Random sound clips: "Congratulations - you have won..." and other system sounds.

awordz · 11-05-2008, 07:13 AM

Hello folks,

I have a problem similar to this:

"congratulations, you've been selected to win a free nintendo wii" and then some
i've gotten some lovely msgs about a nintendo wii, a walmart giftcard, and then some.. overheard on my pc (xp) the past few days. also, a lot of flash ads (i believe it's flash) pop up for about a second or so and disappear.
i use firefox, but internet explorer ads pop up every now and then (mostly for IQ tests, etc) and it's driving me insane.
i've tried everything, but then again.. maybe not.

thank you so much for any help!!!

Here is the original post

I am running Windows XP Professional
Service Pack 2

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:11 AM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\3mgylNJd.exe
C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.creatingonline.com/webmas..._generator.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8091 bytes

Please help me :(

awordz · 11-05-2008, 07:23 PM

UPDATE:

I haven't done much with the computer, but now it has installed some sort of antivirus software -- Antivirus Pro or something similar. There is an accompanying Red X and a balloon popup in the tray as well. Please -- help :(

tetonbob · 11-06-2008, 09:30 AM

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

awordz · 11-06-2008, 12:30 PM

Thank you so much for offering help.

Again, the issue is:

Every half-hour or so, random system beeps would go off. Additionally, website popups also launch themselves automatically through IE (although I normally use Firefox).

There is also a red circle with an "x" in the middle in the system tray -- it will pop up a balloon with the message:

"Your computer is infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools... Click here to protect your computer!"

"Antivirus Pro 2009" has also installed itself somehow.

---------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Randizel at 2008-11-06 11:22:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 122 GB (51%) free of 239 GB
Total RAM: 511 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:12 AM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Randizel\Desktop\gmer.exe
C:\Documents and Settings\Randizel\Desktop\RSIT.exe
C:\Documents and Settings\Randizel\Desktop\Randizel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6918 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-08-26 2554944]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-21 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-10-08 217088]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-10-08 458752]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-05 9728]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-12-04 79224]
"Antivirus Pro 2009"=C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe [2008-11-05 596811]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-26 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-12 21686568]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-10-08 196608]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2007-12-30 20480]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-21 486856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2
"MDM"=2
"iPod Service"=3
"gusvc"=2
"FLEXnet Licensing Service"=3
"Bonjour Service"=2
"Apple Mobile Device"=2
"Adobe LM Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Randizel\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-11-06 11:22:04 ----D---- C:\rsit
2008-11-06 11:09:42 ----A---- C:\WINDOWS\gmer.ini
2008-11-06 11:09:40 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-06 11:09:40 ----A---- C:\WINDOWS\gmer.exe
2008-11-06 11:09:40 ----A---- C:\WINDOWS\gmer.dll
2008-11-05 16:45:30 ----D---- C:\WINDOWS\CSC
2008-11-05 15:51:03 ----D---- C:\Program Files\AntivirusPro2009
2008-11-05 15:50:35 ----A---- C:\WINDOWS\system32\wini10891.exe
2008-11-04 15:58:55 ----A---- C:\WINDOWS\system32\mst120.dll
2008-11-04 13:24:00 ----A---- C:\cleanup.txt
2008-11-04 11:59:30 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 10:43:23 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-04 08:10:34 ----A---- C:\m3d.exe
2008-11-03 21:14:25 ----A---- C:\WINDOWS\system32\3mgylNJd.exe_
2008-11-03 21:14:25 ----A---- C:\WINDOWS\system32\3mgylNJd.exe
2008-11-03 20:12:09 ----D---- C:\WINDOWS\pss
2008-11-03 20:07:57 ----D---- C:\_OTMoveIt
2008-11-03 20:01:55 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-03 20:01:55 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-03 20:01:55 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 21:19:15 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-02 21:19:12 ----A---- C:\gWD.exe
2008-11-02 15:46:31 ----A---- C:\WINDOWS\system32\3mgylNJd.exe.a_a
2008-11-02 13:32:24 ----A---- C:\WINDOWS\system32\d8bxwJE0.exe.a_a
2008-11-02 13:32:15 ----A---- C:\WINDOWS\system32\d8bxwJE0.exe
2008-11-01 01:00:26 ----A---- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
2008-11-01 01:00:22 ----D---- C:\WINDOWS\system32\EXP
2008-11-01 01:00:22 ----D---- C:\Program Files\Expstudio
2008-11-01 00:51:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-01 00:49:44 ----D---- C:\Program Files\AoA Audio Extractor
2008-10-20 04:51:18 ----D---- C:\We Own the Night[2007]DvDrip[Eng]-FXG
2008-10-19 21:16:22 ----D---- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo
2008-10-19 20:39:46 ----D---- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND
2008-10-18 21:15:59 ----D---- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar
2008-10-17 19:03:44 ----D---- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo
2008-10-16 20:47:42 ----D---- C:\the girls next door complete
2008-10-14 21:57:29 ----D---- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264)
2008-10-10 20

02 ----D---- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa
2008-10-08 10:57:29 ----D---- C:\Program Files\WinAVI Video Converter
2008-10-08 10:52:08 ----D---- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob
2008-10-08 10:44:05 ----D---- C:\Documents and Settings\Randizel\Application Data\Media Player Classic

======List of files/folders modified in the last 1 months======

2008-11-06 11:14:33 ----D---- C:\Documents and Settings\Randizel\Application Data\LimeWire
2008-11-06 11:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-06 11:09:50 ----D---- C:\WINDOWS\Prefetch
2008-11-06 11:09:42 ----D---- C:\WINDOWS
2008-11-06 11:09:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 11:05:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-06 11:05:06 ----D---- C:\WINDOWS\Temp
2008-11-06 11:04:59 ----SH---- C:\boot.ini
2008-11-06 11:04:58 ----A---- C:\WINDOWS\win.ini
2008-11-06 11:04:58 ----A---- C:\WINDOWS\system.ini
2008-11-06 11:04:53 ----SHD---- C:\System Volume Information
2008-11-06 11:04:53 ----D---- C:\WINDOWS\system32\Restore
2008-11-05 15:57:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 15:51:19 ----D---- C:\WINDOWS\system32
2008-11-05 15:51:03 ----RD---- C:\Program Files
2008-11-05 15:47:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-04 12:01:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 11:08:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 20:03:33 ----SHD---- C:\WINDOWS\Installer
2008-11-03 20:01:53 ----D---- C:\Program Files\Java
2008-11-03 16:04:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 13:46:23 ----SD---- C:\WINDOWS\Tasks
2008-11-02 13:36:53 ----D---- C:\Program Files\Magic Video Converter
2008-10-26 16:23:06 ----D---- C:\Documents and Settings\Randizel\Application Data\DivX
2008-10-26 10:09:09 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-22 20:13:43 ----D---- C:\Documents and Settings\Randizel\Application Data\dvdcss
2008-10-21 12:22:34 ----D---- C:\Program Files\DivX
2008-10-08 08:52:52 ----D---- C:\Program Files\AIM6
2008-10-08 08:52:49 ----D---- C:\Program Files\Viewpoint
2008-10-08 08:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-08 08:51:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-04 26624]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-04 42912]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-04 94544]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-04 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2006-06-22 38960]
R3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 av3mhq8q;av3mhq8q; C:\WINDOWS\system32\drivers\av3mhq8q.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-06 85969]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-04 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-12-04 140664]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-12-04 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-12-04 345464]
R4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-04 654848]
R4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 168432]
R4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]

