Full of viruses!
Hello! I just opened my laptop and a bunch of warnings appeared! I am full of viruses! What can I do? Why did this happen? I have all the necessery programs! I am paniced obviously!
0
This discussion has been closed.
Comments
My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.
Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.
:install hijackthis:
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Gringo
Ad-Aware 2007
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
AVG Free Edition
AVIConverter 2.0
BitComet 0.96
Canon MP Navigator EX 1.0
Canon MX310 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
Conexant HD Audio
ConvertXtoDVD 2.1.19.243
DecisionPro 3.0
DivX Content Uploader
DivX Web Player
DVDFab Decrypter 3.0.8.6
e-PDF To Word Converter v2.5
FLV Player 1.3.3
getPlus(R)_dll
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
HDD Thermometer
Hijackthis 1.99.1
HijackThis 1.99.1
home box office Screen Saver
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP QuickPlay 2.1
HP Software Update
HP User Guides 0019
HP User Guides--System Recovery
HP Wireless Assistant 2.00 E1
Intel(R) PRO Network Connections Drivers
intocartoonpro
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LimeWire PRO 4.12.3
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Flash Player 8
MATLAB R2007a
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Greek Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MVision
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Orcad Family Release 9.2 Standalone
PC Connectivity Solution
Presto! PageManager 7.15.16
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Shop for HP Supplies
SmartAudio
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicStage 3.4
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Word 2007 (KB934173)
VideoLAN VLC media player 0.8.6
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
Windows Driver Package - Intel (w29n51) net (10/25/2006 9.0.4.26)
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinZip
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Spy Blocker
Άμεση επιδιόρθωση για Windows XP - KB873333
Άμεση επιδιόρθωση για Windows XP - KB873339
Άμεση επιδιόρθωση για Windows XP - KB883667
Άμεση επιδιόρθωση για Windows XP - KB884575
Άμεση επιδιόρθωση για Windows XP - KB885250
Άμεση επιδιόρθωση για Windows XP - KB885464
Άμεση επιδιόρθωση για Windows XP - KB885835
Άμεση επιδιόρθωση για Windows XP - KB885836
Άμεση επιδιόρθωση για Windows XP - KB885855
Άμεση επιδιόρθωση για Windows XP - KB885884
Άμεση επιδιόρθωση για Windows XP - KB886185
Άμεση επιδιόρθωση για Windows XP - KB887472
Άμεση επιδιόρθωση για Windows XP - KB888113
Άμεση επιδιόρθωση για Windows XP - KB888239
Άμεση επιδιόρθωση για Windows XP - KB888302
Άμεση επιδιόρθωση για Windows XP - KB888402
Άμεση επιδιόρθωση για Windows XP - KB889673
Άμεση επιδιόρθωση για Windows XP - KB890859
Άμεση επιδιόρθωση για Windows XP - KB891781
Άμεση επιδιόρθωση για Windows XP - KB892559
Βελτιώσεις βάσει της εμπειρίας των πελατών
Βοηθός εισόδου του Windows Live
Δήλωση χρήστη Canon MX310 series
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 10 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 10 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB911565)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB942615)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB944533)
Ενημέρωση ασφαλείας για Windows XP (KB890046)
Ενημέρωση ασφαλείας για Windows XP (KB893066)
Ενημέρωση ασφαλείας για Windows XP (KB893756)
Ενημέρωση ασφαλείας για Windows XP (KB896358)
Ενημέρωση ασφαλείας για Windows XP (KB896422)
Ενημέρωση ασφαλείας για Windows XP (KB896423)
Ενημέρωση ασφαλείας για Windows XP (KB896424)
Ενημέρωση ασφαλείας για Windows XP (KB896428)
Ενημέρωση ασφαλείας για Windows XP (KB899587)
Ενημέρωση ασφαλείας για Windows XP (KB899591)
Ενημέρωση ασφαλείας για Windows XP (KB900725)
Ενημέρωση ασφαλείας για Windows XP (KB901017)
Ενημέρωση ασφαλείας για Windows XP (KB901190)
Ενημέρωση ασφαλείας για Windows XP (KB901214)
Ενημέρωση ασφαλείας για Windows XP (KB902400)
Ενημέρωση ασφαλείας για Windows XP (KB903235)
Ενημέρωση ασφαλείας για Windows XP (KB904706)
Ενημέρωση ασφαλείας για Windows XP (KB905414)
Ενημέρωση ασφαλείας για Windows XP (KB905749)
Ενημέρωση ασφαλείας για Windows XP (KB908519)
Ενημέρωση ασφαλείας για Windows XP (KB911562)
Ενημέρωση ασφαλείας για Windows XP (KB911567)
Ενημέρωση ασφαλείας για Windows XP (KB911927)
Ενημέρωση ασφαλείας για Windows XP (KB912919)
Ενημέρωση ασφαλείας για Windows XP (KB913446)
Ενημέρωση ασφαλείας για Windows XP (KB913580)
Ενημέρωση ασφαλείας για Windows XP (KB914388)
Ενημέρωση ασφαλείας για Windows XP (KB914389)
Ενημέρωση ασφαλείας για Windows XP (KB917344)
