Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

trouble with partypoker & antivirus2009.

  • 14-09-2008 04:18PM
    #1
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭


    Hi techs ,

    Maybe you could show me how to get a fix for some problems I have on a laptop.

    I keep getting internet explorer pages for partypoker opening..
    I get pop ups for antivirus2009 every few minutes..
    I can log on to most web sites but can not get on to facebook or myspace or google.

    I can give you a copy of a silent runner report from today if that helps..

    Thanks for whatever you can do

    john64.


Comments

  • #2
    Biggins
    Banned (with Prison Access) Posts: 34,567 ✭✭✭✭Biggins


    O' lord, its either antivirus 2009 or antivirus 2008 thats always causing hellish problems for loads of folk.
    Let me guess you might have got a message saying that you were infected by viruses and that if you download this tool, it would get rid of them all for you...

    ...any way get Ad-Aware (free on the net) and/or PcTools Spyware Doctor (incl anti-virus) time limited Demo or the full version). They will get rid of the problem for you.
    *** RUN BOTH TO BE SURE ***
    Ad-aware might solve the problem - Pc Tools Spyware Doctor definitely will.
    I have used the latter many, many times to clean others machines of this bugger that people keep getting.
    I have it on three of my machines and use nothing else but it and their free firewall tool. I swear by it (have 20+ years of experience in repairing systems)

    Run them in SAFE MODE - do you know how to do that?
    When pc starts up keep pressing F8 on your keyboard till you get a white text menu on your screen,
    amid the selection of options, select "Safe Mode" and run the above tools.

    Good luck.

    P.S. Then SERIOUSLY consider changing your already installed virus application on your pc (if you have one).
    Its obviously not up to the job letting those buggers through. I'd go with the second one above mentioned.


  • #3
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi thanks

    I had got 'norton' but it was out of date from february..
    I tried 'free pctools' but problems keep occurring..
    I'm using a trial verion of 'norton 360' now.
    It thinks everything is ok , but I still have the problems listed.

    john64.


  • #4
    Biggins
    Banned (with Prison Access) Posts: 34,567 ✭✭✭✭Biggins


    Did you run it in safe mode?

    Go here: http://www.2-spyware.com/remove-antivirus-2009.html


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    That link is junk and wont remove AntiVirus2009

    Don't waste your time with SpywareDoctor

    The sticky thread is there for a reason


  • #6
    Biggins
    Banned (with Prison Access) Posts: 34,567 ✭✭✭✭Biggins


    ActorSeeksJob wrote: »
    That link is junk and wont remove AntiVirus2009

    Don't waste your time with SpywareDoctor

    I provided the link to the person could see the install file sources of his problem, i.e. the locations on his hard drive.

    ..and as for Spyware doctor - go read the reviews before you knock it completly.
    I've only been in the business for 20+ years, thats all.
    I (and others) have found it MUCH better than Nortons, AVG, and others.
    Reviews:
    http://www.pocket-lint.co.uk/reviews/review.phtml/2287/3311/pc-tools-spyware-doctor-pc.phtml
    Quote: "This is one of the best anti-spyware tools around and one you should seriously consider adding to your defence kit. "

    http://www.itreviews.co.uk/software/s488.htm

    http://www.pcworld.com/article/126885/pc_tools_spyware_doctor_38.html

    There are similar named products that claim to do the same job.
    Get the right one as above and your sorted.
    (and no, I'm not a rep' for them)

    http://www.bitdefender.com/ Also gives a free demo use of their removal tool. Try that too.


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You have totally convinced me, I clearly don't know anything about malware removal. Thank you


  • #8
    Biggins
    Banned (with Prison Access) Posts: 34,567 ✭✭✭✭Biggins


    ActorSeeksJob wrote: »
    You have totally convinced me, I clearly don't know anything about malware removal. Thank you

    At the end of the day, as long as this malware bugger is gotten rid of, any useful help or tool (or its location) is better than none.

    I wish someone out there would point out the direct responsible buggers that are making the above virus/spyware/malware.
    I honestly do jail to get rid of them. I've come across their infecting junk so many times, its sicking and maddening.


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I hope you wont take offense, I know you are trying to help, but your advice over the past weekend has been pretty bad

    Telling users to run programs like SpywareDoctor which is notoriously bad and which isn't free, isn't going to help anybody. Bitdefender isn't that good as well.

    Posting links to crap sites like http://www.2-spyware.com doesn't help either.


    We have a pretty effective system here, as long as users follow it, all and any malware will be removed. I have been doing this here for nearly two years with no unhappy user. The sticky thread is there for a reason, that is designed to get users clean, you would be far better off directing them to that in the future.


    If they were to follow the advice you posted, which is extremely vague and relatively useless, they can potentially wreck their PC and wont remove the malware, that is a fact. For example this post is not helpful at all, it is unsafe and the majority of users will go around deleting legitimate files and registry keys
    The virus has placed an exe file probably in the c:\windows\system32 directory. Thats where the bugger is starting up from.
    Do a Regedit search for "Casino" and remove any references to it, folder and all. Note any mention in text of any "virusname?.exe" and any mentioned location. Sometimes in the regedit entry you will see mentioned location of the actual real file you need to delete, again, probably in the c:\windows\system32 or indeed in the c:\windows directory.


    I know this will probably hurt your ego since you are a "veteran with 20 years of experience", but it is the truth. The fact that you don't tell a user to backup their registry, let alone how to backitup(the average user wont know how) just helps illustrate my point. If you disagree with my point feel free to PM the mod aidan_walsh with your thoughts about virus removal and I am sure he will change the Sticky Thread.


    Feel free to PM me if you want to discuss this more, no point hijacking a users topic


    To the original poster, read this thread and do its steps

    http://boards.ie/vbulletin/showthread.php?t=2055274237

    If that doesn't fix your problem straight away, post the runscanner log and I will do it in less than a day with clear and precise instructions


  • #10
    Biggins
    Banned (with Prison Access) Posts: 34,567 ✭✭✭✭Biggins


    ActorSeeksJob wrote: »
    I hope you wont take offence ... etc

    None taken - you do talk honest good sense. Admittedly over the weekend I did forget to mention in one thread that someone should back up their registry. Guilty as charged.

    That said, anyone with a bad case of infection should get someone in with more experience hands-on-wise.
    Use the "If in doubt - leave it out" rule.
    Those less experienced - if they can - should switch off their machine, try and wait till someone with good experience/knowledge can get their hands on their system and let them take it from there. (I know that's not an option in every case.)

    Frustration and raising tempers is the worst thing a person can suffer from when trying to repair a machine. I have seen the round marks of hammers on machines as testament - honestly.

    All the best John64 and hope you get it sorted some way.


  • #11
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Thanks guys for all your replies..

    I'm a newby here on boards.ie so am still finding my way around..

    Now I know what sticky threads are..:)

    I'll follow up on the advice & see how it goes.

    Have a good week ,
    john64.


  • Advertisement
  • #12
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    HiGuys

    Thank you for boards.ie & stickies..

    I followed the sticky & it fixed the problems I initially listed.
    It also fixed problems accessing microsoft updates.
    Thanks for the excellent advice.

    Just some small niggles remain.

    On startup ,
    I get some rundll32.exe 'bad image' messages.
    c:\windows\system32\dwdumpda.dll is not a valid windows image.
    c:\windows\system32\odwshtwy.dll is not a valid windows image.

    rundll error loading both above files.
    %1 is not avalid win32 application.

    I also get a superantispyware bad image message.
    c:\windows\system32\awtsrsPj.dll is not a valid windows image.

    I uninstalled, downloaded & re-installed superantispyware
    but I still get the message.

    Thats where I am at.
    Everything seems to be working ok from what I can tell.

    thanks a lot
    john64.


  • #13
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Those are some left overs from the malware

    CLICK HERE to download the HijackThis Installer:
    1. Save HJTInstall.exe to your desktop.
    2. Double-click on HJTInstall.exe to run the program.
    3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    4. Accept the license agreement by clicking the "I Accept" button.
    5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    6. Click "Save log" to save the log file and then the log will open in Notepad.
    7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
    8. Come back here to this thread and paste the log in your next reply.
    9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


  • #14
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ,

    thanks for speedy response.
    here's the result..


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:09:07, on 16/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: (no name) - {0107BECD-5B93-459B-8439-1D78EB27A9C2} - C:\WINDOWS\system32\awtsrsPj.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {71E03842-2E82-4BD6-B610-9BB65EDAA49F} - C:\WINDOWS\system32\jkkLBSLb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [dc6f6f3b] rundll32.exe "C:\WINDOWS\system32\dwdumpda.dll",b
    O4 - HKLM\..\Run: [BMdf5c5ca7] Rundll32.exe "C:\WINDOWS\system32\odwshtwy.dll",s
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O15 - Trusted Zone: http://www.superantispyware.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: awtsrsPj - C:\WINDOWS\SYSTEM32\awtsrsPj.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 11423 bytes

    ..
    good luck..


  • #15
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Good bit of malware there

    Please visit this web page for instructions for downloading and running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


  • #16
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ

    here's the log from ComboFix..

    ComboFix 08-09-16.05 - Mandy 2008-09-17 22:44:14.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.218 [GMT 1:00]
    Running from: C:\Documents and Settings\Mandy\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mandy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Mandy\Cookies\mandy@ad.yieldmanager[1].txt
    C:\WINDOWS\BMdf5c5ca7.txt
    C:\WINDOWS\system32\adpmudwd.ini
    C:\WINDOWS\system32\bLSBLkkj.ini
    C:\WINDOWS\system32\bLSBLkkj.ini2
    C:\WINDOWS\system32\ceqercgd.dll
    C:\WINDOWS\system32\csqmelnh.ini
    C:\WINDOWS\system32\dfqqihkm.ini
    C:\WINDOWS\system32\dhfeqgdi.ini
    C:\WINDOWS\system32\dhfeqgdi.tmp
    C:\WINDOWS\system32\dhfeqgdi.tmp2
    C:\WINDOWS\system32\dlrikwjj.ini
    C:\WINDOWS\system32\dwdumpda.dll
    C:\WINDOWS\system32\gvipxtyp.ini
    C:\WINDOWS\system32\hvgnilbf.ini
    C:\WINDOWS\system32\hwmwbddj.ini
    C:\WINDOWS\system32\irgimlqx.ini
    C:\WINDOWS\system32\jcnebhtd.dll
    C:\WINDOWS\system32\jejwhkmk.ini
    C:\WINDOWS\system32\jkkLBSLb.dll
    C:\WINDOWS\system32\jnlarlqm.ini
    C:\WINDOWS\system32\jwxhcnoe.ini
    C:\WINDOWS\system32\krqoflyl.ini
    C:\WINDOWS\system32\kskrckvy.ini
    C:\WINDOWS\system32\kxmawagj.ini
    C:\WINDOWS\system32\lgwnhvcb.ini
    C:\WINDOWS\system32\njsdqpeh.dll
    C:\WINDOWS\system32\odwshtwy.dll
    C:\WINDOWS\system32\ohivbaoo.ini
    C:\WINDOWS\system32\oslwphsc.ini
    C:\WINDOWS\system32\owchqqqi.ini
    C:\WINDOWS\system32\OXxbayxx.ini
    C:\WINDOWS\system32\OXxbayxx.ini2
    C:\WINDOWS\system32\pkkakrkh.ini
    C:\WINDOWS\system32\ppptbgrl.ini
    C:\WINDOWS\system32\prvqgakk.ini
    C:\WINDOWS\system32\qmgaqeaj.ini
    C:\WINDOWS\system32\qrpmtgii.ini
    C:\WINDOWS\system32\sodhqavs.ini
    C:\WINDOWS\system32\stgwdltp.ini
    C:\WINDOWS\system32\swtwowvk.dll
    C:\WINDOWS\system32\sxapgiox.ini
    C:\WINDOWS\system32\tbatqxna.dll
    C:\WINDOWS\system32\tgdpaotm.dll
    C:\WINDOWS\system32\tyekpfui.ini
    C:\WINDOWS\system32\uajsmrar.ini
    C:\WINDOWS\system32\ueemppyo.dll
    C:\WINDOWS\system32\umbvbkau.dll
    C:\WINDOWS\system32\unnkfqfo.ini
    C:\WINDOWS\system32\winsrc.dll.tmp
    C:\WINDOWS\system32\wucyjarh.dll
    C:\WINDOWS\system32\xmvqawxe.ini
    C:\WINDOWS\system32\xolsoero.dll
    C:\WINDOWS\system32\YbHOoUvw.ini
    C:\WINDOWS\system32\YbHOoUvw.ini2
    .
    ((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
    .
    2008-09-16 23:08 . 2008-09-16 23:08 <DIR> d
    C:\Program Files\Trend Micro
    2008-09-16 19:47 . 2008-09-16 19:47 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-16 00:51 . 2008-09-16 00:51 <DIR> d
    C:\Program Files\Microsoft Silverlight
    2008-09-16 00:23 . 2008-09-16 00:23 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\Windows Desktop Search
    2008-09-16 00:22 . 2008-09-16 00:22 <DIR> d
    C:\WINDOWS\system32\GroupPolicy
    2008-09-16 00:22 . 2008-09-16 00:22 <DIR> d
    C:\Program Files\Windows Desktop Search
    2008-09-16 00:20 . 2008-03-07 18:02 192,000
    c--- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-09-16 00:20 . 2008-03-07 18:02 98,304
    c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-09-16 00:20 . 2008-03-07 18:02 29,696
    c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\scripting
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\en
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\bits
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\l2schemas
    2008-09-15 23:46 . 2008-09-15 23:52 <DIR> d
    C:\WINDOWS\ServicePackFiles
    2008-09-15 23:36 . 2008-09-15 23:36 <DIR> d
    C:\WINDOWS\EHome
    2008-09-15 23:24 . 2008-04-14 01:12 4,274,816
    C:\WINDOWS\system32\nv4_disp.dll
    2008-09-15 23:23 . 2008-04-14 01:11 397,312
    C:\WINDOWS\system32\mmcex.dll
    2008-09-15 23:22 . 2008-04-14 01:11 1,888,992
    C:\WINDOWS\system32\ati3duag.dll
    2008-09-15 23:21 . 2008-04-14 01:11 136,192
    C:\WINDOWS\system32\aaclient.dll
    2008-09-15 23:21 . 2008-04-14 01:11 4,255
    C:\WINDOWS\system32\drivers\adv01nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,967
    C:\WINDOWS\system32\drivers\adv02nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,775
    C:\WINDOWS\system32\drivers\adv11nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,711
    C:\WINDOWS\system32\drivers\adv09nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,647
    C:\WINDOWS\system32\drivers\adv07nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,615
    C:\WINDOWS\system32\drivers\adv05nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,135
    C:\WINDOWS\system32\drivers\adv08nt5.dll
    2008-09-15 22:26 . 2008-09-16 00:22 1,374 --a
    C:\WINDOWS\imsins.BAK
    2008-09-15 21:23 . 2008-09-17 21:16 <DIR> d
    C:\WINDOWS\system32\drivers\Avg
    2008-09-15 21:23 . 2008-09-15 21:23 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\AVGTOOLBAR
    2008-09-15 21:23 . 2008-09-15 21:23 97,928 --a
    C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-09-15 21:23 . 2008-09-15 21:23 76,040 --a
    C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-09-15 21:23 . 2008-09-15 21:23 10,520 --a
    C:\WINDOWS\system32\avgrsstx.dll
    2008-09-15 00:16 . 2008-09-15 00:16 <DIR> d
    C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
    2008-09-14 23:08 . 2008-06-19 17:24 28,544 --a
    C:\WINDOWS\system32\drivers\pavboot.sys
    2008-09-14 23:07 . 2008-09-14 23:07 <DIR> d
    C:\Program Files\Panda Security
    2008-09-14 21:39 . 2008-09-16 19:48 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2008-09-14 21:39 . 2008-09-16 19:48 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\SUPERAntiSpyware.com
    2008-09-14 21:39 . 2008-09-14 21:39 <DIR> d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-14 21:29 . 2008-09-14 21:29 61,440 --a
    C:\WINDOWS\system32\drivers\aexsj.sys
    2008-09-14 21:27 . 2008-09-14 21:27 0 --a
    C:\WINDOWS\BMdf5c5ca7.xml
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\Malwarebytes
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-14 21:17 . 2008-09-10 00:04 38,528 --a
    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-14 21:17 . 2008-09-10 00:03 17,200 --a
    C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-14 21:03 . 2008-09-14 21:04 <DIR> d
    C:\Program Files\ERUNT
    2008-09-13 17:18 . 2008-09-13 17:18 <DIR> d
    C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-13 17:10 . 2008-09-13 17:10 <DIR> d
    C:\Program Files\filehippo.com
    2008-09-12 23:25 . 2008-09-12 23:25 0 --a
    C:\WINDOWS\system32\jwxhcnoe.tmp
    2008-09-12 22:15 . 2008-09-12 22:15 <DIR> d
    C:\Documents and Settings\pretty princess\Application Data\Yahoo!
    2008-09-12 22:13 . 2008-09-12 22:13 <DIR> d
    C:\Documents and Settings\pretty princess\Application Data\Symantec
    2008-09-06 18:31 . 2008-09-06 18:31 <DIR> d
    C:\Program Files\ZoneAlarmSB
    2008-09-06 18:29 . 2008-09-06 18:29 <DIR> d
    C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-09-06 18:28 . 2004-04-27 04:40 11,264 --a
    C:\WINDOWS\system32\SpOrder.dll
    2008-09-06 18:28 . 2008-09-06 18:31 4,212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2008-09-06 18:25 . 2008-09-06 19:05 <DIR> d
    C:\WINDOWS\Internet Logs
    2008-09-06 18:17 . 2008-09-06 18:17 <DIR> d
    C:\Documents and Settings\Gillian Fairy\Application Data\Yahoo!
    2008-09-06 18:11 . 2008-09-06 18:11 <DIR> d
    C:\Documents and Settings\Gillian Fairy\Application Data\Symantec
    2008-09-06 17:30 . 2004-08-04 13:00 68,608 --a--c--- C:\WINDOWS\system32\dllcache\plugin.ocx
    2008-09-06 14:57 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-09-06 14:57 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-09-06 14:57 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-09-06 14:57 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-09-06 14:55 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
    2008-09-06 14:54 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-09-06 14:53 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
    2008-09-06 14:52 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-09-06 14:52 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-09-06 14:52 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
    2008-09-06 14:52 . 2001-08-17 14:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
    2008-09-06 14:52 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
    2008-09-06 14:52 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
    2008-09-06 14:52 . 2001-08-17 12:51 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
    2008-09-06 14:52 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
    2008-09-06 14:52 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
    2008-09-06 14:52 . 2001-08-17 22:36 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
    2008-09-06 14:52 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
    2008-09-06 14:50 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-09-06 14:49 . 2004-08-04 13:00 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
    2008-09-06 14:48 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-09-06 14:47 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-09-06 14:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-09-06 14:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-09-06 14:44 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
    2008-09-06 14:44 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
    2008-09-06 14:44 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
    2008-09-06 14:44 . 2008-04-14 01:11 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
    2008-09-06 14:44 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
    2008-09-06 14:44 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
    2008-09-06 14:44 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
    2008-09-06 14:44 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
    2008-09-06 14:44 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
    2008-09-06 14:42 . 2008-04-14 01:11 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-09-06 14:41 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-09-06 14:40 . 2004-08-03 22:29 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
    2008-09-06 14:39 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-09-06 14:38 . 2004-08-04 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-09-06 14:37 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-09-06 14:37 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
    2008-09-06 14:37 . 2001-08-17 12:12 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
    2008-09-06 14:37 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll
    2008-09-06 14:37 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
    2008-09-06 14:37 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-09-06 14:37 . 2001-08-17 13:58 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
    2008-09-06 14:37 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
    2008-09-06 14:37 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
    2008-09-06 14:35 . 2004-08-04 13:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
    2008-09-06 14:35 . 2004-08-04 13:00 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
    2008-09-06 14:35 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
    2008-09-06 14:35 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
    2008-09-06 14:35 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
    2008-09-06 14:35 . 2001-08-17 13:51 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
    2008-09-06 14:35 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-09-06 14:35 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-09-06 14:34 . 2001-08-17 22:36 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
    2008-09-06 14:34 . 2001-08-17 12:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
    2008-09-06 14:34 . 2001-08-17 13:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
    2008-09-06 14:34 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
    2008-09-06 14:34 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
    2008-09-06 14:34 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
    2008-09-06 14:34 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
    2008-09-06 14:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
    2008-09-06 14:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
    2008-09-06 14:34 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
    2008-09-06 14:32 . 2008-04-14 01:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-15 23:04
    d
    w C:\Program Files\MSN Messenger
    2008-09-15 22:02
    d
    w C:\Program Files\Microsoft Works
    2008-09-15 20:22
    d
    w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-15 19:06
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-15 19:06
    d
    w C:\Documents and Settings\All Users\Application Data\Napster
    2008-09-14 23:18
    d
    w C:\Program Files\Common Files\Symantec Shared
    2008-09-14 23:18
    d
    w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-14 23:16
    d
    w C:\Program Files\Symantec
    2008-09-14 21:58 404 ----a-w C:\Documents and Settings\Mandy\Application Data\wklnhst.dat
    2008-09-10 19:31
    d
    w C:\Documents and Settings\Mandy\Application Data\wsInspector
    2008-09-09 10:12
    d
    w C:\Program Files\Google
    2008-08-17 22:00
    d
    w C:\Program Files\Spybot - Search & Destroy
    2008-08-17 22:00
    d
    w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-16 19:22
    d
    w C:\Documents and Settings\LocalService\Application Data\SACore
    2008-08-07 10:14 111,360 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
    2008-07-31 15:43
    d
    w C:\Program Files\McAfee
    2008-07-31 14:39
    d
    w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-07-31 14:39
    d
    w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-07-26 13:56
    d
    w C:\Documents and Settings\Mandy\Application Data\LimeWire
    2008-07-17 10:50
    d
    w C:\Program Files\LimeWire
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0107BECD-5B93-459B-8439-1D78EB27A9C2}]
    2008-08-14 11:54 23040
    C:\WINDOWS\system32\awtsrsPj.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "DriveIcons"="C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 657408]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-15 1235736]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-17 C:\WINDOWS\SkyTel.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 C:\WINDOWS\AGRSMMSG.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{0107BECD-5B93-459B-8439-1D78EB27A9C2}"= "C:\WINDOWS\system32\awtsrsPj.dll" [2008-08-14 23040]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrsPj]
    2008-08-14 11:54 23040 C:\WINDOWS\system32\awtsrsPj.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.JDCT"= jl_jdct.drv
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
    S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-24 68922]
    S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2005-04-19 17536]
    S3 VNUWL5B;VIA Networking Technologies USB Wireless LAN Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\VNUWL5B.SYS [2006-08-19 134656]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8664291d-43a5-11db-bbbd-806d6172696f}]
    \Shell\AutoRun\command - D:\BSetup.EXE
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
    \Shell\AutoRun\command - E:\Launch.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0a0f26-4a01-11db-8ddb-0015af0a6ecf}]
    \Shell\AutoRun\command - winshell110.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d841b1-43b8-11db-8ada-806d6172696f}]
    \Shell\AutoRun\command - D:\BSetup.EXE
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{71E03842-2E82-4BD6-B610-9BB65EDAA49F} - C:\WINDOWS\system32\jkkLBSLb.dll
    HKLM-Run-dc6f6f3b - C:\WINDOWS\system32\dwdumpda.dll
    HKLM-Run-BMdf5c5ca7 - C:\WINDOWS\system32\odwshtwy.dll

    .
    Supplementary Scan
    .
    FireFox -: Profile - C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\witphrx6.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-17 22:50:30
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Other Running Processes
    .
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-17 22:57:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-17 21:57:01
    Pre-Run: 15,622,295,552 bytes free
    Post-Run: 15,600,107,520 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    349 --- E O F --- 2008-09-15 22:20:40

    enjoy!!!!!!!
    john64.


  • #17
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ

    here's the latest hijackthis log for you , thanks..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:11:46, on 17/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: (no name) - {0107BECD-5B93-459B-8439-1D78EB27A9C2} - C:\WINDOWS\system32\awtsrsPj.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O15 - Trusted Zone: http://www.superantispyware.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: awtsrsPj - C:\WINDOWS\SYSTEM32\awtsrsPj.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 10472 bytes

    best of luck..
    john64.


  • #18
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ

    Current status on startup..

    the good news..
    no more rundll 'bad image' messages appear.
    no more rundll 'error loading' messages appear.

    the less good news..
    I still get the same superantispyware bad image message.
    c:\windows\system32\awtsrsPj.dll is not a valid windows message.

    thanks for your good work.
    john64.


  • #19
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Lets see if I can work my magic

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\drivers\aexsj.sys
    C:\WINDOWS\BMdf5c5ca7.xml
    C:\WINDOWS\system32\jwxhcnoe.tmp
    C:\WINDOWS\system32\awtsrsPj.dll

    Folder::

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8664291d-43a5-11db-bbbd-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0a0f26-4a01-11db-8ddb-0015af0a6ecf}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d841b1-43b8-11db-8ada-806d6172696f}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrsPj]

    Sysrst::

    Driver::

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




    Also post a new HJT log


  • #20
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi


    combofix log......





    ComboFix 08-09-16.05 - Mandy 2008-09-20 22:51:10.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.184 [GMT 1:00]
    Running from: C:\Documents and Settings\Mandy\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mandy\Desktop\CFScript.txt
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Mandy\Cookies\mandy@ad.yieldmanager[1].txt
    C:\WINDOWS\BMdf5c5ca7.xml
    C:\WINDOWS\system32\awtsrsPj.dll
    C:\WINDOWS\system32\drivers\aexsj.sys
    C:\WINDOWS\system32\jwxhcnoe.tmp
    .
    ((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
    .
    2008-09-20 22:31 . 2008-09-20 22:31 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\Windows Search
    2008-09-16 23:08 . 2008-09-16 23:08 <DIR> d
    C:\Program Files\Trend Micro
    2008-09-16 19:47 . 2008-09-16 19:47 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-16 00:51 . 2008-09-16 00:51 <DIR> d
    C:\Program Files\Microsoft Silverlight
    2008-09-16 00:23 . 2008-09-16 00:23 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\Windows Desktop Search
    2008-09-16 00:22 . 2008-09-16 00:22 <DIR> d
    C:\WINDOWS\system32\GroupPolicy
    2008-09-16 00:22 . 2008-09-16 00:22 <DIR> d
    C:\Program Files\Windows Desktop Search
    2008-09-16 00:20 . 2008-03-07 18:02 192,000
    c--- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-09-16 00:20 . 2008-03-07 18:02 98,304
    c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-09-16 00:20 . 2008-03-07 18:02 29,696
    c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\scripting
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\en
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\system32\bits
    2008-09-15 23:51 . 2008-09-15 23:51 <DIR> d
    C:\WINDOWS\l2schemas
    2008-09-15 23:46 . 2008-09-15 23:52 <DIR> d
    C:\WINDOWS\ServicePackFiles
    2008-09-15 23:36 . 2008-09-15 23:36 <DIR> d
    C:\WINDOWS\EHome
    2008-09-15 23:24 . 2008-04-14 01:12 4,274,816
    C:\WINDOWS\system32\nv4_disp.dll
    2008-09-15 23:23 . 2008-04-14 01:11 397,312
    C:\WINDOWS\system32\mmcex.dll
    2008-09-15 23:22 . 2008-04-14 01:11 1,888,992
    C:\WINDOWS\system32\ati3duag.dll
    2008-09-15 23:21 . 2008-04-14 01:11 136,192
    C:\WINDOWS\system32\aaclient.dll
    2008-09-15 23:21 . 2008-04-14 01:11 4,255
    C:\WINDOWS\system32\drivers\adv01nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,967
    C:\WINDOWS\system32\drivers\adv02nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,775
    C:\WINDOWS\system32\drivers\adv11nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,711
    C:\WINDOWS\system32\drivers\adv09nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,647
    C:\WINDOWS\system32\drivers\adv07nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,615
    C:\WINDOWS\system32\drivers\adv05nt5.dll
    2008-09-15 23:21 . 2008-04-14 01:11 3,135
    C:\WINDOWS\system32\drivers\adv08nt5.dll
    2008-09-15 22:26 . 2008-09-16 00:22 1,374 --a
    C:\WINDOWS\imsins.BAK
    2008-09-15 21:23 . 2008-09-20 21:31 <DIR> d
    C:\WINDOWS\system32\drivers\Avg
    2008-09-15 21:23 . 2008-09-15 21:23 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\AVGTOOLBAR
    2008-09-15 21:23 . 2008-09-15 21:23 97,928 --a
    C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-09-15 21:23 . 2008-09-15 21:23 76,040 --a
    C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-09-15 21:23 . 2008-09-15 21:23 10,520 --a
    C:\WINDOWS\system32\avgrsstx.dll
    2008-09-15 00:16 . 2008-09-15 00:16 <DIR> d
    C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
    2008-09-14 23:08 . 2008-06-19 17:24 28,544 --a
    C:\WINDOWS\system32\drivers\pavboot.sys
    2008-09-14 23:07 . 2008-09-14 23:07 <DIR> d
    C:\Program Files\Panda Security
    2008-09-14 21:39 . 2008-09-16 19:48 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2008-09-14 21:39 . 2008-09-16 19:48 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\SUPERAntiSpyware.com
    2008-09-14 21:39 . 2008-09-14 21:39 <DIR> d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Documents and Settings\Mandy\Application Data\Malwarebytes
    2008-09-14 21:17 . 2008-09-14 21:17 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-14 21:17 . 2008-09-10 00:04 38,528 --a
    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-14 21:17 . 2008-09-10 00:03 17,200 --a
    C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-14 21:03 . 2008-09-14 21:04 <DIR> d
    C:\Program Files\ERUNT
    2008-09-13 17:18 . 2008-09-13 17:18 <DIR> d
    C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-13 17:10 . 2008-09-13 17:10 <DIR> d
    C:\Program Files\filehippo.com
    2008-09-12 22:15 . 2008-09-12 22:15 <DIR> d
    C:\Documents and Settings\pretty princess\Application Data\Yahoo!
    2008-09-12 22:13 . 2008-09-12 22:13 <DIR> d
    C:\Documents and Settings\pretty princess\Application Data\Symantec
    2008-09-06 18:31 . 2008-09-06 18:31 <DIR> d
    C:\Program Files\ZoneAlarmSB
    2008-09-06 18:29 . 2008-09-06 18:29 <DIR> d
    C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-09-06 18:28 . 2004-04-27 04:40 11,264 --a
    C:\WINDOWS\system32\SpOrder.dll
    2008-09-06 18:28 . 2008-09-06 18:31 4,212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2008-09-06 18:25 . 2008-09-06 19:05 <DIR> d
    C:\WINDOWS\Internet Logs
    2008-09-06 18:17 . 2008-09-06 18:17 <DIR> d
    C:\Documents and Settings\Gillian Fairy\Application Data\Yahoo!
    2008-09-06 18:11 . 2008-09-06 18:11 <DIR> d
    C:\Documents and Settings\Gillian Fairy\Application Data\Symantec
    2008-09-06 17:30 . 2004-08-04 13:00 68,608 --a--c--- C:\WINDOWS\system32\dllcache\plugin.ocx
    2008-09-06 14:57 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-09-06 14:57 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-09-06 14:57 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-09-06 14:57 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-09-06 14:55 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
    2008-09-06 14:54 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-09-06 14:53 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
    2008-09-06 14:52 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-09-06 14:52 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-09-06 14:52 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
    2008-09-06 14:52 . 2001-08-17 14:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
    2008-09-06 14:52 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
    2008-09-06 14:52 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
    2008-09-06 14:52 . 2001-08-17 12:51 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
    2008-09-06 14:52 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
    2008-09-06 14:52 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
    2008-09-06 14:52 . 2001-08-17 22:36 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
    2008-09-06 14:52 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
    2008-09-06 14:50 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-09-06 14:49 . 2004-08-04 13:00 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
    2008-09-06 14:48 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-09-06 14:47 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-09-06 14:46 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-09-06 14:45 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-09-06 14:44 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
    2008-09-06 14:44 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
    2008-09-06 14:44 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
    2008-09-06 14:44 . 2008-04-14 01:11 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
    2008-09-06 14:44 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
    2008-09-06 14:44 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
    2008-09-06 14:44 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
    2008-09-06 14:44 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
    2008-09-06 14:44 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
    2008-09-06 14:42 . 2008-04-14 01:11 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-09-06 14:41 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-09-06 14:40 . 2004-08-03 22:29 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
    2008-09-06 14:39 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-09-06 14:38 . 2004-08-04 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-09-06 14:37 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-09-06 14:37 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
    2008-09-06 14:37 . 2001-08-17 12:12 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
    2008-09-06 14:37 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll
    2008-09-06 14:37 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
    2008-09-06 14:37 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-09-06 14:37 . 2001-08-17 13:58 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
    2008-09-06 14:37 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
    2008-09-06 14:37 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
    2008-09-06 14:35 . 2004-08-04 13:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
    2008-09-06 14:35 . 2004-08-04 13:00 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
    2008-09-06 14:35 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
    2008-09-06 14:35 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
    2008-09-06 14:35 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
    2008-09-06 14:35 . 2001-08-17 13:51 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
    2008-09-06 14:35 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-09-06 14:35 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-09-06 14:34 . 2001-08-17 22:36 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
    2008-09-06 14:34 . 2001-08-17 12:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
    2008-09-06 14:34 . 2001-08-17 13:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
    2008-09-06 14:34 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
    2008-09-06 14:34 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
    2008-09-06 14:34 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
    2008-09-06 14:34 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
    2008-09-06 14:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
    2008-09-06 14:34 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
    2008-09-06 14:34 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
    2008-09-06 14:32 . 2008-04-14 01:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-09-06 14:31 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
    2008-09-06 14:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-20 21:46
    d
    w C:\Documents and Settings\Mandy\Application Data\wsInspector
    2008-09-15 23:04
    d
    w C:\Program Files\MSN Messenger
    2008-09-15 22:02
    d
    w C:\Program Files\Microsoft Works
    2008-09-15 20:22
    d
    w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-15 19:06
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-15 19:06
    d
    w C:\Documents and Settings\All Users\Application Data\Napster
    2008-09-14 23:18
    d
    w C:\Program Files\Common Files\Symantec Shared
    2008-09-14 23:18
    d
    w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-14 23:16
    d
    w C:\Program Files\Symantec
    2008-09-14 21:58 404 ----a-w C:\Documents and Settings\Mandy\Application Data\wklnhst.dat
    2008-09-09 10:12
    d
    w C:\Program Files\Google
    2008-08-28 09:03
    d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-18 21:15
    d
    w C:\Documents and Settings\All Users\Application Data\Norton
    2008-08-18 21:08
    d
    w C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-08-18 11:45
    d
    w C:\Program Files\Common Files\Download Manager
    2008-08-17 22:00
    d
    w C:\Program Files\Spybot - Search & Destroy
    2008-08-17 22:00
    d
    w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-16 19:22
    d
    w C:\Documents and Settings\LocalService\Application Data\SACore
    2008-08-07 10:14 111,360 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
    2008-08-07 02:38 9,728 ----a-w C:\WINDOWS\system32\RtNicProp32.dll
    2008-07-31 15:43
    d
    w C:\Program Files\McAfee
    2008-07-31 14:39
    d
    w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-07-31 14:39
    d
    w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-07-26 13:56
    d
    w C:\Documents and Settings\Mandy\Application Data\LimeWire
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 17:12 295,936
    w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    .
    ((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\_003770_.tmp.dll
    2006-12-26 14:07 536576 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0105571.dll
    C:\_003786_.tmp.dll
    2004-08-04 13:00 59904 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0105587.dll
    C:\_003803_.tmp.dll
    2004-08-04 13:00 17408 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0105604.dll
    C:\_004043_.tmp.dll
    2004-08-04 13:00 9344 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0105843.dll
    C:\_004058_.tmp.dll
    2003-03-25 01:52 618605 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0105858.dll
    C:\_004219_.tmp.dll
    2004-08-04 13:00 33280 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0106019.dll
    C:\_004231_.tmp.dll
    2004-08-04 13:00 147456 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP359\A0106031.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\admparse.dll
    2007-08-13 18:39 71680 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091644.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\advpack.dll
    2007-08-13 18:39 123904 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091643.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\browseui.dll
    2006-09-23 13:12 1022976 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091642.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\corpol.dll
    2007-08-13 18:42 17408 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091641.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\custsat.dll
    2007-08-13 18:54 33792 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091640.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\dxtmsft.dll
    2007-08-13 18:35 346624 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091639.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\dxtrans.dll
    2007-08-13 18:35 214528 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091638.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\extmgr.dll
    2007-08-13 18:54 131584 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091637.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\hmmapi.dll
    2007-08-13 18:18 60416 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091636.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\icardie.dll
    2007-08-13 18:36 61952 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091635.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ie4uinit.exe
    2007-08-13 18:39 54784 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091597.exe
    C:\66f5e0fd9644f7883ce02be4fafd97\ieakeng.dll
    2007-08-13 18:39 152064 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091634.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ieaksie.dll
    2007-08-13 18:39 229376 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091633.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ieakui.dll
    2007-08-13 17:56 161792 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091632.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ieapfltr.dll
    2007-07-11 12:27 383488 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091631.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iedkcs32.dll
    2007-08-13 18:39 382976 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091630.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iedw.exe
    2007-08-13 18:44 69120 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091596.exe
    C:\66f5e0fd9644f7883ce02be4fafd97\ieencode.dll
    2007-08-13 18:45 78336 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091629.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ieframe.dll
    2007-08-13 18:54 6049280 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091628.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iepeers.dll
    2007-08-13 18:54 191488 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091627.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\ieproxy.dll
    2007-08-13 18:54 287744 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091626.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iernonce.dll
    2007-08-13 18:39 43008 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091625.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iertutil.dll
    2007-08-13 18:34 266752 {3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP347\A0091624.dll
    C:\66f5e0fd9644f7883ce02be4fafd97\iesetup.dll
    C:\ComboFix\C
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "DriveIcons"="C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 657408]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-15 1235736]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-17 C:\WINDOWS\SkyTel.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 C:\WINDOWS\AGRSMMSG.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.JDCT"= jl_jdct.drv
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
    S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-24 68922]
    S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2005-04-19 17536]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
    S3 VNUWL5B;VIA Networking Technologies USB Wireless LAN Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\VNUWL5B.SYS [2006-08-19 134656]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{0107BECD-5B93-459B-8439-1D78EB27A9C2} - C:\WINDOWS\system32\awtsrsPj.dll
    ShellExecuteHooks-{0107BECD-5B93-459B-8439-1D78EB27A9C2} - C:\WINDOWS\system32\awtsrsPj.dll

    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-20 22:55:31
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-09-20 22:59:21
    ComboFix-quarantined-files.txt 2008-09-20 21:59:18
    ComboFix2.txt 2008-09-17 21:57:16
    Pre-Run: 16,118,226,944 bytes free
    Post-Run: 16,103,571,456 bytes free
    342 --- E O F --- 2008-09-15 22:20:40



    thanks...


  • #21
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi

    HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:19:45, on 20/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\DriveIcon\DriveIcon.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
    O15 - Trusted Zone: http://www.superantispyware.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 10390 bytes


    thanks


  • Advertisement
  • #22
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ


    Startup is ok now.

    Brilliant & thanks very much.

    I do not get any error messages for 'awtsrsPj.dll'.

    PC seems to be good.

    PS:
    When comboscript was finished & it gave me the logfile ok.
    I saved it in 'my documents' & closed notepad.

    I was left with a blank blue screen, no icons or desktop.
    I waited 5 minutes,then ctrl/alt/del to get tack manager & shutdown.


  • #23
    john64
    Registered Users, Registered Users 2 Posts: 80 ✭✭john64


    Hi ASJ

    All looks to be ok now.


    thanks very much.
    You've been great.

    I can give the pc back to my wife now.
    That will make a lady happy.

    thanks a lot.

    bye.


Advertisement