Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

I gotta virus efcButur.dll

This is a discussion on I gotta virus efcButur.dll within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Bad image virus, C:\WINDOWS\system32\efcButur.dll is not a valid Windows image. Please check against something about the disket. Thats all I


 
 
Thread Tools Search this Thread
Old 07-12-2008, 11:49 AM   #1
Registered Member
 
Join Date: Jun 2008
Posts: 26
OS: XP SP2



Bad image virus, C:\WINDOWS\system32\efcButur.dll is not a valid Windows image. Please check against something about the disket. Thats all I can remember. I'm getting popups and stuff and my computer is extremely slower than usual. And my kaspersky tried to delete it but it keeps comming back. I turned off system restore and it still comes back after kaspersky try to delete it.
MienTommy is offline  
Sponsored Links
Advertisement
 
Old 07-12-2008, 11:51 AM   #2
Registered Member
 
Join Date: Jun 2008
Posts: 26
OS: XP SP2



Sry for double posting.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:22 AM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Stealthbots\StealthBot\StealthBot v2.6R3 D2 W3.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.185.251.190:11022
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM7f246e9f] Rundll32.exe "C:\WINDOWS\system32\eyilwjxx.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 3380 bytes
MienTommy is offline  
Old 07-12-2008, 02:06 PM   #3
Registered Member
 
Join Date: Jun 2008
Posts: 26
OS: XP SP2



Bruce or mod/admin you can mark this as resolved for now. Or delete thread. I think I fixed it with combofix. If the problem persist ill make a new thread. My combofix log (did I fix it)