Ενημέρωση ασφαλείας για Windows XP (KB917422)
Ενημέρωση ασφαλείας για Windows XP (KB917953)
Ενημέρωση ασφαλείας για Windows XP (KB918118)
Ενημέρωση ασφαλείας για Windows XP (KB918439)
Ενημέρωση ασφαλείας για Windows XP (KB918899)
Ενημέρωση ασφαλείας για Windows XP (KB919007)
Ενημέρωση ασφαλείας για Windows XP (KB920213)
Ενημέρωση ασφαλείας για Windows XP (KB920214)
Ενημέρωση ασφαλείας για Windows XP (KB920670)
Ενημέρωση ασφαλείας για Windows XP (KB920683)
Ενημέρωση ασφαλείας για Windows XP (KB920685)
Ενημέρωση ασφαλείας για Windows XP (KB921398)
Ενημέρωση ασφαλείας για Windows XP (KB921503)
Ενημέρωση ασφαλείας για Windows XP (KB921883)
Ενημέρωση ασφαλείας για Windows XP (KB922616)
Ενημέρωση ασφαλείας για Windows XP (KB922760)
Ενημέρωση ασφαλείας για Windows XP (KB922819)
Ενημέρωση ασφαλείας για Windows XP (KB923191)
Ενημέρωση ασφαλείας για Windows XP (KB923414)
Ενημέρωση ασφαλείας για Windows XP (KB923694)
Ενημέρωση ασφαλείας για Windows XP (KB923980)
Ενημέρωση ασφαλείας για Windows XP (KB924191)
Ενημέρωση ασφαλείας για Windows XP (KB924270)
Ενημέρωση ασφαλείας για Windows XP (KB924496)
Ενημέρωση ασφαλείας για Windows XP (KB924667)
Ενημέρωση ασφαλείας για Windows XP (KB925454)
Ενημέρωση ασφαλείας για Windows XP (KB925486)
Ενημέρωση ασφαλείας για Windows XP (KB925902)
Ενημέρωση ασφαλείας για Windows XP (KB926255)
Ενημέρωση ασφαλείας για Windows XP (KB926436)
Ενημέρωση ασφαλείας για Windows XP (KB927779)
Ενημέρωση ασφαλείας για Windows XP (KB927802)
Ενημέρωση ασφαλείας για Windows XP (KB928090)
Ενημέρωση ασφαλείας για Windows XP (KB928255)
Ενημέρωση ασφαλείας για Windows XP (KB928843)
Ενημέρωση ασφαλείας για Windows XP (KB929123)
Ενημέρωση ασφαλείας για Windows XP (KB929969)
Ενημέρωση ασφαλείας για Windows XP (KB930178)
Ενημέρωση ασφαλείας για Windows XP (KB931261)
Ενημέρωση ασφαλείας για Windows XP (KB931768)
Ενημέρωση ασφαλείας για Windows XP (KB931784)
Ενημέρωση ασφαλείας για Windows XP (KB932168)
Ενημέρωση ασφαλείας για Windows XP (KB933566)
Ενημέρωση ασφαλείας για Windows XP (KB933729)
Ενημέρωση ασφαλείας για Windows XP (KB935839)
Ενημέρωση ασφαλείας για Windows XP (KB935840)
Ενημέρωση ασφαλείας για Windows XP (KB936021)
Ενημέρωση ασφαλείας για Windows XP (KB937143)
Ενημέρωση ασφαλείας για Windows XP (KB938127)
Ενημέρωση ασφαλείας για Windows XP (KB938829)
Ενημέρωση ασφαλείας για Windows XP (KB939653)
Ενημέρωση ασφαλείας για Windows XP (KB941202)
Ενημέρωση ασφαλείας για Windows XP (KB941568)
Ενημέρωση ασφαλείας για Windows XP (KB941644)
Ενημέρωση ασφαλείας για Windows XP (KB941693)
Ενημέρωση ασφαλείας για Windows XP (KB942615)
Ενημέρωση ασφαλείας για Windows XP (KB943055)
Ενημέρωση ασφαλείας για Windows XP (KB943460)
Ενημέρωση ασφαλείας για Windows XP (KB943485)
Ενημέρωση ασφαλείας για Windows XP (KB944653)
Ενημέρωση ασφαλείας για Windows XP (KB945553)
Ενημέρωση ασφαλείας για Windows XP (KB946026)
Ενημέρωση ασφαλείας για Windows XP (KB948590)
Ενημέρωση ασφαλείας για Windows XP (KB948881)
Ενημέρωση για Windows XP (KB894391)
Ενημέρωση για Windows XP (KB896727)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB900485)
Ενημέρωση για Windows XP (KB904942)
Ενημέρωση για Windows XP (KB908531)
Ενημέρωση για Windows XP (KB910437)
Ενημέρωση για Windows XP (KB911280)
Ενημέρωση για Windows XP (KB916595)
Ενημέρωση για Windows XP (KB920872)
Ενημέρωση για Windows XP (KB922582)
Ενημέρωση για Windows XP (KB927891)
Ενημέρωση για Windows XP (KB929338)
Ενημέρωση για Windows XP (KB930916)
Ενημέρωση για Windows XP (KB931836)
Ενημέρωση για Windows XP (KB933360)
Ενημέρωση για Windows XP (KB936357)
Ενημέρωση για Windows XP (KB938828)
Ενημέρωση για Windows XP (KB942763)
Ενημέρωση για Windows XP (KB942840)
Ενημέρωση για Windows XP (KB946627)
Επείγουσα επιδιόρθωση για Windows Internet Explorer 7 (KB947864)
Επείγουσα επιδιόρθωση για Windows XP (KB896256)
Επείγουσα επιδιόρθωση για Windows XP (KB909095)
Επείγουσα επιδιόρθωση για Windows XP (KB912436)
Επείγουσα επιδιόρθωση για Windows XP (KB914440)
Επείγουσα επιδιόρθωση για Windows XP (KB915326)
Επείγουσα επιδιόρθωση για το Windows Media Player 11 (KB939683)
Πακέτο προγραμμάτων οδήγησης των Windows - Nokia Modem (11/03/2006 6.82.0.1)
Συλλογή φωτογραφιών του Windows Live
Υπηρεσίες Internet
I have the greek windows XP so if you need me to translate what the greek part says, please tell me so. In specific wherever it writes "άμεση επιδιόρθωση" = "direct fix" , "Ενημερωμένη έκδοση ασφαλείας"= "updated security version", "Ενημέρωση ασφαλείας"= "security update", "Επείγουσα επιδιόρθωση" = "emergency fix", "Πακέτο προγραμμάτων οδήγησης"=" drivers programm package" , "Συλλογή φωτογραφιών"= "photo gallery", "Υπηρεσίες Internet"= "internet services". I don't know the exact phrases in english but that is what they say.
