FullZombie

Members
  • Content Count

    36
  • Joined

  • Last visited

Community Reputation

0 Neutral

About FullZombie

  • Rank
    Advanced Member
  1. Ahoyhoy. This might not even be the sort of thing that I can get help with here, but every time I've had a problem with my computer in the past, someone on this forum has helped me fix it (CalamityJane was the first!) so I thought I'd give it a shot. My computer won't turn on. I'm tending to think it's the power supply, but I can see some ways it may also be the motherboard, the operating system, or even something I haven't thought of. (I'm not ruling anything out, yet). Here's the symptoms: Computer isn't on. When I press the power button, nothing happens at all. Here's what I've tried (including results): I unhooked it from the wall, plugged in a lamp (which worked fine) and plugged the computer back in. No change. I manually switched the power supply to the "off" position, and then switched it back on, then tried to boot the computer. THIS time it came on, but abruptly turned off again during booting. I repeated the above step, and it again allowed the computer to turn back on. I booted in safe mode, and it again kicked off before finishing the boot. It stops at the file gagp30kx.sys. The fact that it's hanging up when trying to load a driver makes me think it's the OS, but the fact that it WILL NOT turn back on again after that (without turning the PSU off and on) has me doubting. When it does start, the other hardware (fans, primarily) seems to be working fine. I don't have a spare power supply, but I can see about getting one, unless there's some reason I shouldn't try that. I'm not entirely certain where my OS disk is either, because I just moved and some stuff is still in boxes. Also a little worried that I might find the disk, but not the product key. Anyhow, I'm hoping that someone can either tell me if I'm pointing in the right direction here, or spin me around if I'm not. If this isn't the sort of thing that someone here can walk me through, just let me know. Like I said, you all have been there for me every other time I've had trouble, so I thought I'd try. - Kevin
  2. Well if the log is clean then I guess I'm all fixed. Thanks for the help.
  3. Everything seems to be working fine, but that doesn't mean that it is working fine. I posted the HiJackThis log so that you can tell me if it looks fine.
  4. Here's my HJT log, after following those steps. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:05:31 PM, on 10/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 4219 bytes
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:14:43 PM, on 10/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\MSMSGS.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\aim6\services\SOFTWA~1\VER2_1~1\AOLRetC.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOLOCP~1\AIM\Storage\ALLUSE~1\SUDS_B~1\CACHE\42200~1.4\aolsetup.exe C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\setup.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O20 - Winlogon Notify: Ksmntix - Ksmntix.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 3931 bytes
  6. DrWeb log: ntos.exe;c:\windows\system32;Trojan.Proxy.2071;Deleted.; S7dsf4g.dll;C:\WINDOWS\system32;Trojan.DownLoader.35873;Deleted.; 3D.tmp;C:\;Trojan.DownLoader.35855;Deleted.; 5.tmp;C:\;Trojan.Proxy.2359;Deleted.; 56.tmp;C:\;Trojan.DownLoader.35855;Deleted.; mmc.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\ibm\My Documents\MBOLS~1;Adware.MediaTicket;Moved.; Yazzle1549OinAdmin.exe.vir\data001;C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir;Adware.MediaTicket.origin;; Yazzle1549OinAdmin.exe.vir\data002;C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir;Trojan.PurityAd.origin;; Yazzle1549OinAdmin.exe.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Archive contains infected objects;Moved.; Yazzle1552OinAdmin.exe.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Adware.ClickSpring;Incurable.Moved.; hoqeric4444.dll.vir;C:\qoobox\Quarantine\C\Program Files\ComPlus Applications;Adware.Ttc;Incurable.Moved.; hoqeric83122.dll.vir;C:\qoobox\Quarantine\C\Program Files\ComPlus Applications;Adware.Ttc;Incurable.Moved.; ISMPack7.exe.vir;C:\qoobox\Quarantine\C\Program Files\ISM2;Adware.SearchAid.origin;Incurable.Moved.; tsitra1000106.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.; tsitra11.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.; tsitra77.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.; tsitra801.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.; winshow.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.Click.4740;Deleted.; afjfovui.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.; bsxi.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Adware.ClickSpring.origin;Incurable.Moved.; geuyblhg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.; kjodhlri.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.; koos.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Sklog;Deleted.; poof.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.NtRootKit.218;Deleted.; qsvpekja.