Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need help with spyware/adware/virus, etc.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 08-10-2008, 05:22 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Need help with spyware/adware/virus, etc.
Whenever I do a spyware scan, then it finds something called Darksma,(it only shows during a quick spyware scan). My Internet is not working, yet the other computer in my house works perfect on the Internet. This happened about 4 or 5 days ago. A little before that happened, Firefox and Internet Explorer could only go to the homepage and certain websites. It got worse after that, I am certain there is adware on that com., because a lot of pop-ups came up about Av2009,(on ie). My stuff saved in my folders are disappearing. Sometimes, when I log in, then it only shows my wallpaper and I can move the mouse icon around. That's all, and please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:52 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dceac1a0] rundll32.exe "C:\WINDOWS\system32\qjrvjawc.dll",b
O4 - HKLM\..\Run: [BMdfd9f23c] Rundll32.exe "C:\WINDOWS\system32\vmiadmwn.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 3478 bytes
Last edited by hammad1337; 08-10-2008 at 05:29 PM.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-13-2008, 07:00 AM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=======
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 11:18 AM   #3 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
Hope this works.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-13 12:58:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-08-13 16:58:42 UTC - RP54 - Deckard's System Scanner Restore Point
53: 2008-08-10 13:17:35 UTC - RP53 - Made by Registry Mechanic O
52: 2008-08-08 23:50:35 UTC - RP52 - Removed OpenOffice.org Installer 1.0
51: 2008-08-08 22:07:02 UTC - RP51 - Made by Registry Mechanic O
50: 2008-08-08 19:21:43 UTC - RP50 - Made by Registry Mechanic O


-- First Restore Point --
1: 2008-08-06 21:36:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:54 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O2 - BHO: (no name) - {66DC1AE0-5410-47D3-9931-F4C798FF2526} - C:\WINDOWS\system32\byXQJbaW.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {b81519c6-ae79-a7a9-cf14-cdb271b7cf2a} - {a2fc7b17-2bdc-41fc-9a7a-97ea6c91518b} - C:\WINDOWS\system32\chajmy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ddcyyywt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dceac1a0] rundll32.exe "C:\WINDOWS\system32\qjrvjawc.dll",b
O4 - HKLM\..\Run: [BMdfd9f23c] Rundll32.exe "C:\WINDOWS\system32\vmiadmwn.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcyyywt - C:\WINDOWS\SYSTEM32\ddcyyywt.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 4097 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 RTL8187B (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) - c:\windows\system32\drivers\rtl8187b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-06 09:02:01 456 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 1 00 AM.job