The highjack log is:
Logfile of HijackThis v1.99.1
Scan saved at 4:00:24 μμ, on 13/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecom.honda-eu.com/logon/r_portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\awtqnkiH.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B76CE3C7-ADA5-424E-936D-D0A765DC4B75} - (no file)
O2 - BHO: (no name) - {E639AF65-0EAF-4C5F-B437-6B7673AB4560} - C:\WINDOWS\system32\vtUmNGvU.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:enu
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69259C94-1275-49D9-991A-6DC8D4F19DAC}: NameServer = 194.219.227.1,193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqnkiH - awtqnkiH.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: BootUnknown - {a5cd620b-5ed1-4f0f-ba3f-3dbc5cc36227} - C:\WINDOWS\Resources\BootUnknown.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
:P2P Warning!:
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitComet
LimeWire PRO
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
I would recommend that you uninstall BitComet,LimeWire PRO, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
: teatimer :
Please disable
Teatimer as it may interfere with the fix.First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.:disable Ad-Aware 2007:
First please disable Ad-Aware 2007 as it may interfere with repairs.
- Click the Settings button, Auto Scans tab, and under "Scan on Ad-Aware startup",
- be sure both selections for "No automated scan" are checked (green).
- Then click Save and close Ad-Aware.
Don't forget to re-enable it, when your computer is clean.:run combofix:
Download
Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofixLink 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
:information and logs:
In your next post I need the following
1.log from combofix 2.new log from hijackthis
Gringo
Logfile of HijackThis v1.99.1
Scan saved at 10:33, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecom.honda-eu.com/logon/r_portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\awtqnkiH.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B76CE3C7-ADA5-424E-936D-D0A765DC4B75} - (no file)
O2 - BHO: (no name) - {E639AF65-0EAF-4C5F-B437-6B7673AB4560} - C:\WINDOWS\system32\vtUmNGvU.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69259C94-1275-49D9-991A-6DC8D4F19DAC}: NameServer = 194.219.227.1,193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqnkiH - awtqnkiH.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: BootUnknown - {a5cd620b-5ed1-4f0f-ba3f-3dbc5cc36227} - C:\WINDOWS\Resources\BootUnknown.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I don't know what the combofix log is because I left it running and when I came back it had rebooted my computer or something like that and there wasn't a window open. But in its file I found this in a notepad with the same name:
ComboFix 08-04-13.2 - PAVILION 2008-04-14 10:16:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.522 [GMT 3:00]
Running from: C:\Documents and Settings\PAVILION\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
I don't know if its the right thing...I found 2 other notepads in the same file as the above with the names "pend" and "run".
Is this all the log said.
I would like to see if you can find the log here and post it to me C:\ComboFix.txt
double click on "my computer" or go to start then "my computer"
then double click "local disk (C: )"
and see if you can find combofix.txt
and send that to me
gringo
ComboFix 08-04-13.3 - PAVILION 2008-04-14 12:59:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.475 [GMT 3:00]
Running from: C:\Documents and Settings\PAVILION\Επιφάνεια εργασίας\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\PAVILION\Application Data\inst.exe
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\#SharedObjects\5EBSKD6B\www.broadcaster.com
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\UvGNmUtv.ini
C:\WINDOWS\system32\UvGNmUtv.ini2
.
---- Previous Run
.
C:\WINDOWS\system32\mcrh.tmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
2008-04-14 12:39 . 2008-04-14 12:39 106,496 --a
C:\WINDOWS\system32\bwjurapk.exe
2008-04-14 10:52 . 2008-04-14 10:52 4,649,192 --a
C:\WindowsXP-KB310994-SP2-Home-BootDisk-ELL.exe
2008-04-14 10:10 . 2008-04-14 10:10 102,400 --a
C:\WINDOWS\system32\wxwzmtot.exe
2008-04-14 10:01 . 2008-04-14 10:01 102,400 --a
C:\WINDOWS\system32\gncxqdsd.exe
2008-04-12 21:05 . 2008-04-12 21:05 12,660,074
C:\AVG7QT.DAT
2008-04-10 15:47 . 2008-04-10 15:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\vexabory
2008-04-10 11:23 . 2005-06-01 00:28 9,606 --a
C:\WINDOWS\system32\NEWSOFT
2008-04-10 11:23 . 2008-04-10 11:23 264 --a
C:\WINDOWS\setup.iss
2008-04-10 11:21 . 2008-04-10 11:21 <DIR> d
C:\Program Files\Common Files\NewSoft
2008-04-10 11:21 . 1997-10-14 05:19 11,776 --a
C:\WINDOWS\system32\pmsbfn32.dll
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\WINDOWS\system32\Color
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\NewSoft
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\Common Files\PDFView
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 412 --a
C:\WINDOWS\MAXLINK.INI
2008-04-10 11:15 . 2008-04-10 14:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-10 11:15 . 2008-04-10 11:15 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-10 11:14 . 2008-04-10 11:14 <DIR> d
C:\Program Files\Common Files\CANON
2008-04-10 11:11 . 2008-04-10 11:11 <DIR> d--h
C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-10 11:09 . 2008-04-12 18:08 <DIR> d
C:\Program Files\Canon
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-10 11:06 . 2008-04-10 11:06 105,467 --a
C:\WINDOWS\hpqins16.dat
2008-04-08 13:07 . 2008-04-08 13:07 268 --ah
C:\sqmdata00.sqm
2008-04-08 13:07 . 2008-04-08 13:07 244 --ah
C:\sqmnoopt00.sqm
2008-04-01 14:56 . 2008-04-01 14:57 <DIR> d
C:\Program Files\YouTube Downloader
2008-04-01 14:48 . 2008-04-01 14:48 <DIR> d
C:\Program Files\FLVPlayer
2008-03-18 14:32 . 2008-03-18 14:32 <DIR> d
C:\Program Files\Windows Media Connect 2
2008-03-18 14:32 . 2006-10-04 17:06 1,197,294 --a
C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-18 14:32 . 2006-10-04 17:06 764,868 --a
C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-18 14:32 . 2006-10-04 17:06 217,118 --a