-----------------EOF-----------------

tetonbob · 11-06-2008, 01:55 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

awordz · 11-06-2008, 03:44 PM

ComboFix 08-11-05.02 - Randizel 2008-11-06 13:07:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.153 [GMT -8:00]
Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\documents and settings\All Users\Application Data\1pdfspl.dll
C:\update.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\3mgylNJd.exe.a_a
c:\windows\system32\brastk.exe
c:\windows\system32\d8bxwJE0.exe.a_a
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\wini10891.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit
2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini
2008-11-05 15:51 . 2008-11-05 15:51 <DIR> d-------- c:\program files\AntivirusPro2009
2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll
2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini
2008-11-04 08:10 . 2008-11-04 08:10 44,032 --a------ C:\m3d.exe
2008-11-03 21:14 . 2008-11-05 07:53 41,474 --a------ c:\windows\system32\3mgylNJd.exe_
2008-11-03 21:14 . 2008-11-06 12:13 41,474 --a------ c:\windows\system32\3mgylNJd.exe
2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt
2008-11-02 21:19 . 2008-11-02 21:19 44,032 --a------ C:\gWD.exe
2008-11-02 13:32 . 2008-11-02 13:31 31,744 --a------ c:\windows\system32\d8bxwJE0.exe
2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio
2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor
2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG
2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo
2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND
2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar
2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo
2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete
2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264)
2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi
2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa
2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob
2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic
2008-10-06 22:00 . 2008-10-06 22:00 <DIR> d-------- C:\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 19:14 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire
2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 04:01 --------- d-----w c:\program files\Java
2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter
2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX
2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss
2008-10-21 20:22 --------- d-----w c:\program files\DivX
2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:52 --------- d-----w c:\program files\AIM6
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-05 08:38 --------- d-----w c:\program files\PokerStars
2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM
2008-09-27 05:28 --------- d-----w c:\program files\ABC
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype
2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Antivirus Pro 2009"="c:\program files\AntivirusPro2009\AntivirusPro2009.exe" [2008-11-05 596811]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Randizel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

*Newly Created Service* - GMER
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-05 c:\windows\Tasks\At1.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At12.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-06 c:\windows\Tasks\At13.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-06 c:\windows\Tasks\At14.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At15.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At16.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At17.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At2.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At23.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At24.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At25.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At26.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At27.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At28.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At29.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At3.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At30.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At31.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At33.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At34.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At35.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At36.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-06 c:\windows\Tasks\At37.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-06 c:\windows\Tasks\At38.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At39.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At4.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At40.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At41.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At42.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At43.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At44.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At45.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At46.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At47.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At48.job
- c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13]

2008-11-05 c:\windows\Tasks\At5.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
HKU-Default-Run-SVCHOST.EXE - c:\windows\system32\drivers\svchost.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Randizel\Application Data\Mozilla\Firefox\Profiles\nwi1gk7v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 13:14:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 13:18:32
ComboFix-quarantined-files.txt 2008-11-06 21:18:02

Pre-Run: 127,435,517,952 bytes free
Post-Run: 128,755,310,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

292

awordz · 11-06-2008, 03:45 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:44 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 6834 bytes

tetonbob · 11-06-2008, 05:32 PM

Please go to: VirusTotal

On the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following:

c:\windows\system32\d8bxwJE0.exe
Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.
Please repeat for the following files:
- C:\m3d.exe
- C:\gWD.exe

awordz · 11-06-2008, 06:25 PM

C:\m3d.exe

File qGq.exe received on 11.04.2008 14:13:23 (CET)
Current status: finished
Result: 14/34 (41.18%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.11.4.3 2008.11.04 -
AntiVir 7.9.0.10 2008.11.04 Worm/Autorun.nuz
Authentium 5.1.0.4 2008.11.04 -
Avast 4.8.1248.0 2008.11.03 Win32:FakeAlert-AJ
AVG 8.0.0.161 2008.11.03 Dropper.Bravix.K
BitDefender 7.2 2008.11.04 Trojan.FakeAlert.ALD
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.04 -
DrWeb 4.44.0.09170 2008.11.04 Trojan.Packed.1214
eSafe 7.0.17.0 2008.11.03 Suspicious File
eTrust-Vet 31.6.6187 2008.11.03 -
Ewido 4.0 2008.11.04 -
F-Prot 4.4.4.56 2008.11.04 -
Fortinet 3.117.0.0 2008.11.04 -
GData 19 2008.11.04 Trojan.FakeAlert.ALD
Ikarus T3.1.1.45.0 2008.11.04 Virus.Win32.Virut.au
K7AntiVirus 7.10.515 2008.11.03 -
Kaspersky 7.0.0.125 2008.11.04 -
McAfee 5423 2008.11.04 -
Microsoft 1.4005 2008.11.04 TrojanDownloader:Win32/FakeRean
NOD32 3582 2008.11.04 Win32/TrojanDownloader.FakeAlert.PL.Gen
Norman 5.80.02 2008.11.04 -
Panda 9.0.0.4 2008.11.04 -
PCTools 4.4.2.0 2008.11.03 -
Rising 21.02.12.00 2008.11.04 -
SecureWeb-Gateway 6.7.6 2008.11.04 Worm.Autorun.nuz
Sophos 4.35.0 2008.11.04 Mal/EncPk-EQ
Sunbelt 3.1.1777.2 2008.11.03 -
Symantec 10 2008.11.04 -
TheHacker 6.3.1.1.138 2008.11.04 -
TrendMicro 8.700.0.1004 2008.11.04 -
VBA32 3.12.8.9 2008.11.03 Backdoor.Win32.UltimateDefender.tt
ViRobot 2008.11.4.1450 2008.11.04 Backdoor.Win32.UltimateDefender.43520.T
VirusBuster 4.5.11.0 2008.11.03 -
Additional information
File size: 44032 bytes
MD5...: 109cb8e6b687a2708bf22975ae5f5ce2
SHA1..: 694402ea0836b3e1d281b745cbc2d53caec82aa1
SHA256: 550644c679a7ac95ba3abefd8975cc736c00effa2b98665d12389f0631866344
SHA512: 5aa593442dda0e82aacef6082ce64763221b12b51095436979b3a45f481272a8
0549e057b6b512ec8a37d494c585cfc9a83aa747cff82250a8d91052b3cd7831
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401008
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1000 0x200 5.73 f67e7783ee144628684ab1d77ee07cc6
.data 0x2000 0xf000 0xa600 7.96 37be6d8850bb76549796920b3778400a

( 3 imports )
> KERNEL32.DLL: AddAtomW, CancelWaitableTimer, ConnectNamedPipe, CreateMutexA, EnterCriticalSection, EnumDateFormatsExA, ExitProcess, GetConsoleTitleW, GetLocalTime, GetProfileIntA, GetVersionExA, GlobalWire, LeaveCriticalSection, LocalAlloc, OpenMutexW, RemoveDirectoryW, SetMessageWaitingIndicator, SetThreadIdealProcessor, UpdateResourceW, WritePrivateProfileSectionA
> USER32.DLL: BroadcastSystemMessageA, CloseClipboard, CreateIconIndirect, DrawMenuBar, DrawStateA, FlashWindow, GetClassInfoExA, GetForegroundWindow, GetListBoxInfo, GetMenuItemCount, GetTabbedTextExtentA, GetUpdateRect, GetUserObjectSecurity, GetWindowLongA, HideCaret, LoadIconW, LoadMenuIndirectW, MessageBoxA, MessageBoxIndirectW, ModifyMenuW, SendMessageTimeoutA, SetClipboardViewer, SwitchToThisWindow, TabbedTextOutW
> GDI32.DLL: CloseMetaFile, ColorMatchToTarget, CopyEnhMetaFileA, CopyMetaFileA, CreateColorSpaceA, CreateDCA, CreateFontW, CreateICW, DescribePixelFormat, GetArcDirection, GetBitmapDimensionEx, GetCharWidthA, GetEnhMetaFileDescriptionW, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetWinMetaFileBits, MaskBlt, PlgBlt, PolyTextOutW, SelectPalette, SetBitmapDimensionEx, SetBkColor, SetRectRgn, TranslateCharsetInfo