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-10 16:21:56 0 d-------- C:\Program Files\Trend Micro
2008-08-08 18:53:32 0 d-------- C:\Documents and Settings\Shama\Application Data\Identities
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\Templates
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\Start Menu
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\SendTo
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\Recent
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\PrintHood
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\NetHood
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\My Documents
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\Local Settings
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\Favorites
2008-08-08 18:53:06 0 d-------- C:\Documents and Settings\Shama\Desktop
2008-08-08 18:53:06 0 d--hs---- C:\Documents and Settings\Shama\Cookies
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\Application Data
2008-08-08 18:53:06 0 d---s---- C:\Documents and Settings\Shama\Application Data\Microsoft
2008-08-08 18:53:05 524288 --ah----- C:\Documents and Settings\Shama\NTUSER.DAT
2008-08-08 16:16:05 2048 --a------ C:\WINDOWS\system32\bljadvck.exe
2008-08-08 16:15:46 96256 --a------ C:\WINDOWS\system32\chajmy.dll
2008-08-08 16:15:44 96256 --a------ C:\WINDOWS\system32\aesxtifa.dll
2008-08-08 16:01:30 80896 --a------ C:\WINDOWS\system32\qjrvjawc.dll
2008-08-08 16:00:08 90624 --a------ C:\WINDOWS\system32\vmiadmwn.dll
2008-08-07 16:04:51 2048 --a------ C:\WINDOWS\system32\wksreyes.exe
2008-08-07 16:03:46 94720 --a------ C:\WINDOWS\system32\eijxrj.dll
2008-08-07 16:03:27 94720 --a------ C:\WINDOWS\system32\cgvybrdu.dll
2008-08-07 15:58:17 91136 --a------ C:\WINDOWS\system32\ubmvgock.dll
2008-08-07 15:51:09 2048 --a------ C:\WINDOWS\system32\cddxccds.exe
2008-08-07 15:48:08 94720 --a------ C:\WINDOWS\system32\qrpnju.dll
2008-08-07 15:48:05 94720 --a------ C:\WINDOWS\system32\nmchbtvk.dll
2008-08-07 15:43:47 91136 --a------ C:\WINDOWS\system32\sopdfgoo.dll
2008-08-07 12:15:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-08-07 12:10:47 0 d-------- C:\Program Files\AV9
2008-08-07 11:57:47 0 d-------- C:\Program Files\Nero
2008-08-07 11:57:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-07 11:57:44 0 d-------- C:\Program Files\Common Files\Nero
2008-08-07 11:24:24 36864 --a------ C:\WINDOWS\system32\mlJYpMDu.dll
2008-08-07 11:24:24 36864 --a------ C:\WINDOWS\system32\mlJDSlkk.dll
2008-08-07 09:54:36 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-07 09:23:28 94720 --a------ C:\WINDOWS\system32\lcxxqt.dll
2008-08-07 09:23:26 94720 --a------ C:\WINDOWS\system32\yekjxrjc.dll
2008-08-07 09:21:42 2048 --a------ C:\WINDOWS\system32\gtmxsqgh.exe
2008-08-07 09:21:27 91136 --a------ C:\WINDOWS\system32\ufmemokh.dll
2008-08-07 09:14:22 2048 --a------ C:\WINDOWS\system32\whfwvsod.exe
2008-08-07 09:12:38 91136 --a------ C:\WINDOWS\system32\avxuavkm.dll
2008-08-06 20:49:25 36864 --a------ C:\WINDOWS\system32\iifffGyV.dll
2008-08-06 20:49:24 36864 --a------ C:\WINDOWS\system32\iifcCTNH.dll
2008-08-06 18:07:53 95744 --a------ C:\WINDOWS\system32\dzjkmk.dll
2008-08-06 18:07:29 95744 --a------ C:\WINDOWS\system32\frgbfkhv.dll
2008-08-06 17:35:32 871842 --ahs---- C:\WINDOWS\system32\WabJQXyb.ini2
2008-08-06 17:30:35 246272 --a------ C:\WINDOWS\system32\byXQJbaW.dll
2008-08-06 17:14:19 36864 --a------ C:\WINDOWS\system32\ssqroOHb.dll
2008-08-06 17:14:19 36864 --a------ C:\WINDOWS\system32\opnMDUMd.dll
2008-08-06 17:14:14 36864 --a------ C:\WINDOWS\system32\ddcyyywt.dll
2008-08-06 17:14:14 36864 --a------ C:\WINDOWS\system32\ddcDttsT.dll
2008-08-06 09:26:33 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-08-06 09:25:35 0 d-------- C:\WINDOWS\Sun
2008-08-06 09:25:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-08-05 14:13:09 0 d-------- C:\Documents and Settings\Muhammad huda\Application Data\Mozilla
2008-08-05 14:09:06 0 d-------- C:\WINDOWS\pss
2008-08-05 13:59:41 0 d-------- C:\WINDOWS\system32\Adobe
2008-08-05 10:50:09 0 d-------- C:\Documents and Settings\Muhammad huda\Application Data\Identities
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\Templates
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\Start Menu
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\SendTo
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\Recent
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\PrintHood
2008-08-05 10:49:42 479232 --a------ C:\Documents and Settings\Muhammad huda\NTUSER.DAT
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\NetHood
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\My Documents
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\Local Settings
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\Favorites
2008-08-05 10:49:42 0 d-------- C:\Documents and Settings\Muhammad huda\Desktop
2008-08-05 10:49:42 0 d--hs---- C:\Documents and Settings\Muhammad huda\Cookies
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\Application Data
2008-08-05 10:49:42 0 d---s---- C:\Documents and Settings\Muhammad huda\Application Data\Microsoft
2008-08-04 10:51:02 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 10:46:39 0 d-------- C:\Program Files\Java
2008-08-04 10:44:09 0 d-------- C:\Program Files\Common Files\Java
2008-08-04 10:37:33 0 d-------- C:\Program Files\LimeWire
2008-08-04 10:19:41 0 d-------- C:\Program Files\Pure Networks
2008-08-04 10:17:47 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 10:17:38 0 d-------- C:\WINDOWS\CAVTemp
2008-08-04 10:17:33 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-08-04 09:26:52 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-03 18:21:53 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Macromedia
2008-08-03 18:21:53 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Adobe