ComboFix 08-07-11.1 - Tommy 2008-07-12 12:52:55.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7f246e9f.xml
C:\WINDOWS\system32\ihPqYJlm.ini
C:\WINDOWS\system32\ihPqYJlm.ini2
C:\WINDOWS\system32\lpdwwobs.ini
C:\WINDOWS\system32\sbowwdpl.dll
C:\WINDOWS\system32\temwwh.dll
C:\WINDOWS\system32\ugfcaluq.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-12 12:45 . 2008-07-12 12:45 99,928 --a------ C:\WINDOWS\system32\frcwqswr.dll
2008-07-12 10:54 . 2008-07-12 10:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 01:07 . 2008-07-12 01:07 281,088 --a------ C:\WINDOWS\system32\mlJYqPhi.dll
2008-07-12 00:55 . 2008-07-12 00:55 <DIR> d-------- C:\Program Files\Java
2008-07-12 00:48 . 2008-07-12 00:48 <DIR> d-------- C:\Program Files\FrostWire
2008-07-12 00:16 . 2008-07-12 00:16 427,648 --a------ C:\WINDOWS\system32\drivers\EagleNt.sys
2008-07-12 00:13 . 2004-08-04 05:00 1,689,088 --ah---t- C:\WINDOWS\system32\d62ad79.dll
2008-07-12 00:13 . 2004-08-04 05:00 1,689,088 --ah---t- C:\WINDOWS\system32\1c48dd78.dll
2008-07-12 00:13 . 2004-08-04 05:00 82,944 --ah---t- C:\WINDOWS\system32\a69c486.dll
2008-07-12 00:13 . 2004-08-04 05:00 82,944 --ah---t- C:\WINDOWS\system32\12819d14.dll
2008-07-11 17:47 . 2008-07-11 17:47 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-11 17:44 . 2008-07-11 17:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-10 21:39 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-07-10 21:36 . 2008-07-10 21:36 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-07-10 21:35 . 2008-07-10 21:35 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-07-10 21:35 . 2008-07-10 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-10 21:34 . 2008-07-10 21:34 <DIR> d-------- C:\Program Files\TechSmith
2008-07-10 17:53 . 2008-07-10 17:53 <DIR> d-------- C:\Nexon
2008-07-10 17:53 . 2008-07-10 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-08 23:54 . 2008-07-10 20:56 <DIR> d-------- C:\Program Files\Game Cam V2
2008-07-08 23:49 . 2008-07-08 23:51 <DIR> d-------- C:\Program Files\Game Cam
2008-07-08 23:49 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-07-08 23:49 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-07-08 23:49 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-08 23:49 . 2002-01-05 06:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-07-08 23:49 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-08 23:49 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-08 00:45 . 2008-07-08 00:45 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-07 12:53 . 2008-07-07 12:54 <DIR> d-------- C:\Program Files\QuickTime
2008-07-07 12:53 . 2008-07-07 12:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-07 12:53 . 2008-07-07 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-07 12:53 . 2008-07-07 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-06 19:11 . 2000-04-03 22:05 118,784 --a------ C:\WINDOWS\system32\msstdfmt.dll
2008-07-03 19:26 . 2008-07-03 19:26 <DIR> d-------- C:\Program Files\Daemons Ring Gunz
2008-07-03 19:26 . 2008-07-03 19:57 <DIR> d-------- C:\Daemons Ring
2008-07-03 13:25 . 2008-07-06 11:36 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-03 13:25 . 2008-07-06 11:36 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-03 13:25 . 2008-07-06 11:36 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-03 11:26 . 2008-07-03 11:26 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-03 11:26 . 2008-07-06 11:48 38,824 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-03 11:26 . 2008-07-03 11:26 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-03 11:23 . 2008-07-12 11:17 <DIR> d-------- C:\Program Files\Diablo II
2008-07-02 23:06 . 2008-07-11 02:57 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-02 23:06 . 2008-07-02 23:06 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-02 21:56 . 2008-07-02 21:56 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-07-02 13:04 . 2008-07-07 23:33 <DIR> d-------- C:\Stealthbots
2008-07-02 12:48 . 2008-07-02 13:04 <DIR> d-------- C:\Program Files\StealthBot
2008-07-02 09:34 . 2008-07-02 09:34 <DIR> d-------- C:\Program Files\MAIET
2008-07-01 16:46 . 2008-07-01 16:48 <DIR> d-------- C:\Program Files\Google
2008-07-01 16:46 . 2008-07-01 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 13:54 . 2008-07-01 15:10 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Ventrilo
2008-07-01 13:27 . 2008-07-01 13:27 <DIR> d-------- C:\Program Files\Ventrilo
2008-07-01 13:26 . 2008-07-01 13:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 12:43 . 2008-07-01 12:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-01 11:23 . 2008-07-01 11:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-01 11:22 . 2003-07-17 11:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-01 11:22 . 2005-01-01 02:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-01 11:18 . 2008-07-01 11:20 <DIR> d-------- C:\Program Files\Winamp
2008-07-01 11:18 . 2008-07-01 11:28 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Winamp
2008-07-01 11:15 . 2008-07-11 22:53 33 --a------ C:\WINDOWS\GunzLauncher.INI
2008-07-01 10:32 . 2008-07-01 10:32 <DIR> d-------- C:\Program Files\NHN USA
2008-07-01 10:32 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-07-01 10:32 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-07-01 10:11 . 2008-07-01 10:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-01 10:11 . 2008-07-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-01 10:11 . 2008-07-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-01 10:10 . 2008-07-01 10:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-01 10:10 . 2008-07-12 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-01 10:10 . 2008-07-12 12:49 1,598,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-01 10:10 . 2008-07-12 12:49 417,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-01 10:10 . 2008-07-12 12:49 13,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-01 10:10 . 2008-07-12 12:49 2,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-01 10:09 . 2008-07-01 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-01 10:02 . 2008-07-11 22:02 <DIR> d-------- C:\Program Files\Starcraft
2008-07-01 10:02 . 2008-07-01 10:03 70,656 --a------ C:\WINDOWS\ScUnin.exe
2008-07-01 10:02 . 2008-07-01 10:03 34,807 --a------ C:\WINDOWS\scunin.dat
2008-07-01 10:02 . 2008-07-01 10:03 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-01 09:56 . 2008-07-01 09:56 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-01 09:56 . 2008-07-01 09:56 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-07-01 09:55 . 2008-07-01 09:55 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-07-01 09:52 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-07-01 09:52 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-07-01 09:52 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-07-01 09:51 . 2008-07-01 09:51 <DIR> d-------- C:\Program Files\Realtek
2008-07-01 09:35 . 2008-07-01 09:35 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-01 09:08 . 2008-07-01 09:51 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-30 23:25 . 2008-07-01 09:52 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-06-30 22:48 . 2008-07-12 12:44 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\uTorrent
2008-06-30 22:24 . 2008-07-02 11:56 <DIR> d--h----- C:\Documents and Settings\Tommy\Application Data\ijjigame
2008-06-30 22:14 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-30 22:14 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-30 22:06 . 2008-06-30 22:06 0 --a------ C:\WINDOWS\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 06:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 19:53 514,560 ----a-w C:\WINDOWS\system32\logonui(2)(2)(3).exe
2008-07-02 03:50 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-02 01:20 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-07-01 16:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-01 16:21 --------- d-----w C:\Program Files\Viewpoint
2008-07-01 16:11 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-07-01 16:10 --------- d-----w C:\Program Files\AOD
2008-07-01 16:10 --------- d-----w C:\Program Files\AIM
2008-07-01 04:45 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Aim
2008-07-01 04:31 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-01 04:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-26 01:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet(2)(2)(3).dll
2008-04-23 04:16 267,776 ----a-w C:\WINDOWS\system32\iertutil(2)(2)(3).dll
2008-04-23 04:16 105,984 ----a-w C:\WINDOWS\system32\url(2)(2)(3).dll
2008-04-23 04:16 1,159,680 ----a-w C:\WINDOWS\system32\urlmon(2)(2)(3).dll
.