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.; update176.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9287;Deleted.; update177.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9341;Deleted.; update246.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.162;Deleted.; update285.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9325;Deleted.; update294.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.9421;Deleted.; _svchost.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.35262;Deleted.; ~.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.35262;Deleted.; rwv12drv.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\ac1;Trojan.DownLoader.35855;Deleted.; Anaq61.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.414;Deleted.; Bbst69.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.414;Deleted.; runtime2.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.422;Deleted.; secdrv.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Bulknet;Deleted.; oTt08e1099.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\oTt08e;Trojan.DownLoader.24715;Deleted.; 440042.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\Temp;Trojan.DownLoader.35855;Deleted.; A0033815.sys;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP148;Trojan.NtRootKit.414;Deleted.; A0035898.sys;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP148;Trojan.Spambot.2439;Deleted.; A0035956.exe;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP148;Trojan.Proxy.2359;Deleted.; A0035972.exe;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP149;Trojan.Packed.155;Deleted.; A0037032.exe;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP151;Trojan.Proxy.2071;Deleted.; A0037033.dll;C:\System Volume Information\_restore{69D55958-FC8A-4EB9-9088-CAE96416DCE1}\RP151;Trojan.DownLoader.35873;Deleted.; nwan.dat;C:\WINDOWS;Trojan.Proxy.origin;Incurable.Moved.; ie_update3r.exe;C:\_OTMoveIt\MovedFiles\WINDOWS;Trojan.DownLoader.35262;Deleted.; Dhgthfg.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system32;Trojan.DownLoader.35872;Deleted.; ksmntix.dll;C:\_OTMoveIt\MovedFiles\WINDOWS\system32;Trojan.Inject.398;Deleted.; New HiJackThis log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:37:33 PM, on 10/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avant Browser\avant.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O20 - Winlogon Notify: Ksmntix - Ksmntix.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 3600 bytes
  7. When I couldn't find the file manually I used the search function, looking for any file containing "ntos," and all I found was one NTOSBOOT-B00DFAAD.pf file and a long list of ntoskrnl files. One of the ntoskrnl file is in C:\WINDOWS\system32\, so I did a little looking on my own and found a number of sources stating that ntoskrnl is a normal Windows file that I need to run my system, so that can't be the file you need, can it? So the simple answer is: Yes, I used Search. No, there is no copy of ntos.exe on my computer that I can find.
  8. Are you sure that it is "C:\WINDOWS\system32\ntos.exe?" I went looking for the spell to zip it, and I can't find it in that folder, or anywhere else on my computer. I can find a lot of ntoskrnl files in various folders, though.
  9. OTMoveIt: c:\windows\system32\kerneldrv.exe moved successfully. File/Folder c:\windows\system32\gjxatywx.dll not found. LoadLibrary failed for c:\windows\system32\ksmntix.dll c:\windows\system32\ksmntix.dll NOT unregistered. File move failed. c:\windows\system32\ksmntix.dll scheduled to be moved on reboot. Created on 10/27/2007 23:24:37 ComboFix: ComboFix 07-10-23.2 - ibm 2007-10-27 23:53:04.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.99 [GMT -4:00] Running from: C:\Documents and Settings\ibm\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini . ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))) . 2007-10-24 22:42 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-24 03:09 <DIR> d-------- C:\WINDOWS\All Users 2007-10-24 02:20 <DIR> d-------- C:\WINDOWS\provisioning 2007-10-24 02:20 <DIR> d-------- C:\WINDOWS\peernet 2007-10-24 01:13 1,082,368 --a------ C:\WINDOWS\system32\esent.dll 2007-10-24 00:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-10-24 00:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-23 22:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-10-23 22:54 <DIR> d-------- C:\WINDOWS\ehome 2007-10-23 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-10-23 21:54 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 17:01 <DIR> d-------- C:\WINDOWS\sv3965 2007-10-23 01:38 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2007-10-23 01:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avant Profiles 2007-10-22 22:04 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-22 18:23 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-10-22 18:23 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-10-22 18:17 35,840 --a------ C:\WINDOWS\system32\ssl.dat 2007-10-22 18:17 10,240 --a------ C:\WINDOWS\system32\Dll.dll 2007-10-22 18:17 5,633 --a------ C:\WINDOWS\system32\kcopt.dll 2007-10-22 18:17 