( 0 exports )

awordz · 11-06-2008, 06:27 PM

The other two files would resend something back in Spanish: 0 bytes received

"Se ha recibido un archivo vacio"

UPDATE: My Avast! antivirus program has detected around 7 viruses. I deleted them.

tetonbob · 11-06-2008, 06:43 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/309718-random-sound-clips-congratulations-you-have-won-other-system-sounds-post1790700.html#post1790700

Folder::
c:\Program Files\AntivirusPro2009

Collect::
C:\m3d.exe
c:\windows\system32\3mgylNJd.exe_
c:\windows\system32\3mgylNJd.exe
C:\gWD.exe
c:\windows\system32\d8bxwJE0.exe

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

awordz · 11-06-2008, 07:03 PM

I have submitted the file; here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:37 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 6455 bytes

tetonbob · 11-06-2008, 07:05 PM

Also post the log from Combofix, C:\ComboFix.txt

awordz · 11-06-2008, 07:08 PM

ComboFix 08-11-05.02 - Randizel 2008-11-06 17:54:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT -8:00]
Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randizel\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\gWD.exe
C:\m3d.exe
c:\program files\AntivirusPro2009
c:\program files\AntivirusPro2009\AntivirusPro2009.exe
c:\program files\AntivirusPro2009\AVEngn.dll
c:\program files\AntivirusPro2009\data\daily.cvd
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro2009\pthreadVC2.dll
c:\program files\AntivirusPro2009\Uninstall.exe
c:\program files\AntivirusPro2009\wscui.cpl
c:\windows\system32\3mgylNJd.exe
c:\windows\system32\3mgylNJd.exe.a_a
c:\windows\system32\3mgylNJd.exe_
c:\windows\system32\brastk.exe
c:\windows\system32\d8bxwJE0.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\msansspc.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At17.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 17:52 . 2008-11-06 17:52 388,608 --a------ c:\windows\system32\CF14610.exe.vir
2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit
2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini
2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll
2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini
2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt
2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio
2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor
2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG
2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo
2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND
2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar
2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo
2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete
2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264)
2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi
2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa
2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob
2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 01:30 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire
2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 04:01 --------- d-----w c:\program files\Java
2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter
2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX
2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss
2008-10-21 20:22 --------- d-----w c:\program files\DivX
2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:52 --------- d-----w c:\program files\AIM6
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-05 08:38 --------- d-----w c:\program files\PokerStars
2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM
2008-09-27 05:28 --------- d-----w c:\program files\ABC
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype
2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_13.17.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-07 01:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Randizel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At13.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At14.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At15.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At16.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-07 c:\windows\Tasks\At18.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At2.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At23.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At24.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At25.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At26.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At27.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At28.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At29.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At3.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At30.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At31.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At33.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At34.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At35.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At36.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At37.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At38.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At39.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At4.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At40.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-07 c:\windows\Tasks\At41.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-07 c:\windows\Tasks\At42.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At43.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At44.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At45.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At46.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At47.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At48.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At5.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\d8bxwJE0.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKLM-Run-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:57:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 17:58:44
ComboFix-quarantined-files.txt 2008-11-07 01:58:27
ComboFix2.txt 2008-11-06 21:18:33

Pre-Run: 128,764,428,288 bytes free
Post-Run: 128,788,443,136 bytes free

283

tetonbob · 11-06-2008, 07:25 PM

Thanks...a bit more work to do.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/secu...e-sharing.html

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Java(TM) 6 Update 3

This is outdated, and a security risk by having it installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 7 alone, as it has the most recent security updates.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Go here to run an online scannner from ESET.
- Note: You will need to use Internet explorer for this scan
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats and the option Scan unwanted applications are checked
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

awordz · 11-06-2008, 09:59 PM

Thank you so much again tetonbob :)

ComboFix 08-11-05.02 - Randizel 2008-11-06 20:54:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -8:00]
Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randizel\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 17:52 . 2008-11-06 17:52 388,608 --a------ c:\windows\system32\CF14610.exe.vir
2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit
2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini
2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll
2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini
2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt
2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio
2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor
2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG
2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo
2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND
2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar
2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo
2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete
2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264)
2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi
2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa
2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob
2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 04:53 --------- d-----w c:\program files\LimeWire
2008-11-07 01:30 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire
2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 04:01 --------- d-----w c:\program files\Java
2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter
2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX
2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss
2008-10-21 20:22 --------- d-----w c:\program files\DivX
2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:52 --------- d-----w c:\program files\AIM6
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-05 08:38 --------- d-----w c:\program files\PokerStars
2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM
2008-09-27 05:28 --------- d-----w c:\program files\ABC
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype
2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_13.17.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-07 01:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Randizel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:57:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 20:58:19
ComboFix-quarantined-files.txt 2008-11-07 04:58:07
ComboFix2.txt 2008-11-07 01:58:46
ComboFix3.txt 2008-11-06 21:18:33

Pre-Run: 128,807,669,760 bytes free
Post-Run: 128,798,720,000 bytes free

256

tetonbob · 11-06-2008, 10:08 PM

Hi awordz -

I'll look for the next logs (Eset online scan, and HijackThis) after you've posted them.

awordz · 11-06-2008, 10:49 PM

Thank you, I haven't heard much sounds as of late. What's my next move?

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3593 (20081107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6a2e53fa1a695542bf3dc48c5094550d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-07 05:45:35
# local_time=2008-11-06 09:45:35 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=357110
# found=6
# scan_time=2427
C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »gWD.exe Win32/TrojanDownloader.FakeAlert.PL.Gen trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »m3d.exe Win32/TrojanDownloader.FakeAlert.PL.Gen trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »d8bxwJE0.exe probably a variant of Win32/TrojanDownloader.Firu trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\11032008_201043\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll Win32/Adware.Toolbar.Shopper application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\11032008_202334\WINDOWS\system32\3mgylNJd.exe Win32/TrojanClicker.Agent.NES trojan (unable to clean - deleted) 00000000000000000000000000000000

tetonbob · 11-07-2008, 07:52 AM

Those items found by Eset are in quarantine folders, and will be addressed when we're done.