C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-18 14:30 . 2008-03-19 15:54 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2008-03-16 21:50 . 2008-04-14 12:59 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:09 19,556,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-14 09:40
d
w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-04-14 08:20 229,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 18:05
d
w C:\Documents and Settings\PAVILION\Application Data\AVG7
2008-04-12 12:58
d
w C:\Program Files\SpywareBlaster
2008-04-11 13:23 11,416 ----a-w C:\Documents and Settings\PAVILION\PAVILION_notes.dat
2008-04-10 11:10
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-10 08:20
d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 08:06 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 12:52
d
w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-18 10:25
d
w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-16 11:54
d
w C:\Program Files\Java
2008-03-12 19:33 7,850,761 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-05 20:25
d
w C:\Program Files\Windows Live
2008-03-02 15:32
dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 15:31
d
w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 15:27
d
w C:\Program Files\MSN Messenger
2008-03-02 15:24
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 15:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 46,080 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 46,080 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 14:00
d
w C:\Program Files\Zone Labs
2008-02-19 13:46
d
w C:\Program Files\ZoneAlarmSB
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-06 21:15 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-05 20:05 520,192 ----a-w C:\WINDOWS\system32\home box office.scr
2008-02-01 09:17 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-08-04 15:26 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-08-03 17:42 16,585,785 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_38_27_full.dmp.zip
2007-08-03 17:41 16,589,498 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_37_34_full.dmp.zip
2007-08-03 17:41 16,588,869 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_35_40_full.dmp.zip
2007-08-03 17:40 120,462 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_35_21_small.dmp.zip
2007-08-03 17:40 114,404 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_37_21_small.dmp.zip
2007-08-03 17:40 107,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_38_15_small.dmp.zip
2007-08-03 17:37 2,962,432 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-07-07 14:10 3,570,688 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-07-07 14:10 1,696,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-06-14 17:38 47,360 ----a-w C:\Documents and Settings\PAVILION\Application Data\pcouffin.sys
2007-05-18 08:01 57,773 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_17_22_55_21_small.dmp.zip
2005-09-24 05:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-09-21 03:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-21 03:54 154,624 ----a-w C:\Program Files\1049.mst
2005-09-20 19:59 360 ----a-w C:\Program Files\setup.ini
2003-04-21 11:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2006-10-16 12:47 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B76CE3C7-ADA5-424E-936D-D0A765DC4B75}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E639AF65-0EAF-4C5F-B437-6B7673AB4560}]
C:\WINDOWS\system32\vtUmNGvU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-19 16:46 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-08 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 20:02 215040]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [ ]
"LogitechSetup"="E:\Setup\Setup.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 19:33 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 17:49 35328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-08 00:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:01 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\PAVILION\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 17:02:06 581693]
ID_‚¨γš¦¨ž_œ΅΅ε¤ž©ž_§ ¤˜΅¦Ÿγ΅ž_HP_ell.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1TpyJh40zw"= C:\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootUnknown"= {a5cd620b-5ed1-4f0f-ba3f-3dbc5cc36227} - C:\WINDOWS\Resources\BootUnknown.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkiH]
awtqnkiH.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"24509:TCP"= 24509:TCP:BitComet 24509 TCP
"24509:UDP"= 24509:UDP:BitComet 24509 UDP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5942a554-8909-11db-9d75-001302540fa5}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 13:07:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-14 13:20:13
ComboFix-quarantined-files.txt 2008-04-14 10:19:15
11 Κατάλογοι 39,806,619,648 διαθέσιμα byte
15 Κατάλογοι 39,792,005,120 διαθέσιμα byte
.
2008-04-12 12:58:04 --- E O F ---
I hope I did it better now.
I don't see anything in the logs that might have caused this
: teatimer :
Please disable
Teatimer as it may interfere with the fix.First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.:disable Ad-Aware 2007:
First please disable Ad-Aware 2007 as it may interfere with repairs.
- Click the Settings button, Auto Scans tab, and under "Scan on Ad-Aware startup",
- be sure both selections for "No automated scan" are checked (green).
- Then click Save and close Ad-Aware.
Don't forget to re-enable it, when your computer is clean.:Run CFScript:
Open Notepad and copy/paste the text in the box into the window:
KILLALL:: File:: C:\WINDOWS\system32\bwjurapk.exe C:\WINDOWS\system32\wxwzmtot.exe C:\WINDOWS\system32\gncxqdsd.exe C:\WINDOWS\Fonts\RandFont.dll Folder:: C:\Documents and Settings\All Users\Application Data\vexabory Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B76CE3C7-ADA5-424E-936D-D0A765DC4B75}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E639AF65-0EAF-4C5F-B437-6B7673AB4560}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "My Web Search Bar Search Scope Monitor"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "1TpyJh40zw"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "BootUnknown"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkiH]Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
: Malwarebytes' Anti-Malware :
Please download
Malwarebytes' Anti-Malware to your desktop.[*]Double-click mbam-setup.exe and follow the prompts to install the program.
[*]At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
[*] then click Finish.[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform full scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
:Run Kaspersky Online AV Scanner:
Order to use it you have to use Internet Explorer. Go to
Kaspersky and click the Accept button at the end of the page.Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply:information and logs:
In your next post I need the following
1.log from Combofix 2.log from MBAM 3.log from Kaspersky 4.how is the computer doing now?
Gringo
ComboFix 08-04-13.3 - PAVILION 2008-04-15 10:18:06.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.503 [GMT 3:00]
Running from: C:\Documents and Settings\PAVILION\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\bwjurapk.exe
C:\WINDOWS\system32\gncxqdsd.exe
C:\WINDOWS\system32\wxwzmtot.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\vexabory
C:\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\bwjurapk.exe
C:\WINDOWS\system32\gncxqdsd.exe
C:\WINDOWS\system32\wxwzmtot.exe
.
---- Previous Run
.
C:\Documents and Settings\PAVILION\Application Data\inst.exe
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\#SharedObjects\5EBSKD6B\www.broadcaster.com
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\PAVILION\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\UvGNmUtv.ini
C:\WINDOWS\system32\UvGNmUtv.ini2
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-15 10:06 . 2008-04-15 10:06 90,112 --a
C:\WINDOWS\system32\jihgfetu.exe
2008-04-14 18:41 . 2008-04-14 18:41 106,496 --a
C:\WINDOWS\system32\sbwbwzkh.exe
2008-04-14 17:12 . 2008-04-14 17:12 106,496 --a
C:\WINDOWS\system32\vavadela.exe
2008-04-14 13:51 . 2008-04-14 13:51 106,496 --a
C:\WINDOWS\system32\dofupwto.exe
2008-04-14 10:52 . 2008-04-14 10:52 4,649,192 --a
C:\WindowsXP-KB310994-SP2-Home-BootDisk-ELL.exe
2008-04-10 11:23 . 2005-06-01 00:28 9,606 --a
C:\WINDOWS\system32\NEWSOFT
2008-04-10 11:23 . 2008-04-10 11:23 264 --a
C:\WINDOWS\setup.iss
2008-04-10 11:21 . 2008-04-10 11:21 <DIR> d
C:\Program Files\Common Files\NewSoft
2008-04-10 11:21 . 1997-10-14 05:19 11,776 --a
C:\WINDOWS\system32\pmsbfn32.dll
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\WINDOWS\system32\Color
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\NewSoft
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\Common Files\PDFView
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 412 --a
C:\WINDOWS\MAXLINK.INI
2008-04-10 11:15 . 2008-04-10 14:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-10 11:15 . 2008-04-10 11:15 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-10 11:14 . 2008-04-10 11:14 <DIR> d
C:\Program Files\Common Files\CANON
2008-04-10 11:11 . 2008-04-10 11:11 <DIR> d--h
C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-10 11:09 . 2008-04-12 18:08 <DIR> d
C:\Program Files\Canon
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-10 11:06 . 2008-04-10 11:06 105,467 --a
C:\WINDOWS\hpqins16.dat
2008-04-08 13:07 . 2008-04-08 13:07 268 --ah
C:\sqmdata00.sqm
2008-04-08 13:07 . 2008-04-08 13:07 244 --ah
C:\sqmnoopt00.sqm
2008-04-01 14:56 . 2008-04-01 14:57 <DIR> d
C:\Program Files\YouTube Downloader
2008-04-01 14:48 . 2008-04-01 14:48 <DIR> d
C:\Program Files\FLVPlayer
2008-03-18 14:32 . 2008-03-18 14:32 <DIR> d
C:\Program Files\Windows Media Connect 2
2008-03-18 14:32 . 2006-10-04 17:06 1,197,294 --a
C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-18 14:32 . 2006-10-04 17:06 764,868 --a
C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-18 14:32 . 2006-10-04 17:06 217,118 --a
C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-18 14:30 . 2008-03-19 15:54 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2008-03-16 21:50 . 2008-04-14 17:07 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 07:24
d
w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-04-15 07:23 19,664,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 07:22 231,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-14 16:10 11,401 ----a-w C:\Documents and Settings\PAVILION\PAVILION_notes.dat
2008-04-14 14:07
d
w C:\Program Files\SpywareBlaster
2008-04-12 18:05
d
w C:\Documents and Settings\PAVILION\Application Data\AVG7
2008-04-10 11:10
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-10 08:20
d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 12:52
d
w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-18 10:25
d
w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-16 11:54
d
w C:\Program Files\Java
2008-03-05 20:25
d
w C:\Program Files\Windows Live
2008-03-02 15:32
dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 15:31
d
w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 15:27
d
w C:\Program Files\MSN Messenger
2008-03-02 15:24
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-19 14:00
d
w C:\Program Files\Zone Labs
2008-02-19 13:46
d
w C:\Program Files\ZoneAlarmSB
2008-02-06 21:15 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-01 09:17 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-06-14 17:38 47,360 ----a-w C:\Documents and Settings\PAVILION\Application Data\pcouffin.sys
2005-09-21 03:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-21 03:54 154,624 ----a-w C:\Program Files\1049.mst
2005-09-20 19:59 360 ----a-w C:\Program Files\setup.ini
2003-04-21 11:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2006-10-16 12:47 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_13.15.28,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:38:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 07:23:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-19 16:46 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-08 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 20:02 215040]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [ ]
"LogitechSetup"="E:\Setup\Setup.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 19:33 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 17:49 35328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-08 00:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:01 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1TpyJh40zw"= C:\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootUnknown"= {a5cd620b-5ed1-4f0f-ba3f-3dbc5cc36227} - C:\WINDOWS\Resources\BootUnknown.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"24509:TCP"= 24509:TCP:BitComet 24509 TCP
"24509:UDP"= 24509:UDP:BitComet 24509 UDP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5942a554-8909-11db-9d75-001302540fa5}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 10:23:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-04-15 10:31:07 - machine was rebooted [PAVILION]
ComboFix-quarantined-files.txt 2008-04-15 07:30:59
11 Κατάλογοι 39,825,473,536 διαθέσιμα byte
15 ‰˜«αΆ¦š¦ 39,802,617,856 › ˜Ÿβ© £˜ byte
.
