22 ]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [03-06-19 13:05 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 13:05 ]
R3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys [99-09-24 17:55 ]
S3 CA504AV;Mega Camera, WDM Video Capture;C:\WINNT\system32\Drivers\CA504AV.SYS [02-01-31 00:02 ]
S3 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [00-06-29 16:24 ]
S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;C:\WINNT\system32\Drivers\Bulk504.sys [01-10-05 17:33 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2006-09-04 23:20:39 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:25:30
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

\WINNT\explorer.exe [1152] 0x816AB2E0

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINNT\system32\ibyvwkcp.dll 90240 bytes executable
C:\WINNT\system32\nhtjxvyk.ini 294 bytes
C:\WINNT\system32\ugickxgj.ini 1468970 bytes
C:\WINNT\system32\uhuudgbf.dll 98896 bytes executable
C:\WINNT\system32\jgxkcigu.dll 82992 bytes executable
C:\WINNT\system32\ihnqlgii.exe 2048 bytes executable
C:\WINNT\system32\HNWDNqru.ini 1348605 bytes
C:\WINNT\system32\HNWDNqru.ini2 1348304 bytes
C:\WINNT\system32\Perflib_Perfdata_3b4.dat 16384 bytes
C:\WINNT\system32\Perflib_Perfdata_430.dat 16384 bytes

scan completed successfully
hidden files: 10

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\explorer.exe
-> C:\WINNT\system32\jgxkcigu.dll
-> C:\WINNT\system32\ibyvwkcp.dll
-> C:\WINNT\system32\urqNDWNH.dll
-> ?:\WINNT\System32\TXFAUX.DLL
.
Completion time: 2008-05-16 13:38:59 - machine was rebooted [Kevin Butler]
ComboFix-quarantined-files.txt 2008-05-16 19:38:36

Pre-Run: 21,070,467,072 bytes free
Post-Run: 22,146,449,408 bytes free

267


And here's the fresh DSS log:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-16 17:50:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:59 PM, on 5/16/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: {0e922ffa-94d0-3a68-91e4-e73697d06c83} - {38c60d79-637e-4e19-86a3-0d49aff229e0} - C:\WINNT\system32\uhuudgbf.dll
O2 - BHO: (no name) - {46FFD7B8-AB32-4AA5-BD9C-126D97C1C7AF} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [b880c3d9] rundll32.exe "C:\WINNT\system32\jgxkcigu.dll",b
O4 - HKLM\..\Run: [BMbbb3f045] Rundll32.exe "C:\WINNT\system32\ibyvwkcp.dll",s
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 7291 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 17:50:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_60c.dat
2008-05-16 17:46:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_294.dat
2008-05-16 13:32:24 98896 --a------ C:\WINNT\system32\uhuudgbf.dll
2008-05-16 13:30:48 2048 --a------ C:\WINNT\system32\ihnqlgii.exe
2008-05-16 13:30:28 82992 --a------ C:\WINNT\system32\jgxkcigu.dll
2008-05-16 13:29:12 90240 --a------ C:\WINNT\system32\ibyvwkcp.dll
2008-05-16 13:26:23 1349836 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-16 1312 68096 --a------ C:\WINNT\zip.exe
2008-05-16 1312 49152 --a------ C:\WINNT\VFind.exe
2008-05-16 1312 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-16 1312 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-16 1312 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-16 1312 98816 --a------ C:\WINNT\sed.exe
2008-05-16 1312 80412 --a------ C:\WINNT\grep.exe
2008-05-16 1312 73728 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-15 19:00:23 0 d-------- C:\WINNT\McAfee.com
2008-05-13 19:46:29 553548 ---h----- C:\WINNT\ShellIconCache
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-a------ C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:36:13 0 d-a------ C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-05-16 08:52:40 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38c60d79-637e-4e19-86a3-0d49aff229e0}]
05/16/08 01:32p 98896 --a------ C:\WINNT\system32\uhuudgbf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46FFD7B8-AB32-4AA5-BD9C-126D97C1C7AF}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 02:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]
"b880c3d9"="C:\WINNT\system32\jgxkcigu.dll" [05/16/08 01:30p]
"BMbbb3f045"="C:\WINNT\system32\ibyvwkcp.dll" [05/16/08 01:29p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-16 17:51:53 ------------


Thanks so much for your help, I really appreciate it!
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2008, 05:50 AM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Hi,

were you the one who created this index.html page? C:\WINNT\index.html? If not, can you check it out for me please.