2008-08-03 16:54:47 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 16:54:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-08-03 16:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-03 16:52:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-03 16:52:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-03 16:26:59 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Mozilla
2008-08-03 16:18:30 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Google
2008-08-03 16:12:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 16:12:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-08-03 13:04:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-08-03 13:04:29 0 d-------- C:\Program Files\Google
2008-08-03 13:04:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-02 22:51:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-02 22:36:58 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Identities
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\Templates
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\Start Menu
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\SendTo
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\Recent
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\PrintHood
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\NetHood
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\My Documents
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\Local Settings
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\Favorites
2008-08-02 22:36:31 0 d-------- C:\Documents and Settings\Taha Huda\Desktop
2008-08-02 22:36:31 0 d--hs---- C:\Documents and Settings\Taha Huda\Cookies
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\Application Data
2008-08-02 22:36:31 0 d---s---- C:\Documents and Settings\Taha Huda\Application Data\Microsoft
2008-08-02 22:36:30 786432 --a------ C:\Documents and Settings\Taha Huda\NTUSER.DAT
2008-08-02 21:36:24 0 d-------- C:\WINDOWS\Prefetch
2008-08-02 21:18:48 0 d-------- C:\WINDOWS\system32\scripting
2008-08-02 21:18:46 0 d-------- C:\WINDOWS\l2schemas
2008-08-02 21:18:45 0 d-------- C:\WINDOWS\system32\en
2008-08-02 21:09:13 0 d-------- C:\WINDOWS\network diagnostic
2008-08-02 20:00:32 0 d-------- C:\WINDOWS\VirtualEar
2008-08-02 20:00:32 65536 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-02 20:00:31 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-08-02 20:00:31 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-08-02 20:00:31 0 d-------- C:\Program Files\Analog Devices
2008-08-01 20:51:24 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-08-01 19:58:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:57:37 0 d-------- C:\WINDOWS\OPTIONS
2008-08-01 19:57:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 19:53:53 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 19:53:50 0 d-------- C:\Program Files\Common Files\Scanner
2008-08-01 19:53:41 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-01 19:53:39 0 d-------- C:\Program Files\CA
2008-08-01 19:50:21 1310720 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-08-01 19:50:20 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-08-01 19:46:34 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-01 19:32:16 0 d-------- C:\WINDOWS\peernet
2008-08-01 19:32:12 0 d-------- C:\WINDOWS\provisioning
2008-08-01 19:25:22 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 19:15:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-01 19:11:24 0 d-------- C:\WINDOWS\EHome
2008-08-01 18:42:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-01 18:36:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-01 18:36:12 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:35:05 0 d-------- C:\WINDOWS\system32\bits
2008-08-01 18:20:31 0 d-------- C:\Downloads
2008-08-01 18:17:23 0 d--hs---- C:\Documents and Settings\Owner\UserData
2008-08-01 18:13:31 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-01 18:10:37 0 d-------- C:\WINDOWS\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2008-08-07 11:57:44 0 d-------- C:\Program Files\Common Files
2008-08-02 21:19:57 0 d-------- C:\Program Files\Messenger
2008-08-02 21:18:43 0 d-------- C:\Program Files\Movie Maker
2008-08-02 21:12:47 0 d-------- C:\Program Files\Windows NT
2008-08-01 18:10:37 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-13 12:57:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-13 12:57:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-13 12:57:37 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-06-11 23:19:39 22704 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 2044 0 -rahs---- C:\MSDOS.SYS
2008-06-11 2044 0 -rahs---- C:\IO.SYS
2008-06-11 2044 0 --a------ C:\CONFIG.SYS
2008-06-11 2044 0 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DC1AE0-5410-47D3-9931-F4C798FF2526}]
08/06/2008 05:31 PM 246272 --a------ C:\WINDOWS\system32\byXQJbaW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2fc7b17-2bdc-41fc-9a7a-97ea6c91518b}]
08/08/2008 04:15 PM 96256 --a------ C:\WINDOWS\system32\chajmy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81FE02-F70B-46C2-82C3-DE5C6652E677}]
08/06/2008 05:14 PM 36864 --a------ C:\WINDOWS\system32\ddcyyywt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [06/19/2008 09:53 AM]
"dceac1a0"="C:\WINDOWS\system32\qjrvjawc.dll" [08/08/2008 04:01 PM]
"BMdfd9f23c"="C:\WINDOWS\system32\vmiadmwn.dll" [08/08/2008 04:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/03/2008 01:05 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB81FE02-F70B-46C2-82C3-DE5C6652E677}"= C:\WINDOWS\system32\ddcyyywt.dll [08/06/2008 05:14 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyyywt]
ddcyyywt.dll 08/06/2008 05:14 PM 36864 C:\WINDOWS\system32\ddcyyywt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXQJbaW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-13 13:03:22 ------------
Attached Files
File Type: txt main.txt (23.3 KB, 1 views)
File Type: txt extra.txt (8.3 KB, 1 views)
Last edited by TheBruce1; 08-13-2008 at 12:05 PM.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 12:12 PM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Hello again

