Options
Help Please! Getting Pop ups...
Hello everybody!
I need help please I am getting some pop ups in my computer and I can't remove whatever spyware or virus is in my machine here is my hijack this log: Thanks for your help!
Logfile of HijackThis v1.99.1
Scan saved at 11:50:01 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Players\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\aawservice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Tools\Mozilla Firefox\firefox.exe
E:\Leo\Programas\Anti Virus\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://expresswayauthority.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {253F90D9-1731-49CC-99D9-CBB27AB28D63} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Downloader\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: 0 - {C93F9B97-C288-4535-DCB7-355900E356B4} - C:\Program Files\WindowsUpdate\quharego.dll (file missing)
O2 - BHO: (no name) - {e54c2402-1180-442e-9e90-b05e97ee3750} - C:\WINDOWS\system32\ocdqedf.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\Media Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\DOCUME~1\officeXp\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A27D80-B2B3-4AF6-A2C6-2557ADCEC507}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Antivirus and Spywares\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
I need help please I am getting some pop ups in my computer and I can't remove whatever spyware or virus is in my machine here is my hijack this log: Thanks for your help!
Logfile of HijackThis v1.99.1
Scan saved at 11:50:01 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Players\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\aawservice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Tools\Mozilla Firefox\firefox.exe
E:\Leo\Programas\Anti Virus\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://expresswayauthority.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {253F90D9-1731-49CC-99D9-CBB27AB28D63} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Downloader\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: 0 - {C93F9B97-C288-4535-DCB7-355900E356B4} - C:\Program Files\WindowsUpdate\quharego.dll (file missing)
O2 - BHO: (no name) - {e54c2402-1180-442e-9e90-b05e97ee3750} - C:\WINDOWS\system32\ocdqedf.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\Media Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\DOCUME~1\officeXp\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A27D80-B2B3-4AF6-A2C6-2557ADCEC507}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Antivirus and Spywares\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Comments
You aren't running Firewall Software. Please download and install one of them first!
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
Comodo
Kerio
ZoneAlarm
As you did this, we can begin with the fix.
1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please post a new HijackThislog, and Combofix.txt
Here is the Combo Fix Scan
"Leo" - 2007-07-25 12:45:37 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\bold.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Leo\MYDOCU~1.\smante~1
C:\DOCUME~1\Leo\MYDOCU~1.\ystem~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b136.exe
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\ocdqedf.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X5
C:\WINDOWS\system32\X9
C:\WINDOWS\wr.txt
C:\WINDOWS\xhelper.dll
C:\WINDOWS\xmlhelper.dll
C:\WINDOWS\xmlhelper2.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
\LEGACY_CMDSERVICE
\LEGACY_CORE
\LEGACY_DOMAINSERVICE
\LEGACY_FOPN
\LEGACY_NETWORK_MONITOR
\DomainService
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-25 12:52 <DIR> d
C:\DOCUME~1\Leo\APPLIC~1\Comodo
2007-07-25 12:52 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-25 12:45 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-23 14:54 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-21 19:59 <DIR> d
C:\Program Files\iPod
2007-07-21 19:58 <DIR> d
C:\Program Files\Common Files\Apple
2007-07-21 01:15 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 12:46 <DIR> d
C:\WINDOWS\system32\LogFiles
2007-07-19 11:58 23,600 --a
C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-19 11:45 <DIR> d
C:\Program Files\Lavalys
2007-07-17 02:15 <DIR> d
C:\Winamp Converted Files
2007-07-17 02:13 129,784
C:\WINDOWS\system32\pxafs.dll
2007-07-17 02:13 <DIR> d
C:\Program Files\Winamp
2007-07-17 02:03 57,064 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP.dat
2007-07-17 01:57 2,954 --a
C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-07-17 01:52 35,139 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-07-17 01:52 167,424 --a
C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-17 01:52 13,773 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP CD Writer.dat
2007-07-11 11:14 162 --a
C:\rapidhacker.dll
2007-07-10 12:02 1,374 --a
C:\WINDOWS\system32\drivers\pxfsf.dat
2007-07-10 02:11 77,312 --a
C:\WINDOWS\ua2.dll
2007-07-10 02:08 <DIR> d
C:\WINDOWS\system32\Panda Software
2007-07-10 01:14 1,060,864 --a
C:\WINDOWS\system32\MFC71.dll
2007-07-09 15:41 95,872 --a
C:\WINDOWS\system32\AvastSS.scr
2007-07-09 15:41 94,552 --a
C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-09 15:41 85,952 --a
C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-09 15:41 745,600 --a
C:\WINDOWS\system32\aswBoot.exe
2007-07-09 15:41 43,176 --a
C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-09 15:41 26,888 --a
C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-09 15:41 23,416 --a
C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-09 15:39 <DIR> d
C:\VundoFix Backups
2007-07-09 13:26 4,628 --a
C:\WINDOWS\system32\vpahyatv.exe
2007-07-09 13:17 66,068 --a
C:\WINDOWS\system32\mxtuvhlf.exe
2007-07-08 13:42 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-07-08 13:41 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-08 13:35 1,462,272 --a
C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-08 13:35 <DIR> d
C:\WINDOWS\CSC
2007-07-08 13:23 4,628 --a
C:\WINDOWS\system32\gjmmtcdc.exe
2007-07-08 13:11 499,712 --a
C:\WINDOWS\system32\msvcp71.dll
2007-07-08 13:11 348,160 --a
C:\WINDOWS\system32\msvcr71.dll
2007-07-08 13:10 <DIR> d--hs---- C:\WINDOWS\TGVv
2007-07-06 13:14 81,768 --a
C:\WINDOWS\system32\xinput1_3.dll
2007-07-06 13:14 62,744 --a
C:\WINDOWS\system32\xinput1_2.dll
2007-07-06 13:14 443,752 --a
C:\WINDOWS\system32\d3dx10_34.dll
2007-07-06 13:14 443,752 --a
C:\WINDOWS\system32\d3dx10_33.dll
2007-07-06 13:14 3,497,832 --a
C:\WINDOWS\system32\d3dx9_34.dll
2007-07-06 13:14 3,495,784 --a
C:\WINDOWS\system32\d3dx9_33.dll
2007-07-06 13:14 266,088 --a
C:\WINDOWS\system32\xactengine2_8.dll
2007-07-06 13:14 261,480 --a
C:\WINDOWS\system32\xactengine2_7.dll
2007-07-06 13:14 255,848 --a
C:\WINDOWS\system32\xactengine2_6.dll
2007-07-06 13:14 251,672 --a
C:\WINDOWS\system32\xactengine2_5.dll
2007-07-06 13:14 237,848 --a
C:\WINDOWS\system32\xactengine2_4.dll
2007-07-06 13:14 236,824 --a
C:\WINDOWS\system32\xactengine2_3.dll
2007-07-06 13:14 2,414,360 --a
C:\WINDOWS\system32\d3dx9_31.dll
2007-07-06 13:14 2,297,552 --a
C:\WINDOWS\system32\d3dx9_26.dll
2007-07-06 13:14 18,280 --a
C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-06 13:14 15,128 --a
C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-06 13:14 1,124,720 --a
C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-06 13:14 1,123,696 --a
C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-30 18:27 <DIR> d
C:\Program Files\Netflix
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-25 16:44:44
d
w C:\Program Files\Antivirus and Spywares
2007-07-23 18:53:41
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-23 16:35:26
d
w C:\DOCUME~1\Leo\APPLIC~1\OpenOffice.org2
2007-07-21 23:59:50
d
w C:\Program Files\Media Players
2007-07-21 05:15:46
d
w C:\Program Files\Apple Software Update
2007-07-19 15:58:53 3,345 ----a-w C:\WINDOWS\mozver.dat
2007-07-17 05:53:43
d
w C:\Program Files\Multimedia Editing Tools
2007-07-17 05:52:19
d
w C:\Program Files\Burning Software
2007-07-16 16:06:26 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-07-10 21:18:35
d
w C:\Program Files\GbPlugin
2007-07-09 06:46:31
d--h--w C:\Program Files\WindowsUpdate
2007-06-23 04:14:45
d
w C:\DOCUME~1\Leo\APPLIC~1\U3
2007-06-19 20:40:32
d
w C:\DOCUME~1\Leo\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-06-19 04:26:33
d
w C:\DOCUME~1\Leo\APPLIC~1\Canon
2007-06-18 17:38:39
d
w C:\DOCUME~1\Leo\APPLIC~1\ATI
2007-06-18 16:38:03
d
w C:\Program Files\ATI Technologies
2007-06-18 16:37:10
d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:56:09
d
w C:\Program Files\Electronic Arts
2007-06-17 23:51:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 23:51:25
d--h--r C:\DOCUME~1\Leo\APPLIC~1\SecuROM
2007-06-14 21:13:26
d
w C:\DOCUME~1\Leo\APPLIC~1\Google
2007-06-14 21:13:03
d
w C:\Program Files\Google
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 23:14:00 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-06-02 23:14:00 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\sysprs7.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\clauth2.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\clauth1.dll
2007-06-02 17:12:37
d
w C:\Program Files\MSN Messenger
2007-06-02 16:59:45
d
w C:\Program Files\Messenger
2007-06-02 16:59:37
d
w C:\Program Files\Movie Maker
2007-06-02 16:58:26
d
w C:\Program Files\Windows NT
2007-05-25 17:10:44
d
w C:\Program Files\Common Files\InstallShield
2007-05-25 16:23:11
d
w C:\Program Files\MagicDisc
2007-04-03 11:14:07 19,136 ----a-w C:\DOCUME~1\Leo\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TGVv\n3pS.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253F90D9-1731-49CC-99D9-CBB27AB28D63}]
C:\WINDOWS\system32\pmkhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINDOWS\xhelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C93F9B97-C288-4535-DCB7-355900E356B4}]
C:\Program Files\WindowsUpdate\quharego.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-03-29 00:58]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-08 22:05]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-09 01:23]
"avast!"="C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe" [2007-04-30 11:42]
"QuickTime Task"="C:\program files\Media Players\Quicktime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\Media Players\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Picasa Media Detector"="C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"COMODO Firewall Pro"="C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe" [2007-07-25 12:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
C:\Documents and Settings\Leo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Leo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\Burning Software\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eqmmw]
"C:\Documents and Settings\Leo\My Documents\?ystem\m?dtc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\ycbxjasw.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Printer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Printer\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oars]
"C:\PROGRA~1\COMMON~1\STEM32~1\attrib.exe" -vt yazb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\Burning Software\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\program files\Media Players\Quicktime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
"C:\WINDOWS\svhost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
"C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.7.8\webbuying.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
"C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
C:\Program Files\Antivirus and Spywares\Windows Registry Repair Pro\RegistryRepairPro.exe 4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"wscsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"GbpSv"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 Si3114r5;SiI-3114 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R1 CmdMon;Comodo Application Engine;C:\WINDOWS\system32\DRIVERS\cmdmon.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\System32\drivers\btserial.sys
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe
R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys
R3 ATIAVPCI;ATI Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavrr.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 mcdbus;Driver for MagicISO SCSI Host Controller;C:\WINDOWS\system32\DRIVERS\mcdbus.sys
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 btwhid;btwhid;C:\WINDOWS\system32\DRIVERS\btwhid.sys
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 P2k;Motorola USB Device;C:\WINDOWS\system32\DRIVERS\P2k.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56f069a7-2746-11dc-9b8f-0013207a872e}]
AutoRun\command- I:\autorun.exe
*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDMON
*Newly Created Service* - INSPECT
Contents of the 'Scheduled Tasks' folder
2007-07-18 17:43:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 04:00:00 C:\WINDOWS\tasks\At1.job
2007-07-25 13:00:00 C:\WINDOWS\tasks\At10.job
2007-07-25 14:00:00 C:\WINDOWS\tasks\At11.job
2007-07-25 15:00:00 C:\WINDOWS\tasks\At12.job
2007-07-25 16:00:00 C:\WINDOWS\tasks\At13.job
2007-07-24 17:00:00 C:\WINDOWS\tasks\At14.job
2007-07-24 18:00:00 C:\WINDOWS\tasks\At15.job
2007-07-24 19:00:00 C:\WINDOWS\tasks\At16.job
2007-07-24 20:00:00 C:\WINDOWS\tasks\At17.job
2007-07-24 21:00:00 C:\WINDOWS\tasks\At18.job
2007-07-24 22:00:00 C:\WINDOWS\tasks\At19.job
2007-07-25 05:00:00 C:\WINDOWS\tasks\At2.job
2007-07-24 23:00:00 C:\WINDOWS\tasks\At20.job
2007-07-25 00:00:00 C:\WINDOWS\tasks\At21.job
2007-07-25 01:00:00 C:\WINDOWS\tasks\At22.job
2007-07-25 02:00:00 C:\WINDOWS\tasks\At23.job
2007-07-25 03:00:00 C:\WINDOWS\tasks\At24.job
2007-07-25 04:00:00 C:\WINDOWS\tasks\At25.job
2007-07-25 05:00:00 C:\WINDOWS\tasks\At26.job
2007-07-25 06:00:00 C:\WINDOWS\tasks\At27.job
2007-07-25 07:00:00 C:\WINDOWS\tasks\At28.job
2007-07-25 08:00:00 C:\WINDOWS\tasks\At29.job
2007-07-25 06:00:00 C:\WINDOWS\tasks\At3.job
2007-07-25 09:00:00 C:\WINDOWS\tasks\At30.job
2007-07-25 10:00:00 C:\WINDOWS\tasks\At31.job
2007-07-25 11:00:00 C:\WINDOWS\tasks\At32.job
2007-07-25 12:00:00 C:\WINDOWS\tasks\At33.job
2007-07-25 13:00:00 C:\WINDOWS\tasks\At34.job
2007-07-25 14:00:00 C:\WINDOWS\tasks\At35.job
2007-07-25 15:00:00 C:\WINDOWS\tasks\At36.job
2007-07-25 16:00:00 C:\WINDOWS\tasks\At37.job
2007-07-24 17:00:00 C:\WINDOWS\tasks\At38.job
2007-07-24 18:00:00 C:\WINDOWS\tasks\At39.job
2007-07-25 07:00:00 C:\WINDOWS\tasks\At4.job
2007-07-24 19:00:00 C:\WINDOWS\tasks\At40.job
2007-07-24 20:00:00 C:\WINDOWS\tasks\At41.job
2007-07-24 21:00:00 C:\WINDOWS\tasks\At42.job
2007-07-24 22:00:00 C:\WINDOWS\tasks\At43.job
2007-07-24 23:00:00 C:\WINDOWS\tasks\At44.job
2007-07-25 00:00:00 C:\WINDOWS\tasks\At45.job
2007-07-25 01:00:00 C:\WINDOWS\tasks\At46.job
2007-07-25 02:00:00 C:\WINDOWS\tasks\At47.job
2007-07-25 03:00:00 C:\WINDOWS\tasks\At48.job
2007-07-25 08:00:00 C:\WINDOWS\tasks\At5.job
2007-07-25 09:00:00 C:\WINDOWS\tasks\At6.job
2007-07-25 10:00:00 C:\WINDOWS\tasks\At7.job
2007-07-25 11:00:00 C:\WINDOWS\tasks\At8.job
2007-07-25 12:00:00 C:\WINDOWS\tasks\At9.job
2007-07-25 16:42:00 C:\WINDOWS\tasks\HP Usg Daily.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 12:51:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000184
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 12:53:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 12:53
--- E O F ---
Here is the Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 1:10:38 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Antivirus and Spywares\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Antivirus and Spywares\Comodo\Firewall\cmdagent.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Tools\Mozilla Firefox\firefox.exe
E:\Leo\Programas\Anti Virus\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://expresswayauthority.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {253F90D9-1731-49CC-99D9-CBB27AB28D63} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Downloader\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: 0 - {C93F9B97-C288-4535-DCB7-355900E356B4} - C:\Program Files\WindowsUpdate\quharego.dll (file missing)
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\Media Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\DOCUME~1\officeXp\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A27D80-B2B3-4AF6-A2C6-2557ADCEC507}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Antivirus and Spywares\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Antivirus and Spywares\Comodo\Firewall\cmdagent.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Please do the following...
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript"O2 - BHO: (no name) - {253F90D9-1731-49CC-99D9-CBB27AB28D63} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll (file missing)
O2 - BHO: 0 - {C93F9B97-C288-4535-DCB7-355900E356B4} - C:\Program Files\WindowsUpdate\quharego.dll (file missing)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
This will start ComboFix again. After reboot, (in case it asks to reboot)
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run AVG yet. Will do it a bit later.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine[/color] (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log,Combofix.txt and AVG Anti-Spyware report.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Here is the Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 4:19:49 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
C:\program files\Media Players\Quicktime\QTTask.exe
C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Antivirus and Spywares\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Antivirus and Spywares\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Antivirus and Spywares\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Leo\Programas\Anti Virus\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://expresswayauthority.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Downloader\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\Media Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Downloader\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\DOCUME~1\officeXp\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A27D80-B2B3-4AF6-A2C6-2557ADCEC507}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Antivirus and Spywares\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus and Spywares\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus and Spywares\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Antivirus and Spywares\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Antivirus and Spywares\Comodo\Firewall\cmdagent.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
And finally the Combo Fix
"Leo" - 2007-07-25 16:14:41 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-25 14:58 10,872 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-25 12:52 <DIR> d
C:\DOCUME~1\Leo\APPLIC~1\Comodo
2007-07-25 12:52 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-25 12:45 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-23 14:54 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-21 19:59 <DIR> d
C:\Program Files\iPod
2007-07-21 19:58 <DIR> d
C:\Program Files\Common Files\Apple
2007-07-21 01:15 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 12:46 <DIR> d
C:\WINDOWS\system32\LogFiles
2007-07-19 11:58 23,600 --a
C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-19 11:45 <DIR> d
C:\Program Files\Lavalys
2007-07-17 02:15 <DIR> d
C:\Winamp Converted Files
2007-07-17 02:13 129,784
C:\WINDOWS\system32\pxafs.dll
2007-07-17 02:13 <DIR> d
C:\Program Files\Winamp
2007-07-17 02:03 57,064 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP.dat
2007-07-17 01:57 2,954 --a
C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-07-17 01:52 35,139 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-07-17 01:52 167,424 --a
C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-17 01:52 13,773 --a
C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP CD Writer.dat
2007-07-11 11:14 162 --a
C:\rapidhacker.dll
2007-07-10 12:02 1,374 --a
C:\WINDOWS\system32\drivers\pxfsf.dat
2007-07-10 02:11 77,312 --a
C:\WINDOWS\ua2.dll
2007-07-10 02:08 <DIR> d
C:\WINDOWS\system32\Panda Software
2007-07-10 01:14 1,060,864 --a
C:\WINDOWS\system32\MFC71.dll
2007-07-09 15:41 95,872 --a
C:\WINDOWS\system32\AvastSS.scr
2007-07-09 15:41 94,552 --a
C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-09 15:41 85,952 --a
C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-09 15:41 745,600 --a
C:\WINDOWS\system32\aswBoot.exe
2007-07-09 15:41 43,176 --a
C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-09 15:41 26,888 --a
C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-09 15:41 23,416 --a
C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-08 13:42 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-07-08 13:41 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-08 13:35 1,462,272 --a
C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-08 13:35 <DIR> d--hs---- C:\WINDOWS\CSC
2007-07-08 13:11 499,712 --a
C:\WINDOWS\system32\msvcp71.dll
2007-07-08 13:11 348,160 --a
C:\WINDOWS\system32\msvcr71.dll
2007-07-06 13:14 81,768 --a
C:\WINDOWS\system32\xinput1_3.dll
2007-07-06 13:14 62,744 --a
C:\WINDOWS\system32\xinput1_2.dll
2007-07-06 13:14 443,752 --a
C:\WINDOWS\system32\d3dx10_34.dll
2007-07-06 13:14 443,752 --a
C:\WINDOWS\system32\d3dx10_33.dll
2007-07-06 13:14 3,497,832 --a
C:\WINDOWS\system32\d3dx9_34.dll
2007-07-06 13:14 3,495,784 --a
C:\WINDOWS\system32\d3dx9_33.dll
2007-07-06 13:14 266,088 --a
C:\WINDOWS\system32\xactengine2_8.dll
2007-07-06 13:14 261,480 --a
C:\WINDOWS\system32\xactengine2_7.dll
2007-07-06 13:14 255,848 --a
C:\WINDOWS\system32\xactengine2_6.dll
2007-07-06 13:14 251,672 --a
C:\WINDOWS\system32\xactengine2_5.dll
2007-07-06 13:14 237,848 --a
C:\WINDOWS\system32\xactengine2_4.dll
2007-07-06 13:14 236,824 --a
C:\WINDOWS\system32\xactengine2_3.dll
2007-07-06 13:14 2,414,360 --a
C:\WINDOWS\system32\d3dx9_31.dll
2007-07-06 13:14 2,297,552 --a
C:\WINDOWS\system32\d3dx9_26.dll
2007-07-06 13:14 18,280 --a
C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-06 13:14 15,128 --a
C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-06 13:14 1,124,720 --a
C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-06 13:14 1,123,696 --a
C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-30 18:27 <DIR> d
C:\Program Files\Netflix
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-25 18:58:44
d
w C:\Program Files\Antivirus and Spywares
2007-07-23 18:53:41
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-23 16:35:26
d
w C:\DOCUME~1\Leo\APPLIC~1\OpenOffice.org2
2007-07-21 23:59:50
d
w C:\Program Files\Media Players
2007-07-21 05:15:46
d
w C:\Program Files\Apple Software Update
2007-07-19 15:58:53 3,345 ----a-w C:\WINDOWS\mozver.dat
2007-07-17 05:53:43
d
w C:\Program Files\Multimedia Editing Tools
2007-07-17 05:52:19
d
w C:\Program Files\Burning Software
2007-07-16 16:06:26 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-07-10 21:18:35
d
w C:\Program Files\GbPlugin
2007-07-09 06:46:31
d--h--w C:\Program Files\WindowsUpdate
2007-06-23 04:14:45
d
w C:\DOCUME~1\Leo\APPLIC~1\U3
2007-06-19 20:40:32
d
w C:\DOCUME~1\Leo\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-06-19 04:26:33
d
w C:\DOCUME~1\Leo\APPLIC~1\Canon
2007-06-18 17:38:39
d
w C:\DOCUME~1\Leo\APPLIC~1\ATI
2007-06-18 16:38:03
d
w C:\Program Files\ATI Technologies
2007-06-18 16:37:10
d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:56:09
d
w C:\Program Files\Electronic Arts
2007-06-17 23:51:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 23:51:25
d--h--r C:\DOCUME~1\Leo\APPLIC~1\SecuROM
2007-06-14 21:13:26
d
w C:\DOCUME~1\Leo\APPLIC~1\Google
2007-06-14 21:13:03
d
w C:\Program Files\Google
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 23:14:00 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-06-02 23:14:00 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\sysprs7.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\clauth2.dll
2007-06-02 23:14:00 1,025 ----a-w C:\WINDOWS\system32\clauth1.dll
2007-06-02 17:12:37
d
w C:\Program Files\MSN Messenger
2007-06-02 16:59:45
d
w C:\Program Files\Messenger
2007-06-02 16:59:37
d
w C:\Program Files\Movie Maker
2007-06-02 16:58:26
d
w C:\Program Files\Windows NT
2007-05-25 17:10:44
d
w C:\Program Files\Common Files\InstallShield
2007-05-25 16:23:11
d
w C:\Program Files\MagicDisc
2007-04-03 11:14:07 19,136 ----a-w C:\DOCUME~1\Leo\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-03-29 00:58]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-08 22:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-09 01:23]
"avast!"="C:\PROGRA~1\ANTIVI~1\avast\ashDisp.exe" [2007-04-30 11:42]
"QuickTime Task"="C:\program files\Media Players\Quicktime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\Media Players\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Picasa Media Detector"="C:\Program Files\Multimedia Editing Tools\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"COMODO Firewall Pro"="C:\Program Files\Antivirus and Spywares\Comodo\Firewall\CPF.exe" [2007-07-25 12:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
C:\Documents and Settings\Leo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Leo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\Burning Software\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Printer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Printer\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\Media Players\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oars]
"C:\PROGRA~1\COMMON~1\STEM32~1\attrib.exe" -vt yazb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\Burning Software\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\program files\Media Players\Quicktime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
"C:\WINDOWS\svhost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
C:\Program Files\Antivirus and Spywares\Windows Registry Repair Pro\RegistryRepairPro.exe 4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"wscsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"GbpSv"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 Si3114r5;SiI-3114 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R1 CmdMon;Comodo Application Engine;C:\WINDOWS\system32\DRIVERS\cmdmon.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\System32\drivers\btserial.sys
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe
R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys
R3 ATIAVPCI;ATI Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavrr.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 mcdbus;Driver for MagicISO SCSI Host Controller;C:\WINDOWS\system32\DRIVERS\mcdbus.sys
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 btwhid;btwhid;C:\WINDOWS\system32\DRIVERS\btwhid.sys
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 P2k;Motorola USB Device;C:\WINDOWS\system32\DRIVERS\P2k.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56f069a7-2746-11dc-9b8f-0013207a872e}]
AutoRun\command- I:\autorun.exe
Contents of the 'Scheduled Tasks' folder
2007-07-25 17:43:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 16:42:00 C:\WINDOWS\tasks\HP Usg Daily.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 16:17:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 16:18:23
C:\ComboFix-quarantined-files.txt ... 2007-07-25 16:18
C:\ComboFix2.txt ... 2007-07-25 14:56
C:\ComboFix3.txt ... 2007-07-25 12:53
--- E O F ---
Logs, looks good but let's run one online scan to be sure:
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Please do the following...
Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript"
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
Congratulations, your log looks clean!
Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
- Download the latest version of Java Runtime Environment (JRE) 6u2.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
Reenable system restore with instructions from tutorial aboveYou can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Here are some additional utilities that will enhance your safety
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
- Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!Using Winpatrol to protect your computer from malicious software
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
Happy surfing and stay clean!
Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here