I'd like to run one more diagnostic tool.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (C:\lopR.txt )

awordz · 11-07-2008, 04:06 PM

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Randizel ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.7.1098 [VPS 081031-1] 4.7.1098 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:233 Go (Free:119 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Fri 11/07/2008|15:03 )

--------------------\\ Listing folders in APPLIC~1

[07/04/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/02/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/08/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/08/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[09/15/2007|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[08/27/2007|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[05/29/2008|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/04/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[10/26/2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[08/26/2007|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/06/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[07/05/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/02/2008|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[12/29/2007|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[03/09/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/01/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/15/2007|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[08/26/2007|03:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[08/26/2007|03:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/04/2008|08:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[11/03/2008|05:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[11/03/2008|05:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[08/26/2007|03:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[05/27/2008|12:19] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> .ABC
[09/15/2007|08:05] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> acccore
[07/04/2008|02:51] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Adobe
[08/13/2008|09:39] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Apple Computer
[07/04/2008|12:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> AVS4YOU
[03/27/2008|09:23] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> DAEMON Tools
[10/26/2008|04:23] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> DivX
[10/22/2008|08:13] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> dvdcss
[05/27/2008|08:31] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> e frontier
[08/18/2008|12:34] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> FileZilla
[12/30/2007|08:45] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> FotoWire
[08/26/2007|03:26] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Google
[06/11/2008|08:00] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Help
[08/26/2007|03:15] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Identities
[11/06/2008|05:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> LimeWire
[08/27/2007|12:47] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Macromedia
[10/08/2008|10:44] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Media Player Classic
[07/11/2008|12:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Microsoft
[09/15/2007|08:03] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Mozilla
[06/12/2008|04:52] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Opera
[10/02/2008|07:41] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Real
[09/14/2008|08:42] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Skype
[10/02/2008|07:08] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> skypePM
[01/27/2008|09:15] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Sun
[11/18/2007|04:38] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> vlc
[03/22/2008|11:24] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/01/2008 09:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/06/2008 08:58 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/26/2008|09:28] C:\Program Files\<DIR> ABC
[07/04/2008|02:45] C:\Program Files\<DIR> Adobe
[10/08/2008|08:52] C:\Program Files\<DIR> AIM6
[08/26/2007|03:28] C:\Program Files\<DIR> Alwil Software
[11/01/2008|01:00] C:\Program Files\<DIR> AoA Audio Extractor
[08/13/2008|09:19] C:\Program Files\<DIR> Apple Software Update
[07/04/2008|07:52] C:\Program Files\<DIR> AVS4YOU
[05/29/2008|06:51] C:\Program Files\<DIR> Bonjour
[05/27/2008|12:41] C:\Program Files\<DIR> CoffeeCup Software
[11/06/2008|08:55] C:\Program Files\<DIR> Common Files
[08/26/2007|03:07] C:\Program Files\<DIR> ComPlus Applications
[05/27/2008|08:19] C:\Program Files\<DIR> DAEMON Tools Lite
[10/21/2008|12:22] C:\Program Files\<DIR> DivX
[07/10/2008|02:53] C:\Program Files\<DIR> DVD Decrypter
[05/27/2008|08:21] C:\Program Files\<DIR> e frontier
[11/06/2008|09:45] C:\Program Files\<DIR> EsetOnlineScanner
[07/05/2008|03:40] C:\Program Files\<DIR> FileZilla FTP Client
[08/26/2007|03:24] C:\Program Files\<DIR> Google
[06/05/2008|06:27] C:\Program Files\<DIR> GustoSoft
[12/31/2007|12:35] C:\Program Files\<DIR> illusion
[05/09/2008|04:38] C:\Program Files\<DIR> InstallShield Installation Information
[05/06/2008|10:05] C:\Program Files\<DIR> Internet Explorer
[08/13/2008|09:13] C:\Program Files\<DIR> iPod
[08/13/2008|09:13] C:\Program Files\<DIR> iTunes
[11/03/2008|08:01] C:\Program Files\<DIR> Java
[11/10/2007|08:09] C:\Program Files\<DIR> JetAudio
[10/02/2008|07:41] C:\Program Files\<DIR> K-Lite Codec Pack
[11/06/2008|08:53] C:\Program Files\<DIR> LimeWire
[12/30/2007|08:45] C:\Program Files\<DIR> Logitech
[11/02/2008|01:36] C:\Program Files\<DIR> Magic Video Converter
[08/26/2007|03:07] C:\Program Files\<DIR> Messenger
[02/25/2008|01:46] C:\Program Files\<DIR> Microsoft ActiveSync
[08/26/2007|03:10] C:\Program Files\<DIR> microsoft frontpage
[02/25/2008|01:44] C:\Program Files\<DIR> Microsoft Office
[02/25/2008|01:45] C:\Program Files\<DIR> Microsoft Visual Studio
[08/26/2007|03:08] C:\Program Files\<DIR> Movie Maker
[11/07/2008|09:50] C:\Program Files\<DIR> Mozilla Firefox
[08/26/2007|03:06] C:\Program Files\<DIR> MSN
[08/26/2007|03:06] C:\Program Files\<DIR> MSN Gaming Zone
[08/26/2007|03:08] C:\Program Files\<DIR> NetMeeting
[08/26/2007|03:08] C:\Program Files\<DIR> Online Services
[08/26/2007|03:08] C:\Program Files\<DIR> Outlook Express
[10/05/2008|12:38] C:\Program Files\<DIR> PokerStars
[08/13/2008|09:12] C:\Program Files\<DIR> QuickTime
[08/13/2008|08:56] C:\Program Files\<DIR> Safari
[03/06/2008|10:13] C:\Program Files\<DIR> Sanstream
[08/15/2008|11:35] C:\Program Files\<DIR> SHARP
[12/29/2007|09:58] C:\Program Files\<DIR> Skype
[11/04/2008|12:01] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/27/2008|09:42] C:\Program Files\<DIR> The Rosetta Stone
[08/26/2007|03:15] C:\Program Files\<DIR> Uninstall Information
[04/03/2008|11:39] C:\Program Files\<DIR> Veoh Networks
[11/18/2007|04:36] C:\Program Files\<DIR> VideoLAN
[10/08/2008|08:52] C:\Program Files\<DIR> Viewpoint
[10/08/2008|10:57] C:\Program Files\<DIR> WinAVI Video Converter
[08/26/2007|03:10] C:\Program Files\<DIR> Windows Media Player
[08/26/2007|03:06] C:\Program Files\<DIR> Windows NT
[08/26/2007|03:09] C:\Program Files\<DIR> WindowsUpdate
[03/22/2008|11:23] C:\Program Files\<DIR> WinRAR
[08/26/2007|03:10] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/27/2008|04:19] C:\Program Files\Common Files\<DIR> Adobe
[12/02/2007|09:41] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[09/15/2007|08:04] C:\Program Files\Common Files\<DIR> AOL
[05/29/2008|06:47] C:\Program Files\Common Files\<DIR> Apple
[07/04/2008|07:51] C:\Program Files\Common Files\<DIR> AVSMedia
[02/25/2008|01:45] C:\Program Files\Common Files\<DIR> Designer
[12/30/2007|08:45] C:\Program Files\Common Files\<DIR> FotoWire
[12/30/2007|08:43] C:\Program Files\Common Files\<DIR> InstallShield
[01/27/2008|09:13] C:\Program Files\Common Files\<DIR> Java
[02/25/2008|01:42] C:\Program Files\Common Files\<DIR> L&H
[12/30/2007|08:44] C:\Program Files\Common Files\<DIR> Logitech
[05/27/2008|04:13] C:\Program Files\Common Files\<DIR> Macrovision Shared
[07/04/2008|12:26] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/26/2007|03:08] C:\Program Files\Common Files\<DIR> MSSoap
[08/26/2007|07:57] C:\Program Files\Common Files\<DIR> ODBC
[08/26/2007|03:08] C:\Program Files\Common Files\<DIR> Services
[12/29/2007|09:58] C:\Program Files\Common Files\<DIR> Skype
[08/26/2007|07:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/25/2008|01:44] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 45 Processes )