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so, just copy/paste your logs into your replies.

==========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 02:12 PM   #5 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
thanks

ComboFix 08-08-12.01 - Owner 2008-08-13 15:38:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.74 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMdfd9f23c.txt
C:\WINDOWS\BMdfd9f23c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aesxtifa.dll
C:\WINDOWS\system32\avxuavkm.dll
C:\WINDOWS\system32\byXQJbaW.dll
C:\WINDOWS\system32\cgvybrdu.dll
C:\WINDOWS\system32\chajmy.dll
C:\WINDOWS\system32\crnusitc.ini
C:\WINDOWS\system32\cwajvrjq.ini
C:\WINDOWS\system32\ddcDttsT.dll
C:\WINDOWS\system32\ddcyyywt.dll
C:\WINDOWS\system32\dzjkmk.dll
C:\WINDOWS\system32\eijxrj.dll
C:\WINDOWS\system32\frgbfkhv.dll
C:\WINDOWS\system32\hwrqvwlk.ini
C:\WINDOWS\system32\iifcCTNH.dll
C:\WINDOWS\system32\iifffGyV.dll
C:\WINDOWS\system32\lcxxqt.dll
C:\WINDOWS\system32\mlJDSlkk.dll
C:\WINDOWS\system32\mlJYpMDu.dll
C:\WINDOWS\system32\nmchbtvk.dll
C:\WINDOWS\system32\opnMDUMd.dll
C:\WINDOWS\system32\otmhqiyk.ini
C:\WINDOWS\system32\phpdmpvx.ini
C:\WINDOWS\system32\qjrvjawc.dll
C:\WINDOWS\system32\qrpnju.dll
C:\WINDOWS\system32\sopdfgoo.dll
C:\WINDOWS\system32\ssqroOHb.dll
C:\WINDOWS\system32\ubmvgock.dll
C:\WINDOWS\system32\ufmemokh.dll
C:\WINDOWS\system32\vmiadmwn.dll
C:\WINDOWS\system32\vtyfkmjf.ini
C:\WINDOWS\system32\WabJQXyb.ini
C:\WINDOWS\system32\WabJQXyb.ini2
C:\WINDOWS\system32\yekjxrjc.dll
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-13 12:57 . 2008-08-13 12:57 <DIR> d-------- C:\Deckard
2008-08-10 16:21 . 2008-08-10 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 18:53 . 2008-08-08 18:53 <DIR> d-------- C:\Documents and Settings\Shama
2008-08-08 16:16 . 2008-08-08 16:16 2,048 --a------ C:\WINDOWS\system32\bljadvck.exe
2008-08-07 16:46 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-07 16:46 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-07 16:39 . 2008-08-07 16:39 0 --a------ C:\WINDOWS\Irremote.ini
2008-08-07 16:04 . 2008-08-07 16:04 2,048 --a------ C:\WINDOWS\system32\wksreyes.exe
2008-08-07 15:51 . 2008-08-07 15:51 2,048 --a------ C:\WINDOWS\system32\cddxccds.exe
2008-08-07 12:15 . 2008-08-07 12:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-08-07 12:10 . 2008-08-07 12:11 <DIR> d-------- C:\Program Files\AV9
2008-08-07 11:57 . 2008-08-07 11:57 <DIR> d-------- C:\Program Files\Nero
2008-08-07 11:57 . 2008-08-07 12:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-07 11:57 . 2008-08-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-07 09:21 . 2008-08-07 09:21 2,048 --a------ C:\WINDOWS\system32\gtmxsqgh.exe
2008-08-07 09:14 . 2008-08-07 09:14 2,048 --a------ C:\WINDOWS\system32\whfwvsod.exe
2008-08-06 09:28 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-06 09:26 . 2008-08-08 15:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-08-06 09:25 . 2008-08-06 09:25 <DIR> d-------- C:\WINDOWS\Sun
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-05 14:02 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-05 14:02 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-05 13:59 . 2008-08-05 14:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-05 10:49 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Muhammad huda
2008-08-04 10:51 . 2008-08-07 16:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 10:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 10:46 . 2008-08-04 10:48 <DIR> d-------- C:\Program Files\Java
2008-08-04 10:44 . 2008-08-04 10:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-04 10:37 . 2008-08-07 16:04 <DIR> d-------- C:\Program Files\LimeWire
2008-08-04 10:19 . 2008-08-04 10:19 <DIR> d-------- C:\Program Files\Pure Networks
2008-08-04 10:18 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-08-04 10:17 . 2008-08-04 10:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-04 10:17 . 2008-08-13 12:59 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-08-04 10:17 . 2008-08-04 10:17 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-08-04 10:17 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-08-04 09:26 . 2008-08-08 19:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-03 16:54 . 2008-08-03 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 16:52 . 2008-08-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-03 16:12 . 2008-08-03 16:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 13:04 . 2008-08-03 16:05 <DIR> d-------- C:\Program Files\Google
2008-08-02 22:51 . 2008-08-04 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-02 22:36 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Taha Huda
2008-08-02 21:47 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-02 21:47 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-02 21:47 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-02 21:47 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-02 21:47 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-02 21:47 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-02 21:47 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-02 21:47 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-02 21:47 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 20:38 . 2008-04-13 20:12 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-08-02 20:37 . 2008-04-13 20:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-08-02 20:02 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 20:01 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-02 20:01 . 2008-04-13 14:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-08-02 20:01 . 2008-04-13 14:39 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2008-08-02 20:01 . 2008-04-13 14:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-02 20:01 . 2008-04-13 14:39 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2008-08-02 20:01 . 2008-04-13 14:39 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\Program Files\Analog Devices