2008-04-12 12:58:04 --- E O F ---
Malwarebytes' Anti-Malware 1.11
Database version: 630
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 230972
Time elapsed: 1 hour(s), 4 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 39
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\vexabory\vgbmjafi.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bwjurapk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gncxqdsd.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wxwzmtot.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106322.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106323.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106324.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106325.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106326.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106327.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106328.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106329.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106330.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106331.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106332.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106333.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106334.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106335.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106336.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106337.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106338.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106339.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106340.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106341.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106342.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106343.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106344.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106345.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106346.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106347.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106348.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106349.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106350.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106352.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106354.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106355.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106363.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106374.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\A0108872.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 2:04:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 706012
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 193340
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:02:04
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\cert8.db Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\flashgot.log Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\history.dat Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\key3.db Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\parent.lock Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\search.sqlite Object is locked skipped
C:\Documents and Settings\PAVILION\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\PAVILION\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PAVILION\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Application Data\Mozilla\Firefox\Profiles\d0oxc8iy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\PAVILION\Local Settings\Temp\~DFED36.tmp Object is locked skipped
C:\Documents and Settings\PAVILION\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PAVILION\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PAVILION\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\PAVILION\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106369.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP337\A0106369.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\A0108937.exe Object is locked skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\A0108938.exe Object is locked skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\A0108939.exe Object is locked skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\A0108940.exe Object is locked skipped
C:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PC175227898839.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{26591569-E2DC-41C2-AEDA-20AF39AF9DAB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT05714.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0747e.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{1FB78F2C-6016-41D4-97B4-C1A99832ACE8}\RP344\change.log Object is locked skipped
Scan process completed.
Let me tell you what is going on,
every time you reboot or shut off the computer the virus is mutating, so we are playing catchup. now that we know what is going on we can beat it.
now here is the game plan after you do the next round of fixes don't reboot or shutoff the computer because even after this round it is going to still be there. but the logs will tell me the new ones that are there, then we can get it on the following round. as long as you don't shutdown or reboot we will kill it soon.
also plug in any jumpdrives you may have and leave them in untill we are clean please.
:Run CFScript:
Open Notepad and copy/paste the text in the box into the window:
File:: C:\WINDOWS\system32\jihgfetu.exe C:\WINDOWS\system32\sbwbwzkh.exe C:\WINDOWS\system32\vavadela.exe C:\WINDOWS\system32\dofupwto.exe F:\Autorun.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "My Web Search Bar Search Scope Monitor"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "1TpyJh40zw"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "BootUnknown"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5942a554-8909-11db-9d75-001302540fa5}]Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
:information and logs:
In your next post I need the following
1.let me have the log from combofix 2.
don't shutdown the computer!Gringo
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.519 [GMT 3:00]
Running from: C:\Documents and Settings\PAVILION\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\dofupwto.exe
C:\WINDOWS\system32\jihgfetu.exe
C:\WINDOWS\system32\sbwbwzkh.exe
C:\WINDOWS\system32\vavadela.exe
F:\Autorun.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 11:45 . 2008-04-15 11:45 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 11:45 . 2008-04-15 11:45 <DIR> d
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 10:34 . 2008-04-15 20:09 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 10:34 . 2008-04-15 10:34 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\Malwarebytes
2008-04-15 10:34 . 2008-04-15 10:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 10:52 . 2008-04-14 10:52 4,649,192 --a
C:\WindowsXP-KB310994-SP2-Home-BootDisk-ELL.exe
2008-04-10 11:23 . 2005-06-01 00:28 9,606 --a
C:\WINDOWS\system32\NEWSOFT
2008-04-10 11:23 . 2008-04-10 11:23 264 --a
C:\WINDOWS\setup.iss
2008-04-10 11:21 . 2008-04-10 11:21 <DIR> d
C:\Program Files\Common Files\NewSoft
2008-04-10 11:21 . 1997-10-14 05:19 11,776 --a
C:\WINDOWS\system32\pmsbfn32.dll
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\WINDOWS\system32\Color
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\NewSoft
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\Common Files\PDFView