Also, were you the one who created this batch file: C:\tmp.bat? If not, please right click it and select edit. Notepad will open with some contents. Please post the contents here. DO NOT double click it.


*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

Internet Speed Monitor
Outerinfo

The following are leftovers from your norton installation. You can remove them now.

LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
________

Combofix Deletions
  • Open notepad.
  • Copy and paste the text inside the code box below to notepad
Code:
Killall::

File::
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\kyvxjthn.dll
C:\WINNT\BMbbb3f045.xml
C:\Program Files\SmitfraudFix.exe
C:\WINNT\system32\urqNDWNH.dll
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINNT\Tasks\Symantec NetDetect.job
C:\WINNT\system32\ibyvwkcp.dll
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\ugickxgj.ini 
C:\WINNT\system32\uhuudgbf.dll
C:\WINNT\system32\jgxkcigu.dll
C:\WINNT\system32\ihnqlgii.exe
C:\WINNT\system32\HNWDNqru.ini2
C:\WINNT\system32\HNWDNqru.ini
Folder::
C:\Program Files\SmitfraudFix
C:\WINNT\system32\dFrnx06
C:\Temp\tmpvc14
C:\Temp
C:\Program Files\ISM
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3405B89F-B93E-45A6-A932-8B32477CC11D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38c60d79-637e-4e19-86a3-0d49aff229e0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMbbb3f045"=-
"b880c3d9"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.
  • You can take a look at the image below if you're unsure on how to do it.
  • Combofix wil restart your machine then it will produce a log afterwards.
  • Please post the contents of that log along with a fresh HijackThis log.
_________

Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
_________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u6, and install it to your computer.

On your next reply, please include a
  • Fresh HijackThis log.
  • kaspersky scan log
  • combofix log
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Last edited by Angelfire777; 05-17-2008 at 05:52 AM.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2008, 09:52 PM   #7 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
The index.html file was a webpage with a malware alert on it. I deleted it.

Here is the one line of the tmp.bat file:

C:\DOCUME~1\KEVINB~1\LOCALS~1\Temp\GB1-tmp1i.exe

The internet speed monitor and outerinfo were already gone, and I removed the symantec programs you mentioned below.

I had problems running HijackThis, when I try to open it I get the following program error:
"HT.exe has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." I tried restarting my computer and then restarting HT, but I got the same message. I was not able to locate the error log.

I also had a problem with ComboFix. When I dragged and dropped the provided text, I received the following error:
"Cannot import... The specified file is not a registry script. You can import only registry files."

Here's the result of the Kapersky scan:

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 17, 2008 10:33:09 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781037


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 57045
Number of viruses found 7
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 01:37:25

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\Application Data\ApplicationHistory\Firefly.exe.ba4ab87a.ini.inuse Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Butler\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kevin Butler\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe RAR: infected - 1 skipped

C:\QooBox\Quarantine\C\WINNT\b2new.exe.vir Infected: Trojan-Downloader.Win32.Agent.otg skipped

C:\QooBox\Quarantine\C\WINNT\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\QooBox\Quarantine\C\WINNT\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped

C:\QooBox\Quarantine\C\WINNT\system32\000060.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped

C:\QooBox\Quarantine\C\WINNT\system32\000060.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped

C:\QooBox\Quarantine\C\WINNT\system32\000060.exe.vir NSIS: infected - 2 skipped

C:\QooBox\Quarantine\C\WINNT\system32\000080.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped

C:\QooBox\Quarantine\C\WINNT\system32\000080.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINNT\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped

C:\WINNT\CSC\00000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINNT\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINNT\Internet Logs\KARMA.ldb Object is locked skipped

C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped

C:\WINNT\security\logs\scepol.log Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\Sti_Trace.log Object is locked skipped

C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

C:\WINNT\system32\dFrnx06\dFrnx061083.exe Infected: Trojan-Downloader.Win32.VB.ehl skipped

C:\WINNT\system32\Perflib_Perfdata_294.dat Object is locked skipped

C:\WINNT\system32\Perflib_Perfdata_480.dat Object is locked skipped

C:\WINNT\Temp\ZLT05751.TMP Object is locked skipped

C:\WINNT\Temp\ZLT05757.TMP Object is locked skipped

C:\WINNT\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.


Here's the DSS log:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-19 21:40:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:12 PM, on 5/19/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\msiexec.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {1513F635-9FC5-40B4-956F-1D151DF74501} - C:\WINNT\system32\urqNDWNH.dll
O2 - BHO: {03607b18-6f99-262a-ed84-833404bbace3} - {3ecabb40-4338-48de-a262-99f681b70630} - C:\WINNT\system32\uaflvoqm.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [BMbbb3f045] Rundll32.exe "C:\WINNT\system32\bdhtmmtk.dll",s
O4 - HKLM\..\Run: [b880c3d9] rundll32.exe "C:\WINNT\system32\pxnltavr.dll",b
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 6898 bytes

-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 21:37:31 0 d-a------ C:\WINNT\system32\appmgmt
2008-05-19 20:02:13 83024 --a------ C:\WINNT\system32\pxnltavr.dll
2008-05-19 19:59:13 99856 --a------ C:\WINNT\system32\uaflvoqm.dll
2008-05-19 19:56:13 2560 --a------ C:\WINNT\system32\esohjyel.exe
2008-05-19 19:54:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4f4.dat
2008-05-19 19:54:00 90160 --a------ C:\WINNT\system32\bdhtmmtk.dll
2008-05-19 19:50:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3e8.dat
2008-05-17 10:36:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_298.dat
2008-05-17 08:29:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-17 08:29:37 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-16 13:32:24 98896 --a------ C:\WINNT\system32\uhuudgbf.dll
2008-05-16 13:30:48 2048 --a------ C:\WINNT\system32\ihnqlgii.exe
2008-05-16 13:30:28 82992 -----n--- C:\WINNT\system32\jgxkcigu.dll
2008-05-16 13:29:12 90240 --a------ C:\WINNT\system32\ibyvwkcp.dll
2008-05-16 13:26:23 1009711 --ahs---- C:\WINNT\system32\HNWDNqru.ini2
2008-05-15 19:00:23 0 d-------- C:\WINNT\McAfee.com
2008-05-13 19:46:29 743154 ---h----- C:\WINNT\ShellIconCache
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-a------ C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 14:28:25 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2008-05-11 14:25:20 1390255 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-11 09:41:10 316464 --a------ C:\WINNT\system32\urqNDWNH.dll
2008-05-11 09:36:13 0 d-a------ C:\WINNT\system32\dFrnx06
2008-05-11 09:36:13 0 d-------- C:\Temp
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-05-19 21:38:06 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1513F635-9FC5-40B4-956F-1D151DF74501}]
05/11/08 09:41a 316464 --a------ C:\WINNT\system32\urqNDWNH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ecabb40-4338-48de-a262-99f681b70630}]
05/19/08 07:59p 99856 --a------ C:\WINNT\system32\uaflvoqm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]
"BMbbb3f045"="C:\WINNT\system32\bdhtmmtk.dll" [05/19/08 07:54p]
"b880c3d9"="C:\WINNT\system32\pxnltavr.dll" [05/19/08 08:02p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\urqNDWNH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-19 21:41:02 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-19-2008, 10:12 PM   #8 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Quote:
I also had a problem with ComboFix. When I dragged and dropped the provided text, I received the following error:
"Cannot import... The specified file is not a registry script. You can import only registry files."
First time I saw an error like that. Could you repeat the steps again please and make sure you follow every detail of the instruction.