2008-08-02 20:00 . 2001-10-04 16:50 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2008-08-02 20:00 . 2008-04-13 20:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-08-02 20:00 . 2003-08-19 20:36 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll
2008-08-02 20:00 . 2004-11-19 12:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-08-02 20:00 . 2002-04-17 16:05 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2008-08-02 20:00 . 2008-04-13 20:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-08-02 19:59 . 2001-09-19 14:47 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-08-02 19:59 . 2004-09-17 11:02 732,928 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-08-02 19:59 . 2004-09-23 09:55 311,296 --a------ C:\WINDOWS\system32\Edcrypt.dll
2008-08-02 19:59 . 2005-01-27 17:31 260,352 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2008-08-02 19:59 . 2004-10-05 18:10 23,040 --a------ C:\WINDOWS\system32\PostProc.dll
2008-08-01 20:27 . 2005-10-19 10:59 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-01 19:58 . 2008-08-02 20:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:57 . 2008-08-01 19:57 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-08-01 19:57 . 2008-08-02 19:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 19:53 . 2008-08-01 18:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 19:53 . 2008-08-01 18:11 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-01 19:53 . 2008-08-01 19:53 <DIR> d-------- C:\Program Files\CA
2008-08-01 19:53 . 2008-08-01 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-01 19:53 . 2007-09-17 23:35 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-08-01 19:49 . 2008-08-01 19:49 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-01 19:35 . 2008-08-07 09:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-01 19:32 . 2008-08-01 19:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-01 19:32 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\peernet
2008-08-01 19:25 . 2008-08-02 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 19:11 . 2008-08-02 21:03 <DIR> d-------- C:\WINDOWS\EHome
2008-08-01 19:00 . 2002-04-15 23:11 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-01 19:00 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-08-01 19:00 . 2004-08-02 16:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-08-01 19:00 . 2004-08-02 16:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-08-01 18:36 . 2008-08-03 08:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:36 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-01 18:35 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-01 18:34 . 2008-04-13 13:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-01 18:34 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-01 18:34 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-01 18:34 . 2008-04-13 20:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-01 18:34 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-08-01 18:21 . 2004-03-09 02:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-08-01 18:20 . 2008-08-01 18:20 <DIR> d-------- C:\Downloads
2008-08-01 18:17 . 2008-08-01 18:17 <DIR> d--hs---- C:\Documents and Settings\Owner\UserData
2008-08-01 18:10 . 2007-07-30 21:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-01 18:10 . 2007-07-30 21:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-01 18:10 . 2007-07-30 21:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-01 18:10 . 2007-07-30 21:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-01 18:10 . 2008-04-13 20:12 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-01 18:10 . 2008-04-13 20:12 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-01 18:10 . 2007-07-30 21:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-01 18:09 . 2008-08-01 18:08 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-08-01 18:09 . 2008-08-01 18:08 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-08-01 18:09 . 2008-08-01 18:08 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-08-01 18:09 . 2008-08-01 18:08 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-08-01 18:09 . 2008-08-01 18:08 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-08-01 18:09 . 2008-08-01 18:08 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-07-31 17:54 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-31 17:54 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 09:05 9,200 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-09 09:05 9,072 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-09 09:05 43,872 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-09 09:05 129,520 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-07-09 09:05 120,568 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-09 09:05 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 18:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 18:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-16 10:02 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:02 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-03 13:05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2008-08-01 18:08 234736 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2008-08-01 18:08 181488 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 10:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 10:59 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2008-05-16 05:57 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-05-16 06:11 648504 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 16:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-01 18:08]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 1 00 AM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-01 18:08]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-dceac1a0 - C:\WINDOWS\system32\qjrvjawc.dll
HKLM-Run-BMdfd9f23c - C:\WINDOWS\system32\vmiadmwn.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pa9rroku.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 16:00:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-13 16:05:25 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-13 20:04:49