197 --a------ C:\WINDOWS\system32\ksvcl.dll 2007-10-22 17:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avant Profiles 2007-10-22 17:37 44 --a------ C:\WINDOWS\system32\p2hhr.bat 2007-10-22 17:35 10,000 --a------ C:\WINDOWS\system32\S7dsf4g.dll 2007-10-22 03:23 <DIR> d-------- C:\Documents and Settings\ibm\Application Data\SpyGuardPro 2007-10-22 03:22 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-10-22 03:22 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-10-22 03:22 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-10-22 03:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-10-22 03:22 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-22 03:20 <DIR> d-------- C:\Temp 2007-10-21 18:34 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-21 18:33 <DIR> d--hs---- C:\WINDOWS\aWJt 2007-10-21 18:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-21 18:31 19,755,376 --a------ C:\aaw2007.exe 2007-10-21 18:30 1,939,926 --a------ C:\absetup.exe 2007-10-21 03:14 77,824 --a------ C:\MicroSofts.pif . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-25 04:38 --------- d-----w C:\Program Files\Avant Browser 2007-09-15 04:39 --------- d-----w C:\Program Files\Simu 2007-08-31 08:40 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-31 02:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\aWJt\uqLQ.vbs . ((((((((((((((((((((((((((((( [email protected]_ 0.15.56.46 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 06:14:10 69,824 ----a-w C:\WINDOWS\nwan.dat + 2004-08-04 06:14:10 69,856 ----a-w C:\WINDOWS\nwan.dat - 2007-10-25 04:09:27 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-10-28 03:30:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-10-25 04:09:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-10-28 03:30:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-10-25 04:09:27 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-10-28 03:30:20 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrackPointSrv"="tp4mon.exe" [2004-08-04 03:56 C:\WINDOWS\system32\tp4mon.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 00:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 05:56] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 12:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ksmntix] Ksmntix.dll S3 WlanUIB;iodata 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 23:55:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ?:[email protected][email protected]?d???D???????d????<?w0???B;[email protected][email protected][email protected][email protected]?????????????????????????????????????????????????v??w ??w????B;[email protected]??????>[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]????s??????????? scanning hidden files ... C:\WINDOWS\system32\ntos.exe 373760 bytes executable C:\WINDOWS\system32\wsnpoem scan completed successfully hidden files: 2 ************************************************************************** . Completion time: 2007-10-27 23:57:20 C:\ComboFix2.txt ... 2007-10-25 00:17 . --- E O F --- HiJackThis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:18:08 AM, on 10/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Avant Browser\avant.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O20 - Winlogon Notify: Ksmntix - Ksmntix.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 3790 bytes And when I went to upload that file I got: "0 bytes size received / Se ha recibido un archivo vacio"
  10. As suggested by the program, I double-clicked the registry file dnsbak.reg in the Fixwareout folder, but it doesn't seem to have improved my problems with connecting to the internet. Here are the logs: Fixwareout Log: Username "ibm" - 10/26/2007 20:29:48 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.134 85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21} "nameserver"="85.255.113.134,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77} "nameserver"="85.255.113.134,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16} "nameserver"="85.255.113.134,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77} "DhcpNameServer"="85.255.113.134,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16} "DhcpNameServer"="85.255.113.134,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E40EFDA9-6448-4634-91CC-7DC630755BCA} "DhcpNameServer"="85.255.113.134,85.255.112.140" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrackPointSrv"="tp4mon.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "KernelDrv.exe"="C:\\WINDOWS\\System32\\KernelDrv.exe" "fc606473"="rundll32.exe \"C:\\WINDOWS\\System32\\gjxatywx.dll\",b" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Pira"="\"C:\\DOCUME~1\\ibm\\MYDOCU~1\\MBOLS~1\\mmc.exe\" -vt yazb" "ISMModule7"="\"C:\\Program Files\\ISM\\ISMModule7.exe\"" "Mgrr"="\"C:\\Program Files\\?ecurity\\w?nlogon.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:37:38 PM, on 10/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\KernelDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe O4 - HKLM\..\Run: [fc606473] rundll32.exe "C:\WINDOWS\System32\gjxatywx.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Pira] "C:\DOCUME~1\ibm\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazb O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [Mgrr] "C:\Program Files\?ecurity\w?nlogon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O20 - Winlogon Notify: Ksmntix - C:\WINDOWS\SYSTEM32\Ksmntix.dll O20 - Winlogon Notify: Mnbdiev - Mnbdiev.dll (file missing) O20 - Winlogon Notify: Tetbvpe - tetbvpe.dll (file missing) O21 - SSODL: AHnGixIyej - {FC6064DD-56CA-CE77-E65A-774AC7C63540} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 5087 bytes