If it still won't work, please attempt to use cfscript in safe mode:

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

Let me know how it goes.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-20-2008, 09:57 PM   #9 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
I tried the CFScript again, both in normal mode and safe mode, and got the same error both times. I decided to go ahead with CF anyway, and I think it worked properly, so maybe the error didn't really interfere. My computer is running much better now. Here's the CF log:

ComboFix 08-05-20.4 - Kevin Butler 05/20/2008 20:44:25.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.329 [GMT -6:00]
Running from: C:\Documents and Settings\Kevin Butler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin Butler\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\SmitfraudFix.exe
C:\WINNT\BMbbb3f045.xml
C:\WINNT\system32\HNWDNqru.ini
C:\WINNT\system32\HNWDNqru.ini2
C:\WINNT\system32\ibyvwkcp.dll
C:\WINNT\system32\ihnqlgii.exe
C:\WINNT\system32\jgxkcigu.dll
C:\WINNT\system32\kyvxjthn.dll
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\ugickxgj.ini
C:\WINNT\system32\uhuudgbf.dll
C:\WINNT\system32\urqNDWNH.dll
C:\WINNT\Tasks\Symantec NetDetect.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kevin Butler\Local Settings\Temporary Internet Files\index.dat
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\SmitfraudFix
C:\Program Files\SmitfraudFix.exe
C:\Program Files\SmitfraudFix\404Fix.exe
C:\Program Files\SmitfraudFix\dumphive.exe
C:\Program Files\SmitfraudFix\exit.exe
C:\Program Files\SmitfraudFix\GenericRenosFix.exe
C:\Program Files\SmitfraudFix\HostsChk.exe
C:\Program Files\SmitfraudFix\IEDFix.exe
C:\Program Files\SmitfraudFix\Process.exe
C:\Program Files\SmitfraudFix\restart.exe
C:\Program Files\SmitfraudFix\SmitfraudFix.cmd
C:\Program Files\SmitfraudFix\SmiUpdate.exe
C:\Program Files\SmitfraudFix\SrchSTS.exe
C:\Program Files\SmitfraudFix\swreg.exe
C:\Program Files\SmitfraudFix\swsc.exe
C:\Program Files\SmitfraudFix\swxcacls.exe
C:\Program Files\SmitfraudFix\UIFix.exe
C:\Program Files\SmitfraudFix\unzip.exe
C:\Program Files\SmitfraudFix\VACFix.exe
C:\Program Files\SmitfraudFix\VCCLSID.exe
C:\Program Files\SmitfraudFix\WS2Fix.exe
C:\Program Files\Symantec
C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
C:\Temp
C:\WINNT\BMbbb3f045.xml
C:\WINNT\cookies.ini
C:\WINNT\pskt.ini
C:\WINNT\system32\bdhtmmtk.dll
C:\WINNT\system32\dFrnx06
C:\WINNT\system32\dFrnx06\dFrnx061083.exe
C:\WINNT\system32\esohjyel.exe
C:\WINNT\system32\HNWDNqru.ini
C:\WINNT\system32\HNWDNqru.ini2
C:\WINNT\system32\ibyvwkcp.dll
C:\WINNT\system32\icetdlnm.ini
C:\WINNT\system32\ihnqlgii.exe
C:\WINNT\system32\kgkgbsxm.dll
C:\WINNT\system32\mnldteci.dll
C:\WINNT\system32\nhtjxvyk.ini
C:\WINNT\system32\pxnltavr.dll
C:\WINNT\system32\rvatlnxp.ini
C:\WINNT\system32\uaflvoqm.dll
C:\WINNT\system32\udvwpqhv.exe
C:\WINNT\system32\ugickxgj.ini
C:\WINNT\system32\uhuudgbf.dll
C:\WINNT\system32\urqNDWNH.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-20 20:53 . 08-05-20 20:53 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_290.dat
2008-05-17 08:29 . 08-05-17 08:29 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-17 08:29 . 08-05-17 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-15 19:00 . 08-05-15 19:00 <DIR> d-------- C:\WINNT\McAfee.com
2008-05-11 18:30 . 08-05-11 18:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 18:29 . 08-05-11 18:29 <DIR> d-------- C:\Deckard
2008-05-11 18:18 . 08-05-11 18:18 <DIR> d-a------ C:\WINNT\system32\BITS
2008-05-11 18:12 . 07-07-30 19:19 549,720 --a------ C:\WINNT\system32\wuapi.dll
2008-05-11 18:12 . 07-07-30 19:19 325,976 --a------ C:\WINNT\system32\wucltui.dll
2008-05-11 18:12 . 07-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll
2008-05-11 18:12 . 07-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 33,624 --a------ C:\WINNT\system32\wups.dll
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