IEXPLORE.EXE ~ [PID:3708]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 15:04:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Randizel\Application Data\.ABC\torrent\[isoHunt] Adobe Dreamweaver CS3 (9.0) Crack.torrent
C:\DOCUME~1\Randizel\Application Data\.ABC\torrent\[isoHunt] Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE.torrent
C:\DOCUME~1\Randizel\Application Data\.ABC\torrentinfo\[isoHunt] Adobe Dreamweaver CS3 (9.0) Crack.torrent.info
C:\DOCUME~1\Randizel\Application Data\.ABC\torrentinfo\[isoHunt] Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE.torrent.info
C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack
C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack
C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Dreamweaver CS3 (9.0).exe
C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack\Dreamweaver.exe
C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack\Instructions.txt
C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE
C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\inv-pdfsm24.rar
C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\inv-pdfsm24.sfv
C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\iNViSiBLE.nfo
C:\DOCUME~1\Randizel\My Documents\New Folder\Manga Studio Debut 3.0 ENG\Crack e Seriale
C:\DOCUME~1\Randizel\My Documents\New Folder\Manga Studio Debut 3.0 ENG\Crack e Seriale\Seriale.txt
C:\DOCUME~1\Randizel\Recent\Adobe Dreamweaver CS3 (9.0) + Crack.lnk
C:\DOCUME~1\Randizel\Recent\Dreamweaver + Crack.lnk

[F:23][D:6]-> C:\DOCUME~1\Randizel\LOCALS~1\Temp
[F:117][D:0]-> C:\DOCUME~1\Randizel\Cookies
[F:38][D:4]-> C:\DOCUME~1\Randizel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 11/07/2008|15:05 - Option : [1]

--------------------\\ Scan completed at 15:05:39

11-05-2008, 07:13 AM	#1 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Random sound clips: "Congratulations - you have won..." and other system sounds. Hello folks, I have a problem similar to this: "congratulations, you've been selected to win a free nintendo wii" and then some i've gotten some lovely msgs about a nintendo wii, a walmart giftcard, and then some.. overheard on my pc (xp) the past few days. also, a lot of flash ads (i believe it's flash) pop up for about a second or so and disappear. i use firefox, but internet explorer ads pop up every now and then (mostly for IQ tests, etc) and it's driving me insane. i've tried everything, but then again.. maybe not. thank you so much for any help!!! Here is the original post I am running Windows XP Professional Service Pack 2 Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:11:11 AM, on 11/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\3mgylNJd.exe C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.creatingonline.com/webmas..._generator.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8091 bytes Please help me :(

11-05-2008, 07:23 PM	#2 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. UPDATE: I haven't done much with the computer, but now it has installed some sort of antivirus software -- Antivirus Pro or something similar. There is an accompanying Red X and a balloon popup in the tray as well. Please -- help :(

11-06-2008, 01:55 PM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,443 OS: 2000 Pro; XP Pro; XP Home	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2008, 03:44 PM	#6 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	ComboFix log ComboFix 08-11-05.02 - Randizel 2008-11-06 13:07:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.153 [GMT -8:00] Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\documents and settings\All Users\Application Data\1pdfspl.dll C:\update.exe c:\windows\system32\_scui.cpl c:\windows\system32\3mgylNJd.exe.a_a c:\windows\system32\brastk.exe c:\windows\system32\d8bxwJE0.exe.a_a c:\windows\system32\DelSelf.bat c:\windows\system32\drivers\svchost.exe c:\windows\system32\wini10891.exe . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit 2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini 2008-11-05 15:51 . 2008-11-05 15:51 <DIR> d-------- c:\program files\AntivirusPro2009 2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll 2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini 2008-11-04 08:10 . 2008-11-04 08:10 44,032 --a------ C:\m3d.exe 2008-11-03 21:14 . 2008-11-05 07:53 41,474 --a------ c:\windows\system32\3mgylNJd.exe_ 2008-11-03 21:14 . 2008-11-06 12:13 41,474 --a------ c:\windows\system32\3mgylNJd.exe 2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt 2008-11-02 21:19 . 2008-11-02 21:19 44,032 --a------ C:\gWD.exe 2008-11-02 13:32 . 2008-11-02 13:31 31,744 --a------ c:\windows\system32\d8bxwJE0.exe 2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio 2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe 2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor 2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG 2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo 2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND 2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar 2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo 2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete 2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264) 2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi 2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa 2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter 2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob 2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic 2008-10-06 22:00 . 2008-10-06 22:00 <DIR> d-------- C:\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 19:14 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire 2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-04 04:01 --------- d-----w c:\program files\Java 2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter 2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX 2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss 2008-10-21 20:22 --------- d-----w c:\program files\DivX 2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint 2008-10-08 16:52 --------- d-----w c:\program files\AIM6 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-10-05 08:38 --------- d-----w c:\program files\PokerStars 2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM 2008-09-27 05:28 --------- d-----w c:\program files\ABC 2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype 2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] "Antivirus Pro 2009"="c:\program files\AntivirusPro2009\AntivirusPro2009.exe" [2008-11-05 596811] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208] "SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] c:\documents and settings\Randizel\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] Newly Created Service - GMER Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-05 c:\windows\Tasks\At1.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At10.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At11.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At12.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-06 c:\windows\Tasks\At13.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-06 c:\windows\Tasks\At14.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At15.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At16.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At17.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At18.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At19.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At2.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At20.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At21.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At22.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At23.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At24.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At25.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At26.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At27.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At28.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At29.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At3.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At30.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At31.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At32.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At33.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At34.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At35.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At36.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-06 c:\windows\Tasks\At37.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-06 c:\windows\Tasks\At38.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At39.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At4.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At40.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At41.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At42.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At43.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At44.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At45.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At46.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At47.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At48.job - c:\windows\system32\3mgylNJd.exe [2008-11-06 12:13] 2008-11-05 c:\windows\Tasks\At5.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At6.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At7.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At8.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] 2008-11-05 c:\windows\Tasks\At9.job - c:\windows\system32\d8bxwJE0.exe [2008-11-02 13:31] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-brastk - c:\windows\system32\brastk.exe HKU-Default-Run-SVCHOST.EXE - c:\windows\system32\drivers\svchost.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Randizel\Application Data\Mozilla\Firefox\Profiles\nwi1gk7v.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 13:14:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-06 13:18:32 ComboFix-quarantined-files.txt 2008-11-06 21:18:02 Pre-Run: 127,435,517,952 bytes free Post-Run: 128,755,310,592 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 292

11-06-2008, 03:45 PM	#7 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:44 PM, on 11/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 6834 bytes