------- Sigcheck -------

2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2008-07-01 20:50 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-01 20:50 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_12.43.50.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 19:39:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 19:58:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54270491-55FE-4139-A5D5-5EC542D97183}]
2008-07-12 01:07 281088 --a------ C:\WINDOWS\system32\mlJYqPhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 16:46 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-01 16:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 10:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Documents and Settings\\Tommy\\My Documents\\utorrent v1.6.1.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\Sarn\\Sarn\\proxies for Battle.net tester\\Virtual_TLS.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\w00tzors\\TLS_E v6\\Virtual_TLS.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\Sarn\\Sarn\\Test the speed of proxies\\Charon.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\w00tzors\\Charon\\Charon.exe"=
"C:\\Daemons Ring\\DRGunZ.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\D2Hax\\RedVex\\Redvex 3.2 2-25-08\\MieN.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Documents and Settings\\Tommy\\Desktop\\D2Hax\\RedVex 2.5\\RedVex.exe"=
"C:\\Documents and Settings\\Tommy\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\GameCamV2.exe_v382CEADF\\Native\\STUBEXE\\@[email protected]\\utorrent v1.6.1.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 09:34:33 C:\WINDOWS\Tasks\User_Feed_Synchronization-{38DA601B-C798-4EBD-81AD-28A200ECEE0D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-7c175d03 - C:\WINDOWS\system32\sbowwdpl.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-07-12 12:59:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-07-12 13:03:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 20:03:36
ComboFix2.txt 2008-07-12 19:45:20

Pre-Run: 63,078,936,576 bytes free
Post-Run: 61,184,278,528 bytes free

237 --- E O F --- 2008-07-02 03:51:54



SRY FOR TRIPPLE POSTING! Lol :) Cuz it wont let me edit


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:30 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.185.251.190:11022
O2 - BHO: {e20c0474-15e3-5809-7984-468af764dc57} - {75cd467f-a864-4897-9085-3e514740c02e} - C:\WINDOWS\system32\dfudnj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E2E463F0-782D-45BE-823A-AC9BD11D0395} - C:\WINDOWS\system32\mlJYqPhi.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 3748 bytes













EDIT: NVM ITS NOT FIXED! It fixed a little tho BUT NOT FIXED!

NEW HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:30 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.185.251.190:11022
O2 - BHO: {e20c0474-15e3-5809-7984-468af764dc57} - {75cd467f-a864-4897-9085-3e514740c02e} - C:\WINDOWS\system32\dfudnj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E2E463F0-782D-45BE-823A-AC9BD11D0395} - C:\WINDOWS\system32\mlJYqPhi.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 3748 bytes
MienTommy is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:43 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts