Tech Support banner

Status
Not open for further replies.
1 - 20 of 128 Posts

·
Registered
Joined
·
94 Posts
Discussion Starter #1
first ive been looking for solution for my problems found 1 thread but his prolbem wasnt resolved he had to reformat. my computer has been acting up i dont know alot about computers so heres my problem a virus took away my system admin privlages and several other viruses effected my system the got rid of my ability to copy and paste drag and drop ( some reason i can copy and paste hijack this logs) also my sound is gone. these are not hardware problems since i already went and check that first doing a quick virus scan with avast it says i have 3 viruses.

also i tried running an online scan just to double check but mozila firefox is not supported and i uninstalled internet explorer will post a hijackthis log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CCP\EVE\bin\ExeFile.exe
C:\Program Files\SensorsViewPro31\sviewpro.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-1777583614-3819741254-1203153484-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5346 bytes
 

·
Registered
Joined
·
94 Posts
Discussion Starter #2
right i ran a search and destroy scan and it seems i have 6 keyloggers 34 trojans and 3 viruses any help on how to remove them since avast wont pick them up so i can repair them
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello rvballar17 and welcome,

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt
 

·
Registered
Joined
·
94 Posts
Discussion Starter #4
i only got the main txt no minimized extra log

Deckard's System Scanner v20071014.68
Run by thomas on 2008-02-24 23:50:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as thomas.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50, on 2008-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\thomas\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\thomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - S-1-5-21-1777583614-3819741254-1203153484-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5329 bytes

-- Files created between 2008-01-24 and 2008-02-24 -----------------------------

2008-02-21 19:40:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-02-21 19:32:20 0 d-------- C:\Documents and Settings\thomas\Application Data\Help
2008-02-20 16:48:52 0 d-------- C:\Program Files\PartyGaming
2008-02-19 19:59:11 0 d-------- C:\Program Files\Briggs Softworks
2008-02-17 21:52:38 0 dr-h----- C:\Documents and Settings\thomas\Recent
2008-02-17 16:22:01 0 d-------- C:\Program Files\free-downloads.net
2008-02-17 16:21:53 0 d-------- C:\Program Files\Alcohol Soft
2008-02-17 15:14:53 0 d-------- C:\Documents and Settings\thomas\Application Data\DAEMON Tools
2008-02-13 17:58:22 0 d-------- C:\WINDOWS\Search And Destroy
2008-02-13 17:58:21 0 d-------- C:\Program Files\Search And Destroy
2008-02-06 22:26:51 0 d-------- C:\Program Files\SensorsViewPro31
2008-02-03 16:15:16 0 d-------- C:\Program Files\uTorrent
2008-02-01 21:14:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-27 11:03:19 0 d-------- C:\WINDOWS\ERUNT
2008-01-26 18:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-26 18:43:52 0 d-------- C:\Documents and Settings\thomas\Application Data\Azureus
2008-01-25 22:42:35 0 d-------- C:\Program Files\CCP
2008-01-25 11:22:57 0 d-------- C:\Documents and Settings\thomas\Application Data\Comodo
2008-01-25 11:22:55 0 d-------- C:\Program Files\COMODO
2008-01-25 11:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-25 11:18:01 0 d-------- C:\Program Files\Alwil Software
2008-01-25 00:21:12 0 d-------- C:\Documents and Settings\thomas\.housecall6.6
2008-01-24 19:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-24 19:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-01-24 19:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-01-24 19:16:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-24 19:16:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-24 19:16:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-24 19:16:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-24 19:16:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-24 19:16:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-24 19:16:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-24 19:16:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-24 19:16:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-24 19:16:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-24 19:16:45 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-24 19:16:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-24 19:16:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-24 19:16:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-01-24 19:16:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-24 19:16:44 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-02-24 23:50:19 0 d-------- C:\Documents and Settings\thomas\Application Data\Xfire
2008-02-24 00:48:14 0 d-------- C:\Documents and Settings\thomas\Application Data\uTorrent
2008-02-21 19:34:19 0 d-------- C:\Program Files\Steam
2008-02-17 16:31:17 0 d-------- C:\Program Files\EA GAMES
2008-02-13 19:05:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 16:45:45 0 d---s---- C:\Program Files\Xfire
2008-02-10 22:38:14 0 d-------- C:\Documents and Settings\thomas\Application Data\IGN_DLM
2008-02-10 22:35:22 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-02-10 13:06:54 0 d-------- C:\Program Files\Common Files
2008-02-08 22:11:38 0 d-------- C:\Program Files\SpeedFan
2008-02-06 19:32:16 0 d-------- C:\Program Files\Analog Devices
2008-01-25 12:17:45 0 d-------- C:\Program Files\Save
2008-01-23 14:20:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-23 13:41:38 0 d-------- C:\Program Files\CCleaner
2008-01-22 17:20:54 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-22 17:20:53 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-20 01:38:39 0 d-------- C:\Program Files\Lavalys
2008-01-17 20:32:17 0 d-------- C:\Program Files\MSN Messenger
2008-01-15 19:01:27 0 d-------- C:\Program Files\QuickTime
2008-01-11 19:51:59 0 d-------- C:\Program Files\My POS
2008-01-08 17:00:02 0 d-------- C:\Documents and Settings\thomas\Application Data\DivX
2007-12-26 21:22:16 0 d-------- C:\Documents and Settings\thomas\Application Data\vlc
2007-12-25 13:45:03 0 d-------- C:\Program Files\Winamp
2007-12-24 14:21:16 146 --a------ C:\Documents and Settings\thomas\Application Data\burnaware.ini
2007-12-14 17:04:37 16768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys <Not Verified; www.kceasy.com; KCeasy tcpip.sys patcher>
2007-12-14 14:32:01 1283960 --a------ C:\Install
2007-12-11 17:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 17:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 17:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 17:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 17:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 17:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 17:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-25 11:22]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"SearchAndDestroyMFC"="C:\Program Files\Search And Destroy\Search And Destroy.exe" [2008-01-01 13:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 18:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Dialer]
C:\Program Files\Common Files\AOL\ACS\AOlDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C84 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1135620404\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
C:\WINDOWS\system32\server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"SymWSC"=2 (0x2)
"NetSvc"=3 (0x3)
"MySQL"=2 (0x2)
"IDriverT"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{514bc9ea-e786-11da-b6e9-806d6172696f}]
AutoRun\command- F:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-02-24 23:52:04 ------------
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Have you run dss.exe on this system before this latest scan?

--------------------------------------------

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
 

·
Registered
Joined
·
94 Posts
Discussion Starter #7 (Edited)
combo fix log

ComboFix 08-02-25.3 - thomas 2008-02-25 17:45:21.2 - NTFSx86
Running from: C:\Documents and Settings\thomas\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 23:50 . 2008-02-24 23:50 <DIR> d-------- C:\Deckard
2008-02-21 19:40 . 2008-02-21 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-20 16:48 . 2008-02-20 16:53 <DIR> d-------- C:\Program Files\PartyGaming
2008-02-19 19:59 . 2008-02-19 19:59 <DIR> d-------- C:\Program Files\Briggs Softworks
2008-02-17 16:22 . 2008-02-17 20:25 <DIR> d-------- C:\Program Files\free-downloads.net
2008-02-17 16:21 . 2008-02-17 16:21 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-02-17 15:14 . 2008-02-17 15:14 <DIR> d-------- C:\Documents and Settings\thomas\Application Data\DAEMON Tools
2008-02-14 16:32 . 2008-02-14 16:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 17:58 . 2008-02-13 17:58 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-13 17:58 . 2008-02-13 17:58 <DIR> d-------- C:\Program Files\Search And Destroy
2008-02-06 22:26 . 2008-02-07 21:36 <DIR> d-------- C:\Program Files\SensorsViewPro31
2008-02-03 16:15 . 2008-02-22 22:24 <DIR> d-------- C:\Program Files\uTorrent
2008-01-30 21:02 . 2008-01-30 21:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-27 11:03 . 2008-01-27 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-26 18:43 . 2008-01-26 23:14 <DIR> d-------- C:\Documents and Settings\thomas\Application Data\Azureus
2008-01-26 18:43 . 2008-01-26 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-25 22:42 . 2008-01-25 22:42 <DIR> d-------- C:\Program Files\CCP
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\COMODO
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Documents and Settings\thomas\Application Data\Comodo
2008-01-25 11:22 . 2008-01-25 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-25 11:22 . 2008-01-25 11:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-25 11:22 . 2008-01-25 11:22 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-25 11:22 . 2008-01-25 11:22 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-25 11:18 . 2008-01-25 11:18 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-25 11:18 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-25 11:18 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-25 11:18 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-25 11:18 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-25 11:18 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-25 11:18 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-25 11:18 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-25 11:18 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-25 00:21 . 2008-02-10 13:10 <DIR> d-------- C:\Documents and Settings\thomas\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 22:35 --------- d-----w C:\Documents and Settings\thomas\Application Data\Xfire
2008-02-24 05:48 --------- d-----w C:\Documents and Settings\thomas\Application Data\uTorrent
2008-02-23 22:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-23 22:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-22 00:34 --------- d-----w C:\Program Files\Steam
2008-02-17 21:31 --------- d-----w C:\Program Files\EA GAMES
2008-02-17 20:18 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 00:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 21:45 --------- d-s---w C:\Program Files\Xfire
2008-02-11 03:38 --------- d-----w C:\Documents and Settings\thomas\Application Data\IGN_DLM
2008-02-11 03:35 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-02-09 03:11 --------- d-----w C:\Program Files\SpeedFan
2008-02-07 00:32 --------- d-----w C:\Program Files\Analog Devices
2008-01-25 17:17 --------- d-----w C:\Program Files\Save
2008-01-23 19:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 18:41 --------- d-----w C:\Program Files\CCleaner
2008-01-22 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 06:38 --------- d-----w C:\Program Files\Lavalys
2008-01-18 01:32 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 00:01 --------- d-----w C:\Program Files\QuickTime
2008-01-15 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-12 00:51 --------- d-----w C:\Program Files\My POS
2008-01-10 11:35 6,144 ----a-w C:\WINDOWS\system32\drivers\sensorsview64.sys
2008-01-10 11:34 4,224 ----a-w C:\WINDOWS\system32\drivers\sensorsview.sys
2008-01-08 22:00 --------- d-----w C:\Documents and Settings\thomas\Application Data\DivX
2007-12-27 02:22 --------- d-----w C:\Documents and Settings\thomas\Application Data\vlc
2007-12-25 18:45 --------- d-----w C:\Program Files\Winamp
2007-12-14 22:04 16,768 ----a-w C:\WINDOWS\system32\tcpip_patcher.sys
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2006-02-20 17:03 56 --sh--r C:\WINDOWS\system32\D8F8B29492.sys
2006-11-24 02:20 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-04 11:00:00 C:\WINDOWS\system32\svchost.exe

b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
-c--a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,024 2004-08-04 11:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
------w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-04 11:00:00 C:\WINDOWS\system32\ws2_32.dll

8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\system32\wininet.dll
-c--a-w 659,456 2005-07-03 02:09:33 C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
-c--a-w 661,504 2005-10-21 03:38:08 C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
-c--a-w 663,552 2006-03-04 03:58:52 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
-c--a-w 663,552 2006-05-10 05:25:22 C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
-c--a-w 664,576 2006-06-23 11:25:31 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
-c--a-w 664,576 2006-09-14 08:31:30 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
-c--a-w 664,576 2006-10-23 15:34:22 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
-c--a-w 665,088 2007-01-04 14:05:30 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
-c----w 658,432 2005-07-03 02:11:30 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
-c----w 658,432 2005-10-21 03:39:30 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
-c----w 658,432 2006-03-04 03:33:45 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
-c----w 658,432 2006-05-10 05:23:03 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
-c----w 658,944 2006-06-23 11:02:52 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
-c----w 658,944 2006-09-14 08:39:55 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
-c----w 658,944 2006-10-23 15:17:53 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
----a-w 658,944 2007-01-04 13:37:08 C:\WINDOWS\system32\wininet.dll
-c----w 658,944 2007-01-04 13:37:08 C:\WINDOWS\system32\dllcache\wininet.dll

90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
-c--a-w 359,936 2005-05-25 19:07:12 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
-c--a-w 360,448 2006-01-13 17:07:08 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
-c--a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2004-08-04 11:00:00 C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
-c----w 359,808 2005-05-25 19:04:02 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
-c----w 359,808 2006-01-13 02:28:14 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
------w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2004-08-04 11:00:00 C:\WINDOWS\system32\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-04 11:00:00 C:\WINDOWS\system32\drivers\ndis.sys

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-04 11:00:00 C:\WINDOWS\system32\drivers\ip6fw.sys