11-06-2008, 05:32 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,443 OS: 2000 Pro; XP Pro; XP Home	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Please go to: VirusTotal On the page you'll find a "Browse" button. Next to the browse button you'll see a box to enter text. Please copy/paste the following: c:\windows\system32\d8bxwJE0.exe Then click the "Send File " button just below. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. Please repeat for the following files: C:\m3d.exe C:\gWD.exe __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2008, 06:25 PM	#9 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. C:\m3d.exe File qGq.exe received on 11.04.2008 14:13:23 (CET) Current status: finished Result: 14/34 (41.18%) Compact Compact Print results Print results Antivirus Version Last Update Result AhnLab-V3 2008.11.4.3 2008.11.04 - AntiVir 7.9.0.10 2008.11.04 Worm/Autorun.nuz Authentium 5.1.0.4 2008.11.04 - Avast 4.8.1248.0 2008.11.03 Win32:FakeAlert-AJ AVG 8.0.0.161 2008.11.03 Dropper.Bravix.K BitDefender 7.2 2008.11.04 Trojan.FakeAlert.ALD CAT-QuickHeal 9.50 2008.11.04 - ClamAV 0.94.1 2008.11.04 - DrWeb 4.44.0.09170 2008.11.04 Trojan.Packed.1214 eSafe 7.0.17.0 2008.11.03 Suspicious File eTrust-Vet 31.6.6187 2008.11.03 - Ewido 4.0 2008.11.04 - F-Prot 4.4.4.56 2008.11.04 - Fortinet 3.117.0.0 2008.11.04 - GData 19 2008.11.04 Trojan.FakeAlert.ALD Ikarus T3.1.1.45.0 2008.11.04 Virus.Win32.Virut.au K7AntiVirus 7.10.515 2008.11.03 - Kaspersky 7.0.0.125 2008.11.04 - McAfee 5423 2008.11.04 - Microsoft 1.4005 2008.11.04 TrojanDownloader:Win32/FakeRean NOD32 3582 2008.11.04 Win32/TrojanDownloader.FakeAlert.PL.Gen Norman 5.80.02 2008.11.04 - Panda 9.0.0.4 2008.11.04 - PCTools 4.4.2.0 2008.11.03 - Rising 21.02.12.00 2008.11.04 - SecureWeb-Gateway 6.7.6 2008.11.04 Worm.Autorun.nuz Sophos 4.35.0 2008.11.04 Mal/EncPk-EQ Sunbelt 3.1.1777.2 2008.11.03 - Symantec 10 2008.11.04 - TheHacker 6.3.1.1.138 2008.11.04 - TrendMicro 8.700.0.1004 2008.11.04 - VBA32 3.12.8.9 2008.11.03 Backdoor.Win32.UltimateDefender.tt ViRobot 2008.11.4.1450 2008.11.04 Backdoor.Win32.UltimateDefender.43520.T VirusBuster 4.5.11.0 2008.11.03 - Additional information File size: 44032 bytes MD5...: 109cb8e6b687a2708bf22975ae5f5ce2 SHA1..: 694402ea0836b3e1d281b745cbc2d53caec82aa1 SHA256: 550644c679a7ac95ba3abefd8975cc736c00effa2b98665d12389f0631866344 SHA512: 5aa593442dda0e82aacef6082ce64763221b12b51095436979b3a45f481272a8 0549e057b6b512ec8a37d494c585cfc9a83aa747cff82250a8d91052b3cd7831 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401008 timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970) machinetype.......: 0x14c (I386) ( 2 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1000 0x200 5.73 f67e7783ee144628684ab1d77ee07cc6 .data 0x2000 0xf000 0xa600 7.96 37be6d8850bb76549796920b3778400a ( 3 imports ) > KERNEL32.DLL: AddAtomW, CancelWaitableTimer, ConnectNamedPipe, CreateMutexA, EnterCriticalSection, EnumDateFormatsExA, ExitProcess, GetConsoleTitleW, GetLocalTime, GetProfileIntA, GetVersionExA, GlobalWire, LeaveCriticalSection, LocalAlloc, OpenMutexW, RemoveDirectoryW, SetMessageWaitingIndicator, SetThreadIdealProcessor, UpdateResourceW, WritePrivateProfileSectionA > USER32.DLL: BroadcastSystemMessageA, CloseClipboard, CreateIconIndirect, DrawMenuBar, DrawStateA, FlashWindow, GetClassInfoExA, GetForegroundWindow, GetListBoxInfo, GetMenuItemCount, GetTabbedTextExtentA, GetUpdateRect, GetUserObjectSecurity, GetWindowLongA, HideCaret, LoadIconW, LoadMenuIndirectW, MessageBoxA, MessageBoxIndirectW, ModifyMenuW, SendMessageTimeoutA, SetClipboardViewer, SwitchToThisWindow, TabbedTextOutW > GDI32.DLL: CloseMetaFile, ColorMatchToTarget, CopyEnhMetaFileA, CopyMetaFileA, CreateColorSpaceA, CreateDCA, CreateFontW, CreateICW, DescribePixelFormat, GetArcDirection, GetBitmapDimensionEx, GetCharWidthA, GetEnhMetaFileDescriptionW, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetWinMetaFileBits, MaskBlt, PlgBlt, PolyTextOutW, SelectPalette, SetBitmapDimensionEx, SetBkColor, SetRectRgn, TranslateCharsetInfo ( 0 exports )

11-06-2008, 06:27 PM	#10 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. The other two files would resend something back in Spanish: 0 bytes received "Se ha recibido un archivo vacio" UPDATE: My Avast! antivirus program has detected around 7 viruses. I deleted them.

11-06-2008, 07:03 PM	#12 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. I have submitted the file; here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:02:37 PM, on 11/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Randizel\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 6455 bytes

11-06-2008, 07:05 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,443 OS: 2000 Pro; XP Pro; XP Home	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Also post the log from Combofix, C:\ComboFix.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2008, 07:08 PM	#14 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. ComboFix 08-11-05.02 - Randizel 2008-11-06 17:54:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT -8:00] Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Randizel\Desktop\CFScript.txt.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log C:\gWD.exe C:\m3d.exe c:\program files\AntivirusPro2009 c:\program files\AntivirusPro2009\AntivirusPro2009.exe c:\program files\AntivirusPro2009\AVEngn.dll c:\program files\AntivirusPro2009\data\daily.cvd c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro2009\pthreadVC2.dll c:\program files\AntivirusPro2009\Uninstall.exe c:\program files\AntivirusPro2009\wscui.cpl c:\windows\system32\3mgylNJd.exe c:\windows\system32\3mgylNJd.exe.a_a c:\windows\system32\3mgylNJd.exe_ c:\windows\system32\brastk.exe c:\windows\system32\d8bxwJE0.exe c:\windows\system32\DelSelf.bat c:\windows\system32\msansspc.dll c:\windows\Tasks\At1.job c:\windows\Tasks\At12.job c:\windows\Tasks\At17.job c:\windows\wiaserviv.log . ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))) . 2008-11-06 17:52 . 2008-11-06 17:52 388,608 --a------ c:\windows\system32\CF14610.exe.vir 2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit 2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini 2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll 2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini 2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt 2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio 2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe 2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor 2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG 2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo 2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND 2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar 2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo 2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete 2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264) 2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi 2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa 2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter 2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob 2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 01:30 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire 2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-04 04:01 --------- d-----w c:\program files\Java 2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter 2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX 2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss 2008-10-21 20:22 --------- d-----w c:\program files\DivX 2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint 2008-10-08 16:52 --------- d-----w c:\program files\AIM6 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-10-05 08:38 --------- d-----w c:\program files\PokerStars 2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM 2008-09-27 05:28 --------- d-----w c:\program files\ABC 2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype 2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-06_13.17.43.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-07 01:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208] "SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] c:\documents and settings\Randizel\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] . Contents of the 'Scheduled Tasks' folder 2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-05 c:\windows\Tasks\At10.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At11.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-06 c:\windows\Tasks\At13.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-06 c:\windows\Tasks\At14.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-06 c:\windows\Tasks\At15.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-06 c:\windows\Tasks\At16.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-07 c:\windows\Tasks\At18.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At19.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At2.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At20.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At21.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At22.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At23.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At24.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At25.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At26.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At27.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At28.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At29.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At3.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At30.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At31.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At32.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At33.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At34.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At35.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At36.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-06 c:\windows\Tasks\At37.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-06 c:\windows\Tasks\At38.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-06 c:\windows\Tasks\At39.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At4.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-06 c:\windows\Tasks\At40.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-07 c:\windows\Tasks\At41.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-07 c:\windows\Tasks\At42.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At43.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At44.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At45.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At46.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At47.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At48.job - c:\windows\system32\3mgylNJd.exe [] 2008-11-05 c:\windows\Tasks\At5.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At6.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At7.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At8.job - c:\windows\system32\d8bxwJE0.exe [] 2008-11-05 c:\windows\Tasks\At9.job - c:\windows\system32\d8bxwJE0.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-brastk - c:\windows\system32\brastk.exe HKLM-Run-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 17:57:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-06 17:58:44 ComboFix-quarantined-files.txt 2008-11-07 01:58:27 ComboFix2.txt 2008-11-06 21:18:33 Pre-Run: 128,764,428,288 bytes free Post-Run: 128,788,443,136 bytes free 283