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 412 --a
C:\WINDOWS\MAXLINK.INI
2008-04-10 11:15 . 2008-04-10 14:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-10 11:15 . 2008-04-10 11:15 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-10 11:14 . 2008-04-10 11:14 <DIR> d
C:\Program Files\Common Files\CANON
2008-04-10 11:11 . 2008-04-10 11:11 <DIR> d--h
C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-10 11:09 . 2008-04-12 18:08 <DIR> d
C:\Program Files\Canon
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-10 11:06 . 2008-04-10 11:06 105,467 --a
C:\WINDOWS\hpqins16.dat
2008-04-08 13:07 . 2008-04-08 13:07 268 --ah
C:\sqmdata00.sqm
2008-04-08 13:07 . 2008-04-08 13:07 244 --ah
C:\sqmnoopt00.sqm
2008-04-01 14:56 . 2008-04-01 14:57 <DIR> d
C:\Program Files\YouTube Downloader
2008-04-01 14:48 . 2008-04-01 14:48 <DIR> d
C:\Program Files\FLVPlayer
2008-03-18 14:32 . 2008-03-18 14:32 <DIR> d
C:\Program Files\Windows Media Connect 2
2008-03-18 14:32 . 2006-10-04 17:06 1,197,294 --a
C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-18 14:32 . 2006-10-04 17:06 764,868 --a
C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-18 14:32 . 2006-10-04 17:06 217,118 --a
C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-18 14:30 . 2008-03-19 15:54 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2008-03-16 21:50 . 2008-04-15 22:40 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 07:49 20,561,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 07:24
d
w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-04-15 19:41 241,628 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-15 19:39
d
w C:\Program Files\SpywareBlaster
2008-04-14 16:10 11,401 ----a-w C:\Documents and Settings\PAVILION\PAVILION_notes.dat
2008-04-12 18:05
d
w C:\Documents and Settings\PAVILION\Application Data\AVG7
2008-04-10 11:10
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-10 08:20
d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 08:06 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 12:52
d
w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-18 10:25
d
w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-16 11:54
d
w C:\Program Files\Java
2008-03-12 19:33 7,850,761 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-05 20:25
d
w C:\Program Files\Windows Live
2008-03-02 15:32
dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 15:31
d
w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 15:27
d
w C:\Program Files\MSN Messenger
2008-03-02 15:24
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 15:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 46,080 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 46,080 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 14:00
d
w C:\Program Files\Zone Labs
2008-02-19 13:46
d
w C:\Program Files\ZoneAlarmSB
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-06 21:15 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-05 20:05 520,192 ----a-w C:\WINDOWS\system32\home box office.scr
2008-02-01 09:17 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-08-04 15:26 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-08-03 17:42 16,585,785 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_38_27_full.dmp.zip
2007-08-03 17:41 16,589,498 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_37_34_full.dmp.zip
2007-08-03 17:41 16,588,869 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_03_20_35_40_full.dmp.zip
2007-08-03 17:40 120,462 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_35_21_small.dmp.zip
2007-08-03 17:40 114,404 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_37_21_small.dmp.zip
2007-08-03 17:40 107,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_03_20_38_15_small.dmp.zip
2007-08-03 17:37 2,962,432 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-07-07 14:10 3,570,688 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-07-07 14:10 1,696,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-06-14 17:38 47,360 ----a-w C:\Documents and Settings\PAVILION\Application Data\pcouffin.sys
2007-05-18 08:01 57,773 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_17_22_55_21_small.dmp.zip
2005-09-21 03:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-21 03:54 154,624 ----a-w C:\Program Files\1049.mst
2005-09-20 19:59 360 ----a-w C:\Program Files\setup.ini
2003-04-21 11:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2006-10-16 12:47 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_13.15.28,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:38:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 07:22:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-19 16:46 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-08 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 20:02 215040]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [ ]
"LogitechSetup"="E:\Setup\Setup.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 19:33 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 17:49 35328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-08 00:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:01 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\PAVILION\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 17:02:06 581693]
ID_‚¨γš¦¨ž_œ΅΅ε¤ž©ž_§ ¤˜΅¦Ÿγ΅ž_HP_ell.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"24509:TCP"= 24509:TCP:BitComet 24509 TCP
"24509:UDP"= 24509:UDP:BitComet 24509 UDP
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 10:49:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-16 10:52:27
ComboFix-quarantined-files.txt 2008-04-16 07:51:09
ComboFix2.txt 2008-04-15 07:31:09
11 Κατάλογοι 39,701,467,136 διαθέσιμα byte
15 Κατάλογοι 39,686,213,632 διαθέσιμα byte
.
2008-04-12 12:58:04 --- E O F ---
please restart the computer and give me a new combofix log and a new hijackthis log
gringo
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.470 [GMT 3:00]
Running from: C:\Documents and Settings\PAVILION\Επιφάνεια εργασίας\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-19 18:40 . 2008-04-19 18:40 <DIR> d
C:\Documents and Settings\PAVILION\DoctorWeb
2008-04-19 04:54 . 2008-04-19 04:54 12,662,699
C:\AVG7QT.DAT
2008-04-18 11:33 . 2008-04-18 11:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-18 11:32 . 2008-04-19 18:45 <DIR> d
C:\Program Files\SUPERAntiSpyware
2008-04-18 11:32 . 2008-04-18 11:32 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\SUPERAntiSpyware.com
2008-04-15 11:45 . 2008-04-15 11:45 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 11:45 . 2008-04-15 11:45 <DIR> d
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 10:34 . 2008-04-15 20:09 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 10:34 . 2008-04-15 10:34 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\Malwarebytes
2008-04-15 10:34 . 2008-04-15 10:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 10:52 . 2008-04-14 10:52 4,649,192 --a
C:\WindowsXP-KB310994-SP2-Home-BootDisk-ELL.exe
2008-04-10 11:23 . 2005-06-01 00:28 9,606 --a
C:\WINDOWS\system32\NEWSOFT
2008-04-10 11:23 . 2008-04-10 11:23 264 --a
C:\WINDOWS\setup.iss
2008-04-10 11:21 . 2008-04-10 11:21 <DIR> d
C:\Program Files\Common Files\NewSoft
2008-04-10 11:21 . 1997-10-14 05:19 11,776 --a
C:\WINDOWS\system32\pmsbfn32.dll
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\WINDOWS\system32\Color
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\NewSoft
2008-04-10 11:20 . 2008-04-10 11:20 <DIR> d