515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
-c--a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
-c--a-w 2,059,392 2006-12-19 16:12:16 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 11:00:00 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
-c----w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
-c----w 2,057,600 2006-12-19 12:55:39 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
-c--a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
-c--a-w 2,182,016 2006-12-19 16:51:12 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
-c----w 2,180,992 2004-08-04 11:00:00 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
-c----w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
-c----w 2,180,352 2006-12-19 14:17:19 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,192 2004-08-04 11:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
------w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
"SearchAndDestroyMFC"="C:\Program Files\Search And Destroy\Search And Destroy.exe" [2008-01-01 13:24 12546155]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 18:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-25 11:22 1481472]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Dialer]
C:\Program Files\Common Files\AOL\ACS\AOlDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C84 Series]
--a--c--- 2003-05-27 04:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1135620404\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 13:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2006-03-20 17:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
C:\WINDOWS\system32\server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-29 17:44 1266936 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-01-24 22:20 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"SymWSC"=2 (0x2)
"NetSvc"=3 (0x3)
"MySQL"=2 (0x2)
"IDriverT"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{514bc9ea-e786-11da-b6e9-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 22:20:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 17:48:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-02-25 17:50:09
.
2008-01-22 03:57:03 --- E O F ---

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:12 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1777583614-3819741254-1203153484-1006\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - S-1-5-21-1777583614-3819741254-1203153484-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5415 bytes
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
i uninstalled internet explorer
:eek:

Internet Explorer is more than just a browser--it is an integral part of the Windows OS system.

--------------------------------------------------------------

Before we go any further, get the Recovery Console installed on this system. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System





Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

---------------------------------------------------------------------

Do you have a working System Restore point available?

Click Start>All Programs>Accessories>System Tools
  • Select System Restore
  • Next, select 'Restore my computer to an earlier time'
  • In the calendar on the left, note all the bolded dates and post them here for me.
 

·
Registered
Joined
·
94 Posts
Discussion Starter #9
i got rid or the browser part of internet explorer but when i try to update it to 7 i cant.

also i still cant drag and drop so i cant do the recovery console and for the system restore the virus took away my admin rights so i get a message saying "system restore is unable to protect your computer. please restart your computer, and then run system restore again. I tried that many times and still no luck
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Do you have a Windows XPSP2 install disc?
 

·
Registered
Joined
·
94 Posts
Discussion Starter #11
nope this dell didnt come with any windows cds at all but it did come with a windows key on the side of the case its a dell dimension 1100
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Please download querySvc.zip to your desktop. Double click to run it and please post the log it produces.
 

·
Registered
Joined
·
94 Posts
Discussion Starter #13
heres the querysvc log

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 22:06:54
Windows 5.1.2600 Service Pack 2

detected NTDLL code modification:
ZwClose

scanning processes ...

System [4]
C:\WINDOWS\system32\smss.exe [624] 0x8388A6B8
C:\WINDOWS\system32\csrss.exe [672] 0x83644950
C:\WINDOWS\system32\winlogon.exe [696] 0x839B8990
C:\WINDOWS\system32\services.exe [740] 0x8366C648
C:\WINDOWS\system32\lsass.exe [752] 0x838C2980
C:\WINDOWS\system32\svchost.exe [932] 0x8368E340
C:\WINDOWS\system32\svchost.exe [1016] 0x8362E320
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1192] 0x8362F850
C:\WINDOWS\explorer.exe [1356] 0x8365D300
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [1472] 0x835493C0
C:\WINDOWS\system32\rundll32.exe [1496] 0x832EE5F0
C:\Program Files\Analog Devices\Core\smax4pnp.exe [1512] 0x835F7980
C:\Program Files\COMODO\Firewall\cmdagent.exe [1960] 0x82F21858
C:\WINDOWS\system32\nvsvc32.exe [1980] 0x8321ADA0
C:\WINDOWS\system32\PnkBstrA.exe [236] 0x82EEFDA0
C:\Documents and Settings\thomas\Desktop\querySvc.exe [924] 0x83248020
C:\WINDOWS\system32\cmd.exe [1840] 0x82D67D38
C:\DOCUME~1\thomas\LOCALS~1\Temp\RarSFX0\catchme.exe [1744] 0x82C6F3E0


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)


------ Services [Running]

SERVICE_NAME: aswUpdSv
SERVICE_NAME: cmdAgent
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: Eventlog
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: NVSvc
SERVICE_NAME: PlugPlay
SERVICE_NAME: PnkBstrA
SERVICE_NAME: seclogon
SERVICE_NAME: Themes
SERVICE_NAME: w32time

------ Services [Stopped]

SERVICE_NAME: Adobe LM Service
SERVICE_NAME: Alerter
SERVICE_NAME: ALG
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: AudioSrv
SERVICE_NAME: avast! Antivirus
SERVICE_NAME: avast! Mail Scanner
SERVICE_NAME: avast! Web Scanner
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: clr_optimization_v2.0.50727_32
SERVICE_NAME: COMSysApp
SERVICE_NAME: CryptSvc
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: FirebirdGuardianDefaultInstance
SERVICE_NAME: FirebirdServerDefaultInstance
SERVICE_NAME: helpsvc
SERVICE_NAME: HidServ
SERVICE_NAME: HTTPFilter
SERVICE_NAME: IDriverT
SERVICE_NAME: ImapiService
SERVICE_NAME: LmHosts
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: Netman
SERVICE_NAME: NetSvc
SERVICE_NAME: Nla
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasAuto
SERVICE_NAME: RasMan
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RpcSs
SERVICE_NAME: RSVP
SERVICE_NAME: SamSs
SERVICE_NAME: SCardSvr
SERVICE_NAME: Schedule
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SwPrv
SERVICE_NAME: SymWSC
SERVICE_NAME: SysmonLog
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: TrkWks
SERVICE_NAME: TUWinStylerThemeSvc
SERVICE_NAME: UMWdf
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: usnjsvc
SERVICE_NAME: usprserv
SERVICE_NAME: VSS
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wscsvc
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC
SERVICE_NAME: xmlprov

------ Drivers [Running]

SERVICE_NAME: Aavmker4
SERVICE_NAME: ACPI
SERVICE_NAME: AFD
SERVICE_NAME: aswMon2
SERVICE_NAME: aswTdi
SERVICE_NAME: atapi
SERVICE_NAME: atksgt
SERVICE_NAME: audstub
SERVICE_NAME: BANTExt
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: cmdGuard
SERVICE_NAME: cmdHlp
SERVICE_NAME: Disk
SERVICE_NAME: drvmcdb
SERVICE_NAME: drvnddm
SERVICE_NAME: E100B
SERVICE_NAME: Fdc
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: giveio
SERVICE_NAME: Gpc
SERVICE_NAME: HidUsb
SERVICE_NAME: i2omgmt
SERVICE_NAME: Imapi
SERVICE_NAME: Inspect
SERVICE_NAME: IntelIde
SERVICE_NAME: intelppm
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: kbdhid
SERVICE_NAME: KSecDD
SERVICE_NAME: lirsgt
SERVICE_NAME: mnmdd
SERVICE_NAME: Mouclass
SERVICE_NAME: mouhid
SERVICE_NAME: MountMgr
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: Npfs
SERVICE_NAME: NPPTNT2
SERVICE_NAME: Ntfs
SERVICE_NAME: Null
SERVICE_NAME: nv
SERVICE_NAME: oreans32
SERVICE_NAME: Parport
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: PxHelp20
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: redbook
SERVICE_NAME: SCDEmu
SERVICE_NAME: Secdrv
SERVICE_NAME: senfilt
SERVICE_NAME: sensorsview
SERVICE_NAME: serenum
SERVICE_NAME: Serial
SERVICE_NAME: smwdm
SERVICE_NAME: speedfan
SERVICE_NAME: sptd
SERVICE_NAME: sr
SERVICE_NAME: Srv
SERVICE_NAME: sscdbhk5
SERVICE_NAME: ssrtln
SERVICE_NAME: swenum
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: tfsnboio
SERVICE_NAME: tfsncofs
SERVICE_NAME: tfsndrct
SERVICE_NAME: tfsndres
SERVICE_NAME: tfsnifs
SERVICE_NAME: tfsnopio
SERVICE_NAME: tfsnpool
SERVICE_NAME: tfsnudf
SERVICE_NAME: tfsnudfa
SERVICE_NAME: Update
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbuhci
SERVICE_NAME: VgaSave
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp

------ Drivers [Stopped]

SERVICE_NAME: Abiosdsk
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: aec
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: amsint
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: aswRdr
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: bvrp_pci
SERVICE_NAME: cbidf
SERVICE_NAME: cbidf2k
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: CmdIde
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: dmboot
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: DMusic
SERVICE_NAME: dpti2o
SERVICE_NAME: drmkaud
SERVICE_NAME: dtscsi
SERVICE_NAME: ENTECH
SERVICE_NAME: Fastfat
SERVICE_NAME: Flpydisk
SERVICE_NAME: hamachi
SERVICE_NAME: hpn
SERVICE_NAME: HTTP
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: ialm
SERVICE_NAME: ini910u
SERVICE_NAME: IntelC51
SERVICE_NAME: IntelC52
SERVICE_NAME: IntelC53
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IRENUM
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: mcdbus
SERVICE_NAME: Modem
SERVICE_NAME: MODEMCSA
SERVICE_NAME: mohfilt
SERVICE_NAME: mraid35x
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: Pcmcia
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: rdpdr
SERVICE_NAME: RDPWD
SERVICE_NAME: SCREAMINGBDRIVER
SERVICE_NAME: SDDMI2
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: sisagp
SERVICE_NAME: Sparrow
SERVICE_NAME: splitter
SERVICE_NAME: swmidi
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: sysaudio
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: TosIde
SERVICE_NAME: Udfs
SERVICE_NAME: ultra
SERVICE_NAME: usbprint
SERVICE_NAME: USBSTOR
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: wanatw
SERVICE_NAME: WDICA
SERVICE_NAME: wdmaud
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi rvballer17,

There are a few things I'd like you to do. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Most of your necessary services are stopped. Disable Comodo Firewall:
  • Click Start>Run and type msconfig in the run box. Click OK.
  • Click the Startup tab
  • uncheck CPF
  • Click Apply and Ok and restart the machine.

1. See if you can copy/paste, drag n drop, etc.

2. Try again to reinstall IE.

----------------------------

If IE still won't install, install the IE Tab add on for Firefox. We can use that Tab to perform an online scan.

https://addons.mozilla.org/firefox/1419/

Further instructions about how to use it can be found here.

Once you've gotten the IE tab installed in Firefox, use the IE tab and try again to run the online scan at Kaspersky. Visit http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

I'd also like to see the following:

Go to Start > Run - type in eventvwr <Press Enter>



This is a picture of what the event viewer looks like.
You will see Application, Security & System listed in the left pane.
  1. In the left pane click on Application.
  2. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name
    Look for “Error” & double-click on the most recent 10, and evaluate the event description for any indication of the cause of the problem.
  3. Make note of the Description, EventID and Source of these Event Properties.
  4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below





  5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down.
    There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
  6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Repeat steps 1-6 for System

--------------------

Download and run this tool NTPriveleges. Post the log it produces.


Include all these in your next reply:

Kaspersky results
Event Viewer report
NTPriveleges report
Update on system behavior
 

·
Registered
Joined
·
94 Posts
Discussion Starter #15 (Edited)
i unchecked cpf hit apply and restarted still cant drag and drop nor copy and paste. i downloaded the add on for firefox and when i hit accept for the scan nothing happens. and when i double click on an error it doesnt open to the new window.

hers the report from ntpriveleges


-------------------------------------------
\Everyone
- SeChangeNotifyPrivilege
-------------------------------------------
NT AUTHORITY\LOCAL SERVICE
- SeAuditPrivilege
- SeIncreaseQuotaPrivilege
- SeAssignPrimaryTokenPrivilege
-------------------------------------------
NT AUTHORITY\NETWORK SERVICE
- SeAuditPrivilege
- SeIncreaseQuotaPrivilege
- SeAssignPrimaryTokenPrivilege
S-1-5-21-1777583614-3819741254-1203153484-1002
S-1-5-21-1777583614-3819741254-1203153484-1004
- SeImpersonatePrivilege
S-1-5-21-1777583614-3819741254-1203153484-1006
S-1-5-21-1777583614-3819741254-1203153484-501
S-1-5-32
-------------------------------------------
BUILTIN\Administrators
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemTimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeNetworkLogonRight
- SeDebugPrivilege
- SeTakeOwnershipPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLoadDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- SeChangeNotifyPrivilege
- SeUndockPrivilege
- SeManageVolumePrivilege
- SeImpersonatePrivilege
- SeCreateGlobalPrivilege
-------------------------------------------
BUILTIN\Users
- SeShutdownPrivilege
- SeChangeNotifyPrivilege
- SeUndockPrivilege
-------------------------------------------
NT AUTHORITY\INTERACTIVE
- SeCreateGlobalPrivilege
-------------------------------------------
NT AUTHORITY\SERVICE
- SeImpersonatePrivilege
- SeCreateGlobalPrivilege
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Please try BitDefender's online scanner--using the IE tab in FF.





Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:
  • Action options - Report only
  • Second option - Report only

Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply.

-----------------------------------------------

If that online scanner won't work either, please do the following:

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean--for now, I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar, Go to Options>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.
 

·
Registered
Joined
·
94 Posts
Discussion Starter #18
subs event viewer wont work it shows the errors but when i click on them to open they dont. and reid i got the drweb scan for you

drweb scan.

00137984.FIL;C:\$VAULT$.AVG;Trojan.Sklog;;
04017468.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;;
04603578.FIL;C:\$VAULT$.AVG;Trojan.Click.4963;;
04742375.FIL;C:\$VAULT$.AVG;Trojan.Click.4963;;
04746437.FIL;C:\$VAULT$.AVG;Trojan.Click.4963;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1;Probably BACKDOOR.Trojan;;
RegUBP2b-thomas.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;;
3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;;
sd4hide.exe;C:\Documents and Settings\thomas\Desktop;Tool.DiskHide;;
SRSAI.exe;C:\Program Files\DAEMON Tools Lite;Adware.Shopper;;
mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\mirc.chm;IRC.Generic.32;;
mirc.chm;C:\Program Files\mIRC;Archive contains infected objects;;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;;
backup-20071216-155044-133.dll;C:\Program Files\Trend Micro\HijackThis\backups;Adware.MWS;;
backup-20071216-160911-497.dll;C:\Program Files\Trend Micro\HijackThis\backups;Adware.Ditto;;
A0797239.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0798232.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0802243.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0803247.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0803482.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0803706.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0803952.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0804205.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0804497.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0805497.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0805762.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0805824.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Probably BATCH.Virus;;
A0805858.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.Virtumod.240;;
A0805869.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Adware.ClickSpring;;
A0806058.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0806335.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0807334.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0808333.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0809333.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0810334.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0811347.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0812333.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0813289.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0814347.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0815333.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0815554.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0815755.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0816706.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0816979.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0817233.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0818241.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0819241.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0820194.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0821255.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0822256.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0823267.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0824431.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0826388.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0829037.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Adware.SaveNow.128;;
A0831208.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Adware.Gdown;;
A0835197.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0835485.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Probably BATCH.Virus;;
A0839782.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0840034.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0840387.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0840606.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0841591.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0842603.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0843579.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0843677.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Tool.Prockill;;
A0843934.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0844923.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0845918.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0846918.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0847919.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0848918.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0849918.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0849973.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Probably BATCH.Virus;;
A0850231.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0851230.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0852243.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
A0852306.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828;Trojan.StartPage.1505;;
Shlesb.dll;C:\WINDOWS\system32;Adware.Effbar;;
tcpip_patcher.sys;C:\WINDOWS\system32;Trojan.Spambot.2543;;
Ldresb.exe;C:\WINDOWS\system32\Ldresb;Adware.Effbar;;
Shlesb.dll;C:\WINDOWS\system32\Ldresb;Adware.Effbar;;
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Launch Comodo Firewall by double clicking it's icon on your desktop.

Once it has launched, right click the icon in the lower task bar and click 'Exit'

Click 'Yes' to the pop up window that appears.

---------------------------------

Try again to copy the Event Viewer information. If that still will not work, let's Export the entire list:

In the EventViewer, click 'Application'.
  • At the top of the dialog box, click Action>Export List
  • Name it ApplicationList and save it to your desktop
Repeat the above procedure for 'System', naming the file SystemList


Attachment those reports via the Manage Attachments button in the reply window of this thread. When you click 'Reply' in this thread, scroll down a bit and you'll see 'Manage Attachments' under the Additional Options. Simply browse to the location of those 2 EventViewer files (should be on your desktop) and click Upload
 
1 - 20 of 128 Posts
Status
Not open for further replies.
Top