11-06-2008, 09:59 PM	#16 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Thank you so much again tetonbob :) ComboFix 08-11-05.02 - Randizel 2008-11-06 20:54:23.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -8:00] Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Randizel\Desktop\CFScript.txt.txt * Created a new restore point FILE :: c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))) . 2008-11-06 17:52 . 2008-11-06 17:52 388,608 --a------ c:\windows\system32\CF14610.exe.vir 2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit 2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini 2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll 2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini 2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt 2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP 2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio 2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe 2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor 2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG 2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo 2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND 2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar 2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo 2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete 2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264) 2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi 2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa 2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter 2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob 2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 04:53 --------- d-----w c:\program files\LimeWire 2008-11-07 01:30 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire 2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-04 04:01 --------- d-----w c:\program files\Java 2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter 2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX 2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss 2008-10-21 20:22 --------- d-----w c:\program files\DivX 2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint 2008-10-08 16:52 --------- d-----w c:\program files\AIM6 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-10-05 08:38 --------- d-----w c:\program files\PokerStars 2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM 2008-09-27 05:28 --------- d-----w c:\program files\ABC 2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype 2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-06_13.17.43.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-07 01:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] c:\documents and settings\Randizel\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] Newly Created Service - APPMGMT . Contents of the 'Scheduled Tasks' folder 2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 20:57:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-06 20:58:19 ComboFix-quarantined-files.txt 2008-11-07 04:58:07 ComboFix2.txt 2008-11-07 01:58:46 ComboFix3.txt 2008-11-06 21:18:33 Pre-Run: 128,807,669,760 bytes free Post-Run: 128,798,720,000 bytes free 256

11-06-2008, 10:08 PM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,443 OS: 2000 Pro; XP Pro; XP Home	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Hi awordz - I'll look for the next logs (Eset online scan, and HijackThis) after you've posted them. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2008, 10:49 PM	#18 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Thank you, I haven't heard much sounds as of late. What's my next move? # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3593 (20081107) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=6a2e53fa1a695542bf3dc48c5094550d # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-11-07 05:45:35 # local_time=2008-11-06 09:45:35 (-0800, Pacific Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=357110 # found=6 # scan_time=2427 C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip multiple infiltrations (deleted) 00000000000000000000000000000000 C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »gWD.exe Win32/TrojanDownloader.FakeAlert.PL.Gen trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »m3d.exe Win32/TrojanDownloader.FakeAlert.PL.Gen trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Qoobox\Quarantine\[4]-Submit_2008-11-06@17.54.zip »ZIP »d8bxwJE0.exe probably a variant of Win32/TrojanDownloader.Firu trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\_OTMoveIt\MovedFiles\11032008_201043\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll Win32/Adware.Toolbar.Shopper application (unable to clean - deleted) 00000000000000000000000000000000 C:\_OTMoveIt\MovedFiles\11032008_202334\WINDOWS\system32\3mgylNJd.exe Win32/TrojanClicker.Agent.NES trojan (unable to clean - deleted) 00000000000000000000000000000000

11-07-2008, 07:52 AM	#19 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,443 OS: 2000 Pro; XP Pro; XP Home	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. Those items found by Eset are in quarantine folders, and will be addressed when we're done. I'd like to run one more diagnostic tool. Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (C:\lopR.txt ) __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-07-2008, 04:06 PM	#20 (permalink)
awordz Registered User Join Date: Nov 2008 Posts: 13 OS: WinXP	Re: Random sound clips: "Congratulations - you have won..." and other system sounds. --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Randizel ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.7.1098 [VPS 081031-1] 4.7.1098 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:233 Go (Free:119 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) I:\ (CD or DVD) "C:\Lop SD" ( MAJ : 01-11-2008\|16:30 ) Option : [1] ( Fri 11/07/2008\|15:03 ) --------------------\\ Listing folders in APPLIC~1 [07/04/2008\|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [12/02/2007\|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems [10/08/2008\|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [10/08/2008\|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [09/15/2007\|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [08/27/2007\|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [05/29/2008\|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [07/04/2008\|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU [10/26/2008\|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet [08/26/2007\|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [11/06/2008\|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater [07/05/2008\|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [10/02/2008\|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real [12/29/2007\|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype [03/09/2008\|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [11/01/2008\|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/15/2007\|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/26/2007\|03:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/26/2007\|03:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [11/04/2008\|08:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe [11/03/2008\|05:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google [11/03/2008\|05:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia [08/26/2007\|03:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [05/27/2008\|12:19] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> .ABC [09/15/2007\|08:05] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> acccore [07/04/2008\|02:51] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Adobe [08/13/2008\|09:39] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Apple Computer [07/04/2008\|12:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> AVS4YOU [03/27/2008\|09:23] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> DAEMON Tools [10/26/2008\|04:23] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> DivX [10/22/2008\|08:13] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> dvdcss [05/27/2008\|08:31] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> e frontier [08/18/2008\|12:34] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> FileZilla [12/30/2007\|08:45] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> FotoWire [08/26/2007\|03:26] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Google [06/11/2008\|08:00] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Help [08/26/2007\|03:15] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Identities [11/06/2008\|05:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> LimeWire [08/27/2007\|12:47] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Macromedia [10/08/2008\|10:44] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Media Player Classic [07/11/2008\|12:30] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Microsoft [09/15/2007\|08:03] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Mozilla [06/12/2008\|04:52] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Opera [10/02/2008\|07:41] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Real [09/14/2008\|08:42] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Skype [10/02/2008\|07:08] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> skypePM [01/27/2008\|09:15] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> Sun [11/18/2007\|04:38] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> vlc [03/22/2008\|11:24] C:\DOCUME~1\Randizel\APPLIC~1\<DIR> WinRAR --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [11/01/2008 09:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [11/06/2008 08:58 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/23/2001 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [09/26/2008\|09:28] C:\Program Files\<DIR> ABC [07/04/2008\|02:45] C:\Program Files\<DIR> Adobe [10/08/2008\|08:52] C:\Program Files\<DIR> AIM6 [08/26/2007\|03:28] C:\Program Files\<DIR> Alwil Software [11/01/2008\|01:00] C:\Program Files\<DIR> AoA Audio Extractor [08/13/2008\|09:19] C:\Program Files\<DIR> Apple Software Update [07/04/2008\|07:52] C:\Program Files\<DIR> AVS4YOU [05/29/2008\|06:51] C:\Program Files\<DIR> Bonjour [05/27/2008\|12:41] C:\Program Files\<DIR> CoffeeCup Software [11/06/2008\|08:55] C:\Program Files\<DIR> Common Files [08/26/2007\|03:07] C:\Program Files\<DIR> ComPlus Applications [05/27/2008\|08:19] C:\Program Files\<DIR> DAEMON Tools Lite [10/21/2008\|12:22] C:\Program Files\<DIR> DivX [07/10/2008\|02:53] C:\Program Files\<DIR> DVD Decrypter [05/27/2008\|08:21] C:\Program Files\<DIR> e frontier [11/06/2008\|09:45] C:\Program Files\<DIR> EsetOnlineScanner [07/05/2008\|03:40] C:\Program Files\<DIR> FileZilla FTP Client [08/26/2007\|03:24] C:\Program Files\<DIR> Google [06/05/2008\|06:27] C:\Program Files\<DIR> GustoSoft [12/31/2007\|12:35] C:\Program Files\<DIR> illusion [05/09/2008\|04:38] C:\Program Files\<DIR> InstallShield Installation Information [05/06/2008\|10:05] C:\Program Files\<DIR> Internet Explorer [08/13/2008\|09:13] C:\Program Files\<DIR> iPod [08/13/2008\|09:13] C:\Program Files\<DIR> iTunes [11/03/2008\|08:01] C:\Program Files\<DIR> Java [11/10/2007\|08:09] C:\Program Files\<DIR> JetAudio [10/02/2008\|07:41] C:\Program Files\<DIR> K-Lite Codec Pack [11/06/2008\|08:53] C:\Program Files\<DIR> LimeWire [12/30/2007\|08:45] C:\Program Files\<DIR> Logitech [11/02/2008\|01:36] C:\Program Files\<DIR> Magic Video Converter [08/26/2007\|03:07] C:\Program Files\<DIR> Messenger [02/25/2008\|01:46] C:\Program Files\<DIR> Microsoft ActiveSync [08/26/2007\|03:10] C:\Program Files\<DIR> microsoft frontpage [02/25/2008\|01:44] C:\Program Files\<DIR> Microsoft Office [02/25/2008\|01:45] C:\Program Files\<DIR> Microsoft Visual Studio [08/26/2007\|03:08] C:\Program Files\<DIR> Movie Maker [11/07/2008\|09:50] C:\Program Files\<DIR> Mozilla Firefox [08/26/2007\|03:06] C:\Program Files\<DIR> MSN [08/26/2007\|03:06] C:\Program Files\<DIR> MSN Gaming Zone [08/26/2007\|03:08] C:\Program Files\<DIR> NetMeeting [08/26/2007\|03:08] C:\Program Files\<DIR> Online Services [08/26/2007\|03:08] C:\Program Files\<DIR> Outlook Express [10/05/2008\|12:38] C:\Program Files\<DIR> PokerStars [08/13/2008\|09:12] C:\Program Files\<DIR> QuickTime [08/13/2008\|08:56] C:\Program Files\<DIR> Safari [03/06/2008\|10:13] C:\Program Files\<DIR> Sanstream [08/15/2008\|11:35] C:\Program Files\<DIR> SHARP [12/29/2007\|09:58] C:\Program Files\<DIR> Skype [11/04/2008\|12:01] C:\Program Files\<DIR> Spybot - Search & Destroy [03/27/2008\|09:42] C:\Program Files\<DIR> The Rosetta Stone [08/26/2007\|03:15] C:\Program Files\<DIR> Uninstall Information [04/03/2008\|11:39] C:\Program Files\<DIR> Veoh Networks [11/18/2007\|04:36] C:\Program Files\<DIR> VideoLAN [10/08/2008\|08:52] C:\Program Files\<DIR> Viewpoint [10/08/2008\|10:57] C:\Program Files\<DIR> WinAVI Video Converter [08/26/2007\|03:10] C:\Program Files\<DIR> Windows Media Player [08/26/2007\|03:06] C:\Program Files\<DIR> Windows NT [08/26/2007\|03:09] C:\Program Files\<DIR> WindowsUpdate [03/22/2008\|11:23] C:\Program Files\<DIR> WinRAR [08/26/2007\|03:10] C:\Program Files\<DIR> xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [05/27/2008\|04:19] C:\Program Files\Common Files\<DIR> Adobe [12/02/2007\|09:41] C:\Program Files\Common Files\<DIR> Adobe Systems Shared [09/15/2007\|08:04] C:\Program Files\Common Files\<DIR> AOL [05/29/2008\|06:47] C:\Program Files\Common Files\<DIR> Apple [07/04/2008\|07:51] C:\Program Files\Common Files\<DIR> AVSMedia [02/25/2008\|01:45] C:\Program Files\Common Files\<DIR> Designer [12/30/2007\|08:45] C:\Program Files\Common Files\<DIR> FotoWire [12/30/2007\|08:43] C:\Program Files\Common Files\<DIR> InstallShield [01/27/2008\|09:13] C:\Program Files\Common Files\<DIR> Java [02/25/2008\|01:42] C:\Program Files\Common Files\<DIR> L&H [12/30/2007\|08:44] C:\Program Files\Common Files\<DIR> Logitech [05/27/2008\|04:13] C:\Program Files\Common Files\<DIR> Macrovision Shared [07/04/2008\|12:26] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/26/2007\|03:08] C:\Program Files\Common Files\<DIR> MSSoap [08/26/2007\|07:57] C:\Program Files\Common Files\<DIR> ODBC [08/26/2007\|03:08] C:\Program Files\Common Files\<DIR> Services [12/29/2007\|09:58] C:\Program Files\Common Files\<DIR> Skype [08/26/2007\|07:57] C:\Program Files\Common Files\<DIR> SpeechEngines [02/25/2008\|01:44] C:\Program Files\Common Files\<DIR> System --------------------\\ Process ( 45 Processes ) IEXPLORE.EXE ~ [PID:3708] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-07 15:04:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Randizel\Application Data\.ABC\torrent\[isoHunt] Adobe Dreamweaver CS3 (9.0) Crack.torrent C:\DOCUME~1\Randizel\Application Data\.ABC\torrent\[isoHunt] Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE.torrent C:\DOCUME~1\Randizel\Application Data\.ABC\torrentinfo\[isoHunt] Adobe Dreamweaver CS3 (9.0) Crack.torrent.info C:\DOCUME~1\Randizel\Application Data\.ABC\torrentinfo\[isoHunt] Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE.torrent.info C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Dreamweaver CS3 (9.0).exe C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack\Dreamweaver.exe C:\DOCUME~1\Randizel\Desktop\Setups\Dreamweaver + Crack\Crack\Instructions.txt C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\inv-pdfsm24.rar C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\inv-pdfsm24.sfv C:\DOCUME~1\Randizel\Desktop\Torry\Ap.PDF.Split-Merge.v2.4.Incl.Crack-iNViSiBLE\iNViSiBLE.nfo C:\DOCUME~1\Randizel\My Documents\New Folder\Manga Studio Debut 3.0 ENG\Crack e Seriale C:\DOCUME~1\Randizel\My Documents\New Folder\Manga Studio Debut 3.0 ENG\Crack e Seriale\Seriale.txt C:\DOCUME~1\Randizel\Recent\Adobe Dreamweaver CS3 (9.0) + Crack.lnk C:\DOCUME~1\Randizel\Recent\Dreamweaver + Crack.lnk [F:23][D:6]-> C:\DOCUME~1\Randizel\LOCALS~1\Temp [F:117][D:0]-> C:\DOCUME~1\Randizel\Cookies [F:38][D:4]-> C:\DOCUME~1\Randizel\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 11/07/2008\|15:05 - Option : [1] --------------------\\ Scan completed at 15:05:39