C:\Program Files\Common Files\PDFView
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\PAVILION\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-10 11:19 . 2008-04-10 11:19 412 --a
C:\WINDOWS\MAXLINK.INI
2008-04-10 11:15 . 2008-04-10 14:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-10 11:15 . 2008-04-10 11:15 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-10 11:14 . 2008-04-10 11:14 <DIR> d
C:\Program Files\Common Files\CANON
2008-04-10 11:11 . 2008-04-10 11:11 <DIR> d--h
C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-10 11:09 . 2008-04-12 18:08 <DIR> d
C:\Program Files\Canon
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-10 11:08 . 2004-08-03 22:58 15,104 --a
C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 11:07 . 2004-08-03 23:08 31,616 --a
C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-10 11:06 . 2008-04-10 11:06 105,467 --a
C:\WINDOWS\hpqins16.dat
2008-04-08 13:07 . 2008-04-08 13:07 268 --ah
C:\sqmdata00.sqm
2008-04-08 13:07 . 2008-04-08 13:07 244 --ah
C:\sqmnoopt00.sqm
2008-04-01 14:56 . 2008-04-19 04:52 <DIR> d
C:\Program Files\YouTube Downloader
2008-04-01 14:48 . 2008-04-01 14:48 <DIR> d
C:\Program Files\FLVPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:54 34,279,456 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 15:49
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 15:44
d
w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-04-19 15:41 402,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 05:01
d
w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-19 01:54
d
w C:\Documents and Settings\PAVILION\Application Data\AVG7
2008-04-18 08:30
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 08:17
d
w C:\Program Files\SpywareBlaster
2008-04-16 14:42 11,254 ----a-w C:\Documents and Settings\PAVILION\PAVILION_notes.dat
2008-04-10 11:10
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-10 08:20
d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 12:52
d
w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-18 11:32
d
w C:\Program Files\Windows Media Connect 2
2008-03-16 11:54
d
w C:\Program Files\Java
2008-03-05 20:25
d
w C:\Program Files\Windows Live
2008-03-02 15:32
dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 15:31
d
w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 15:27
d
w C:\Program Files\MSN Messenger
2008-03-02 15:24
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-19 14:00
d
w C:\Program Files\Zone Labs
2008-02-19 13:46
d
w C:\Program Files\ZoneAlarmSB
2008-02-06 21:15 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-01 09:17 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-06-14 17:38 47,360 ----a-w C:\Documents and Settings\PAVILION\Application Data\pcouffin.sys
2005-09-21 03:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-21 03:54 154,624 ----a-w C:\Program Files\1049.mst
2005-09-20 19:59 360 ----a-w C:\Program Files\setup.ini
2003-04-21 11:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2006-10-16 12:47 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_13.15.28,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:38:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-19 15:42:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 08:32:45 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-18 08:32:45 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-19 16:46 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-19 16:46 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-08 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 20:02 215040]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [ ]
"LogitechSetup"="E:\Setup\Setup.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 19:33 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 17:49 35328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-08 00:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:01 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]
C:\Documents and Settings\PAVILION\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 17:02:06 581693]
ID_‚¨γš¦¨ž_œ΅΅ε¤ž©ž_§ ¤˜΅¦Ÿγ΅ž_HP_ell.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"24509:TCP"= 24509:TCP:BitComet 24509 TCP
"24509:UDP"= 24509:UDP:BitComet 24509 UDP
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 18:54:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-19 19:00:23
ComboFix-quarantined-files.txt 2008-04-19 15:59:44
ComboFix2.txt 2008-04-16 07:52:35
ComboFix3.txt 2008-04-15 07:31:09
11 Κατάλογοι 39,488,315,392 διαθέσιμα byte
14 Κατάλογοι 39,474,089,984 διαθέσιμα byte
.
2008-04-12 12:58:04 --- E O F ---
Have you done any scans on your own? The files that was part of my fix has vanished and combofix didn't fix them but they don't show up.
let me have the hijackthis log and lets see if it shows anything.
also tell me how the computer is doing is it better or is it still slow?
Gringo
Logfile of HijackThis v1.99.1
Scan saved at 10:34:20 πμ, on 20/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecom.honda-eu.com/logon/r_portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69259C94-1275-49D9-991A-6DC8D4F19DAC}: NameServer = 194.219.227.1,193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
well whatever was done got rid of the bad guys, just a little cleanup left to do
Please shut down Spyware Doctor, SUPERAntiSpyware and Ad-Aware 2007 during the next parts and you realy only need one running in realtime leave the others off and use as ondemand scanners as you feel that it is needed.
:Remove bad HijackThis entries:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZKfox000 <http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000>
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
[*] Close all open windows and browsers/email, etc...
[*] Click on the "Fix Checked" button
[*] When completed, close the application.
This is my general post for when your logs show no more signs of malware
:Time for some housekeeping:
:Set correct settings for files:
:clear system restore points:
This is a good time to clear your existing system restore points and establish a new clean restore point:
- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.:Make your Internet Explorer more secure:
please visit this page that gives instructions to do this
http://surfthenetsafely.com/ieseczone8.htm:Turn On Automatic Updates:
Turn On Automatic Updates 1. Click
Start, click Run, type sysdm.cpl, and then press ENTER.2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.
or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
:antispyware programs:
you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also I would reccomend the download and installation of some or all of the following programs (all free),
and the updating of them regularly:Consider a custom hosts file
Consider a custom hosts file such as
MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also please read this great article by Tony Klein So How Did I Get Infected In First Place
Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........
Malware Complaints
If you were infected .... Stand Up and be Counted.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.
Gringo
go ahead and fix them, the antimalware programs won't target the files that are ligit
Gringo
As this topic looks to be resolved This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead
_______________________________
Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.