2008-05-11 18:12 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui
2008-05-11 18:12 . 07-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-11 18:05 . 08-05-11 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:04 . 08-05-11 18:04 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe
2008-05-11 16:29 . 08-05-11 16:31 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 14:52 . 08-05-11 14:58 2,822 --a------ C:\WINNT\system32\tmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 02:02 --------- d-----w C:\Program Files\Ahead
2008-04-02 01:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-02 01:46 830,293 ----a-w C:\WINNT\hpdvd840b_HJ86.exe
2008-02-23 03:59 50 ----a-w C:\tmp.bat
2007-10-01 02:06 60,720 ----a-w C:\Documents and Settings\Kevin Butler\Application Data\GDIPFONTCACHEV1.DAT
2007-09-16 22:02 40,738,456 ----a-w C:\Program Files\zlsSetup_70_337_000_en.exe
2007-08-21 03:14 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe
2007-08-21 01:48 247,608 ----a-w C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2007-05-15 04:44 23,875,478 ----a-w C:\Program Files\WinAVR-20060421-install.exe
2007-05-15 04:34 47,631,556 ----a-w C:\Program Files\aStudio4b460.exe
2007-05-15 04:20 77,414,298 ----a-w C:\Program Files\aStudio4b528.exe
2007-05-15 03:54 26,874,781 ----a-w C:\Program Files\aStudio412SP4b498.exe
2007-05-13 03:24 23,984,334 ----a-w C:\Program Files\WinAVR-20070122-install.exe
2007-04-29 22:00 943,376 ----a-w C:\Program Files\ttermp23.zip
2007-01-27 16:13 14,231,915 ----a-w C:\Program Files\moonshell16_with_dpgtools121.zip
2007-01-14 15:29 138 ----a-w C:\Program Files\DPGPlay.ini
2007-01-09 00:53 1,658,957 ----a-w C:\Program Files\gerbmagi.zip
2007-01-07 17:32 3,799,568 ----a-w C:\Program Files\BatchDPG_v1.2.zip
2007-01-07 17:31 3,799,092 ----a-w C:\Program Files\BatchDPG_v1.2.7z
2007-01-07 17:30 24,265,736 ----a-w C:\Program Files\dotnetfx.exe
2007-01-06 00:19 3,158,471 ----a-w C:\Program Files\Avisynth_256.exe
2006-12-31 04:24 836,783 ----a-w C:\Program Files\7z442.exe
2006-12-31 04:04 6,769,576 ----a-w C:\Program Files\moonshell10_dpgtools.zip
2006-12-28 03:24 602,688 ----a-w C:\Program Files\SP4Express_EN.exe
2006-12-28 02:58 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2006-12-28 02:34 11,293,184 ----a-w C:\Program Files\eagle-win-eng-4.16r2.exe
2006-12-08 23:33 1,876,384 ----a-w C:\Program Files\ezip35.exe
2006-11-15 00:08 556 ----a-w C:\Program Files\Readme.txt
2006-11-15 00:07 211,838 ----a-w C:\Program Files\dpgplay.exe
2006-11-15 00:04 6,621 ----a-w C:\Program Files\dpgplay.au3
2006-11-14 20:41 3,161 ----a-w C:\Program Files\demux.pb
2006-11-14 20:36 7,168 ----a-w C:\Program Files\demux.exe
2006-10-27 01:56 8,645,474 ----a-w C:\Program Files\ce2kmain.exe
2006-09-24 11:23 7,812,065 ----a-w C:\Program Files\mplayer.exe
2006-09-05 03:27 11,682,968 ----a-w C:\Program Files\setupeng.exe
2006-09-05 01:17 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-09-04 21:36 271 ---h--w C:\Program Files\desktop.ini
2006-09-04 21:36 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((( snapshot@Fri 2008-05-16_13.37.46.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 14:00:00 73,728 ----a-w C:\WINNT\fdsv.exe
+ 2000-08-31 14:00:00 89,504 ----a-w C:\WINNT\fdsv.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [07-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 111376 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [04-07-15 11:42 4112384]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [04-07-15 11:42 843776 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [04-07-15 11:42 81920]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [04-08-18 13:07 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-06 18:08 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-10-10 20:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-11-14 17:05 919016]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [04-09-03 02:58 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL

R0 idebd;idebd;C:\WINNT\system32\DRIVERS\idebd.sys [00-05-30 00:00 ]
R0 IntelATA;IntelATA;C:\WINNT\system32\DRIVERS\intelata.sys [00-05-30 00:00 ]
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-03-29 11:31 ]
R1 cmosa;cmosa;C:\WINNT\system32\drivers\cmosa.sys [00-05-08 20:50 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 09:34 ]
R2 tcaicchg;tcaicchg;C:\WINNT\System32\tcaicchg.sys [00-06-06 18:08 ]
R2 TCAITDI;TCAITDI Protocol;C:\WINNT\system32\DRIVERS\TCAITDI.sys [00-06-07 20:49 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 06:22 ]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [03-06-19 13:05 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 13:05 ]
R3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys [99-09-24 17:55 ]
S3 CA504AV;Mega Camera, WDM Video Capture;C:\WINNT\system32\Drivers\CA504AV.SYS [02-01-31 00:02 ]
S3 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [00-06-29 16:24 ]
S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;C:\WINNT\system32\Drivers\Bulk504.sys [01-10-05 17:33 ]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 20:55:26
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINNT\system32\Perflib_Perfdata_500.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-05-20 2118 - machine was rebooted [Kevin Butler]
ComboFix-quarantined-files.txt 2008-05-21 0308
ComboFix2.txt 2008-05-16 19:39:01

Pre-Run: 24,082,644,992 bytes free
Post-Run: 24,091,574,272 bytes free

213

and here's the latest DSS log:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-20 21:32:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:33 PM, on 5/20/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\WINNT\explorer.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 6765 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-20 21:00:18 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_500.dat
2008-05-20 20:53:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_290.dat
2008-05-20 20:43:10 68096 --a------ C:\WINNT\zip.exe
2008-05-20 20:43:10 49152 --a------ C:\WINNT\VFind.exe
2008-05-20 20:43:10 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 20:43:10 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-20 20:43:10 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 20:43:10 98816 --a------ C:\WINNT\sed.exe
2008-05-20 20:43:10 80412 --a------ C:\WINNT\grep.exe
2008-05-20 20:43:10 89504 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-19 21:37:31 0 d-a------ C:\WINNT\system32\appmgmt
2008-05-17 08:29:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-17 08:29:37 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-15 19:00:23 0 d-------- C:\WINNT\McAfee.com
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-a------ C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-05-20 20:45:00 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