Pre-Run: 25,087,688,704 bytes free
Post-Run: 26,152,083,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

279 --- E O F --- 2008-08-03 03:02:13

=====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:31 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 3864 bytes
Attached Files
File Type: txt Combofix.txt (18.6 KB, 1 views)
File Type: txt Hijackthis.txt (3.8 KB, 1 views)
Last edited by TheBruce1; 08-13-2008 at 03:37 PM.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 03:51 PM   #6 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Quote:
Please DO NOT Attach logs to your posts unless you are advised to do so, just copy/paste your logs into your replies.
Which part of this did you not understand.

=======

Download ATF-Cleaner by Atribune to your desktop. Do not run just yet, we will shortly[/color]

=======

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/279039-need-help-spyware-adware-virus-etc.html
Collect::
C:\WINDOWS\system32\bljadvck.exe
C:\WINDOWS\system32\wksreyes.exe
C:\WINDOWS\system32\cddxccds.exe
C:\WINDOWS\system32\gtmxsqgh.exe
C:\WINDOWS\system32\whfwvsod.exe
Folder::
C:\Program Files\AV9
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).


=======

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report
Hijackthis Log

An update on how your system is behaving.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 07:49 AM   #7 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
I'm really sorry about not attatching the logs.
Just letting you know I am using another computer for doing everything and putting it on a flash drive, because the Internet on the computer still doesn't work. So, when ComboFix finished, then when it needed to send files through the Internet. I stopped there,and did not go further. I have tried repairing the connection, but there has been no success.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 07:54 AM   #8 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Try this on the computer without the internet connection.

Go to Start > Run > then paste in this single line command & click OK:

netsh winsock reset catalog

Reboot your system.

Try internet again.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 08:16 AM   #9 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
I did what you told me to do, but it still didn't work. I might be connected to someone else?
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 08:50 AM   #10 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
How to you connect to the internet ADSL, DSL or Wi-Fi?

Download Winsock2Fix and extract it to your desktop.


Double-click on Winsock icon and allow it to run, reboot if asked, try the connection again.

============

If no luck, the zip file should be on your desktop, save the zip file to your flash drive and from the computer that is connected to the internet upload the file to this website.

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Include this link in your submission.
http://www.techsupportforum.com/security-center/hijackthis-log-help/279039-need-help-spyware-adware-virus-etc.html
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 09:56 AM   #11 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
I have submitted it to bleeping computer.
Also, how can you find if you have ADSL,DSL, or Wi-fi connection?
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 11:11 AM   #12 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
I have Bright House broadband connection.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 11:56 AM   #13 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Hi,

You have uploaded the Winsock2Fix.zip instead of the zip file created by Combofix, it should be something like this [4]-Submit_2008-08-13@xx.xx.zip , is this on your desktop?

If so, can you submit that file to the link i gave in my previous post, also can you now connect to the internet, if so, carry on with the rest of the fix.

Quote:
Originally Posted by hammad1337
Also, how can you find if you have ADSL,DSL, or Wi-fi connection?
Depends on your ISP, just wanted to find out if you where connecting via wireless.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 12:15 PM   #14 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
I found out that the zip file had a virus.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 12:28 PM   #15 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Yes i know the files inside could be malicious, that is why they were zipped, they could not harm you, we wanted to upload them as to add them to the database, so it may help others in the future, do you still have that zip file on your desktop.

Also does your connection work now.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 12:43 PM   #16 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
My connection still doesn't work.
And I was thinking, maybe, could we finish fixing the computer by Friday afternoon. Hope it doesn't hurt ur feelings, because I already know you are a volunteer. At this pace, when do you think it will be fixed?
Oh, and, yes I still have it on my desktop.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2008, 12:56 PM   #17 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Quote:
Originally Posted by "hammad1337
]And I was thinking, maybe, could we finish fixing the computer by Friday afternoon. Hope it doesn't hurt ur feelings, because I already know you are a volunteer. At this pace, when do you think it will be fixed?
Its possible we could be done by Friday afternoon, a lot will depend on what the logs show.


Quote:
Originally Posted by hammad1337
Oh, and, yes I still have it on my desktop.
Save the zip file to your flash drive and from the computer that is connected to the internet upload the file to this website.

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Include this link in your submission.
http://www.techsupportforum.com/security-center/hijackthis-log-help/279039-need-help-spyware-adware-virus-etc.html

==========

Since you unable to connect the infected computer to the internet, please save this scanner to your flashdrive and then upload onto the infected computer and follow directions below.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar, Go to Options>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.

Please post in your reply, the combofix.txt, DrWeb.csv and a new hijackthis log.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 11:08 AM   #18 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
Dr.Web log below:

ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;;
aesxtifa.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
avxuavkm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
byXQJbaW.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
cgvybrdu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
chajmy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
ddcDttsT.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
ddcyyywt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
dzjkmk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Juan.51;;
eijxrj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
frgbfkhv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Juan.51;;
iifcCTNH.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
iifffGyV.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
lcxxqt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
mlJDSlkk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
mlJYpMDu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
nmchbtvk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
opnMDUMd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
qjrvjawc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
qrpnju.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
sopdfgoo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
ssqroOHb.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.448;;
ubmvgock.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
ufmemokh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
vmiadmwn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
yekjxrjc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.23;;
A0014804.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP42;Trojan.Virtumod.458;;
A0014805.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP42;Trojan.Virtumod.based.23;;
A0016828.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP47;Trojan.Virtumod.based.23;;
A0016829.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP47;Trojan.Virtumod.based.23;;
A0016912.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP50;Trojan.Virtumod.based.23;;
A0017262.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017263.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017264.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017265.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017266.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017267.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017268.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017269.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Juan.51;;
A0017270.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017271.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Juan.51;;
A0017272.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017273.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017274.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017275.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017276.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017277.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017278.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017279.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017280.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017281.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017282.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.448;;
A0017283.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017284.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017285.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017286.dll;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Trojan.Virtumod.based.23;;
A0017308.EXE;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP56;Program.PsExec.170;;
A0017389.EXE;C:\System Volume Information\_restore{B4ACFC57-319B-47C1-B89A-C4E7DDCFD889}\RP58;Program.PsExec.170;;
_______________________________________________________________________________
Combofix log below:

ComboFix 08-08-12.01 - Owner 2008-08-15 12:10:49.6 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-14 15:48 . 2008-08-14 22:28 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-08-13 12:57 . 2008-08-13 12:57 <DIR> d-------- C:\Deckard
2008-08-10 16:21 . 2008-08-10 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 18:53 . 2008-08-08 18:53 <DIR> d-------- C:\Documents and Settings\Shama
2008-08-07 16:46 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-07 16:46 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-07 16:39 . 2008-08-07 16:39 0 --a------ C:\WINDOWS\Irremote.ini
2008-08-07 12:15 . 2008-08-07 12:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-08-07 11:57 . 2008-08-07 11:57 <DIR> d-------- C:\Program Files\Nero
2008-08-07 11:57 . 2008-08-07 12:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-07 11:57 . 2008-08-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-06 09:28 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-06 09:26 . 2008-08-08 15:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-08-06 09:25 . 2008-08-06 09:25 <DIR> d-------- C:\WINDOWS\Sun
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-05 14:02 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-05 14:02 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-05 13:59 . 2008-08-05 14:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-05 10:49 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Muhammad huda
2008-08-04 10:51 . 2008-08-07 16:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 10:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 10:46 . 2008-08-04 10:48 <DIR> d-------- C:\Program Files\Java
2008-08-04 10:44 . 2008-08-04 10:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-04 10:37 . 2008-08-07 16:04 <DIR> d-------- C:\Program Files\LimeWire
2008-08-04 10:19 . 2008-08-04 10:19 <DIR> d-------- C:\Program Files\Pure Networks
2008-08-04 10:18 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-08-04 10:17 . 2008-08-04 10:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-04 10:17 . 2008-08-15 11:09 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-08-04 10:17 . 2008-08-04 10:17 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-08-04 10:17 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-08-04 09:26 . 2008-08-08 19:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-03 16:54 . 2008-08-03 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 16:52 . 2008-08-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-03 16:12 . 2008-08-03 16:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 13:04 . 2008-08-03 16:05 <DIR> d-------- C:\Program Files\Google
2008-08-02 22:51 . 2008-08-04 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-02 22:36 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Taha Huda
2008-08-02 21:47 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-02 21:47 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-02 21:47 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-02 21:47 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-02 21:47 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-02 21:47 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-02 21:47 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-02 21:47 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-02 21:47 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 20:38 . 2008-04-13 20:12 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-08-02 20:37 . 2008-04-13 20:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-08-02 20:02 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 20:01 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-02 20:01 . 2008-04-13 14:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-08-02 20:01 . 2008-04-13 14:39 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2008-08-02 20:01 . 2008-04-13 14:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-02 20:01 . 2008-04-13 14:39 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2008-08-02 20:01 . 2008-04-13 14:39 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\Program Files\Analog Devices
2008-08-02 20:00 . 2001-10-04 16:50 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2008-08-02 20:00 . 2008-04-13 20:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-08-02 20:00 . 2003-08-19 20:36 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll
2008-08-02 20:00 . 2004-11-19 12:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-08-02 20:00 . 2002-04-17 16:05 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2008-08-02 20:00 . 2008-04-13 20:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-08-02 19:59 . 2001-09-19 14:47 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-08-02 19:59 . 2004-09-17 11:02 732,928 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-08-02 19:59 . 2004-09-23 09:55 311,296 --a------ C:\WINDOWS\system32\Edcrypt.dll
2008-08-02 19:59 . 2005-01-27 17:31 260,352 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2008-08-02 19:59 . 2004-10-05 18:10 23,040 --a------ C:\WINDOWS\system32\PostProc.dll
2008-08-01 20:27 . 2005-10-19 10:59 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-01 19:58 . 2008-08-02 20:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:57 . 2008-08-01 19:57 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-08-01 19:57 . 2008-08-02 19:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 19:53 . 2008-08-01 18:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 19:53 . 2008-08-01 18:11 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-01 19:53 . 2008-08-01 19:53 <DIR> d-------- C:\Program Files\CA
2008-08-01 19:53 . 2008-08-01 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-01 19:53 . 2007-09-17 23:35 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-08-01 19:49 . 2008-08-01 19:49 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-01 19:35 . 2008-08-07 09:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-01 19:32 . 2008-08-01 19:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-01 19:32 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\peernet
2008-08-01 19:25 . 2008-08-02 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 19:11 . 2008-08-02 21:03 <DIR> d-------- C:\WINDOWS\EHome
2008-08-01 19:00 . 2002-04-15 23:11 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-01 19:00 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-08-01 19:00 . 2004-08-02 16:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-08-01 19:00 . 2004-08-02 16:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-08-01 18:36 . 2008-08-03 08:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:36 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-01 18:35 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-01 18:34 . 2008-04-13 13:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-01 18:34 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-01 18:34 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-01 18:34 . 2008-04-13 20:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-01 18:34 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-08-01 18:21 . 2004-03-09 02:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-08-01 18:20 . 2008-08-01 18:20 <DIR> d-------- C:\Downloads
2008-08-01 18:17 . 2008-08-01 18:17 <DIR> d--hs---- C:\Documents and Settings\Owner\UserData
2008-08-01 18:10 . 2007-07-30 21:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-01 18:10 . 2007-07-30 21:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-01 18:10 . 2007-07-30 21:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-01 18:10 . 2007-07-30 21:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-01 18:10 . 2008-04-13 20:12 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-01 18:10 . 2008-04-13 20:12 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-01 18:10 . 2007-07-30 21:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-01 18:09 . 2008-08-01 18:08 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-08-01 18:09 . 2008-08-01 18:08 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-08-01 18:09 . 2008-08-01 18:08 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-08-01 18:09 . 2008-08-01 18:08 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-08-01 18:09 . 2008-08-01 18:08 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-08-01 18:09 . 2008-08-01 18:08 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-07-31 17:54 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-31 17:54 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-31 17:54 . 2008-04-13 14:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 09:05 9,200 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-09 09:05 9,072 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-09 09:05 43,872 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-09 09:05 129,520 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-07-09 09:05 120,568 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-09 09:05 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-06 18:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 18:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-16 10:02 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:02 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-03 13:05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2008-08-01 18:08 234736 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2008-08-01 18:08 181488 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 10:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 10:59 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2008-05-16 05:57 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-05-16 06:11 648504 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 16:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-01 18:08]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 1 00 AM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-01 18:08]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pa9rroku.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 12:18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-15 12:21:50
ComboFix-quarantined-files.txt 2008-08-15 16:21:14
ComboFix2.txt 2008-08-14 18:16:50
ComboFix3.txt 2008-08-14 13:07:12
ComboFix4.txt 2008-08-13 20:05:29

Pre-Run: 25,704,054,784 bytes free
Post-Run: 25,719,734,272 bytes free

207 --- E O F --- 2008-08-03 03:02:13
__________________________________________________________________________________
Hijackthis log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:03 PM, on 8/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 3832 bytes
Last edited by hammad1337; 08-15-2008 at 11:10 AM. Reason: Added lines to seperate all 3 logs
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 12:29 PM   #19 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help with spyware/adware/virus, etc.
Hello again,

The zip file you uploaded was empty, does your internet work, have you rebooted the modem.

Delete DrWeb Cureit from your desktop, also delete this folder in blueC:\Documents and Settings\Owner\DoctorWeb.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 01:53 PM   #20 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
What should I do about the zip file?, and how do I reboot my modem?
Dr.WebCure it, found some malware. My Internet still doesn't work.
Are the logs helping?

Do you work in the morning? I calculated that right now at night here, would be in the morning for you? I will try to go on the computer at that time.
Last edited by hammad1337; 08-15-2008 at 02:01 PM.
hammad1337 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:31 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85