*Newly Created Service* - PSEXESVC



-- End of Deckard's System Scanner: finished at 2008-05-20 21:33:29 ------------

Let me know how it looks. Thanks!
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-20-2008, 10:39 PM   #10 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

On your next reply, please include a
  • Fresh HijackThis log.
  • A detailed description on how's your machine running.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2008, 01:13 PM   #11 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
I was able to run the HijackThis scan and fix. Here are the problems I was experiencing and the current state:

Task Manager was greyed out: fixed
Popups: fixed
Visual C++ error: fixed
Slow performance: fixed

Performance-wise, my PC seems like it's back to normal. Here's the latest HT log:

Deckard's System Scanner v20071014.68
Run by Kevin Butler on 2008-05-21 1305
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin Butler.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 109 PM, on 5/21/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\WINNT\explorer.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Documents and Settings\Kevin Butler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Beyond TV.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite....eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210551073299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 6359 bytes

-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-20 21:00:18 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_500.dat
2008-05-20 20:53:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_290.dat
2008-05-20 20:43:10 68096 --a------ C:\WINNT\zip.exe
2008-05-20 20:43:10 49152 --a------ C:\WINNT\VFind.exe
2008-05-20 20:43:10 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 20:43:10 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-20 20:43:10 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 20:43:10 98816 --a------ C:\WINNT\sed.exe
2008-05-20 20:43:10 80412 --a------ C:\WINNT\grep.exe
2008-05-20 20:43:10 89504 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-19 21:37:31 0 d-a------ C:\WINNT\system32\appmgmt
2008-05-17 08:29:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-17 08:29:37 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-15 19:00:23 0 d-------- C:\WINNT\McAfee.com
2008-05-11 18:30:08 0 d-------- C:\Program Files\Trend Micro
2008-05-11 18:18:36 0 d-a------ C:\WINNT\system32\BITS
2008-05-11 18:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 18:05:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 16:29:10 0 d-------- C:\Program Files\Panda Security
2008-05-11 14:52:15 2822 --a------ C:\WINNT\system32\tmp.reg
2008-05-11 09:35:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-05-20 20:45:00 0 d-a------ C:\Program Files\Common Files
2008-04-01 20:02:39 0 d-------- C:\Program Files\Ahead
2008-04-01 19:58:25 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 19:46:36 830293 --a------ C:\WINNT\hpdvd840b_HJ86.exe
2008-02-22 21:59:32 50 --a------ C:\tmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/15/04 11:42a]
"TCASUTIEXE"="TCAUDIAG -off" []
"nwiz"="nwiz.exe" [07/15/04 11:42a C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [07/15/04 11:42a]
"Firefly"="C:\Program Files\SnapStream Media\Firefly\Firefly.exe" [08/18/04 01:07p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/06/06 06:08p]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 08:51p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/04 02:58a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/07 10:37a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

*Newly Created Service* - PSEXESVC



-- End of Deckard's System Scanner: finished at 2008-05-21 13:07:03 ------------
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2008, 07:19 PM   #12 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Task manager greyed out, pop-ups
Congratulations! Your log looks clean!

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.


Here are some free programs I recommend that could help you improve your pc's security.

MVPS Hosts File
~You can download it from here
~I highly recommend this hosts file. You can learn more about this here

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

Install WinPatrol
~You can download it from here
~You can get some information about how WinPatrol works here

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!

Note: Please reply to this thread one last time so I could close it.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2008, 09:06 PM   #13 (permalink)
Registered User
 
Join Date: May 2008
Posts: 7
OS: Win2000


Re: Task manager greyed out, pop-ups
Thank you so much! I've been amazed with how helpful and responsive you've been, I really appreciate it. You saved me from having to reformat my hard drive, I couldn't ask for more. I'll be making a donation to the site.
butlerkj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:06 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85