  11. MoveIt Log: DllUnregisterServer procedure not found in C:\WINDOWS\system32\gjxatywx.dll C:\WINDOWS\system32\gjxatywx.dll NOT unregistered. C:\WINDOWS\system32\gjxatywx.dll moved successfully. C:\WINDOWS\system32\qmogemap.exe moved successfully. C:\WINDOWS\system32\qmipejlf.exe moved successfully. C:\WINDOWS\system32\qmpdnbmf.exe moved successfully. C:\WINDOWS\system32\Dhgthfg.dll NOT unregistered. C:\WINDOWS\system32\Dhgthfg.dll moved successfully. C:\WINDOWS\ie_update3r.exe moved successfully. Created on 10/25/2007 16:35:00 HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:37:10 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\KernelDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVANTB~1\avant.exe C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe O4 - HKLM\..\Run: [fc606473] rundll32.exe "C:\WINDOWS\System32\gjxatywx.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Pira] "C:\DOCUME~1\ibm\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazb O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [Mgrr] "C:\Program Files\?ecurity\w?nlogon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O20 - Winlogon Notify: Ksmntix - C:\WINDOWS\SYSTEM32\ksmntix.dll O20 - Winlogon Notify: Mnbdiev - Mnbdiev.dll (file missing) O20 - Winlogon Notify: Tetbvpe - tetbvpe.dll (file missing) O21 - SSODL: AHnGixIyej - {FC6064DD-56CA-CE77-E65A-774AC7C63540} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 5270 bytes
  12. My PC, the one I'm writing this from, doesn't see the other computers on the network. It's been a problem for a while, and I've so far been unable to fix it, so I just accept that I can't transfer data that way. And my laptop has no 3.5 floppy drive. Luckily however I was able to get my internet connection to work for a little while by opening Microsoft Update through the Control Panel, and I ran HiJackThis and sent both logs to myself via email. ComboFix Log: ComboFix 07-10-23.2 - ibm 2007-10-25 0:12:29.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.80 [GMT -4:00] Running from: C:\Documents and Settings\ibm\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini . ---- Previous Run ------- . C:\check_LSA7.txt C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\ibm\My Documents\MBOLS~1 C:\Documents and Settings\ibm\My Documents\MBOLS~1\??mbols\ C:\Documents and Settings\ibm\My Documents\MBOLS~1\mmc.exe C:\Documents and Settings\ibm\Start Menu\Programs\Outerinfo C:\Documents and Settings\ibm\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\ibm\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\LocalService\Local Settings\Application Data\n.ini C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\Common Files\Yazzle1549OinAdmin.exe C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe C:\Program Files\Common Files\Yazzle1552OinAdmin.exe C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe C:\Program Files\ComPlus Applications\hoqeric4444.dll C:\Program Files\ComPlus Applications\hoqeric83122.dll C:\Program Files\ecurit~1 C:\Program Files\ecurit~1\w?nlogon.exe C:\Program Files\ISM C:\Program Files\ISM\targets.gz C:\Program Files\ISM\Uninstall.exe C:\Program Files\ISM2 C:\Program Files\ISM2\dictionary.gz C:\Program Files\ISM2\ISMPack7.exe C:\Program Files\ISM2\targets.gz C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fCOe C:\Temp\fCOe\tOasF.log C:\WINDOWS\b122.exe C:\WINDOWS\b143.exe C:\WINDOWS\cookies.ini C:\WINDOWS\svchost.exe C:\WINDOWS\system32\_svchost.exe C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\0_exception.nls C:\WINDOWS\system32\ac1 C:\WINDOWS\system32\ac1\rwv12drv.exe C:\WINDOWS\system32\afjfovui.exe C:\WINDOWS\system32\bsxi.dll C:\WINDOWS\system32\drivers\Anaq61.sys C:\WINDOWS\system32\drivers\Bbst69.sys C:\WINDOWS\system32\drivers\runtime2.sys C:\WINDOWS\system32\drivers\secdrv.sys C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\geuyblhg.dll C:\WINDOWS\system32\gillm.bak1 C:\WINDOWS\system32\gillm.bak2 C:\WINDOWS\system32\gillm.ini C:\WINDOWS\system32\gillm.ini2 C:\WINDOWS\system32\gillm.tmp C:\WINDOWS\system32\iifebcy.dll C:\WINDOWS\system32\kdwnf.exe C:\WINDOWS\system32\kjodhlri.exe C:\WINDOWS\system32\koos.exe C:\WINDOWS\system32\lanmandrv.sys C:\WINDOWS\system32\lanmanwrk.exe C:\WINDOWS\system32\mkjxrvgr.ini C:\WINDOWS\system32\mllig.dll C:\WINDOWS\system32\oTt08e C:\WINDOWS\system32\oTt08e\oTt08e1099.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\poof C:\WINDOWS\system32\qmopt.dll C:\WINDOWS\system32\qsvpekja.exe C:\WINDOWS\system32\rgvrxjkm.dll C:\WINDOWS\system32\RunOnce3.t__ C:\WINDOWS\system32\RunOnce3.tmp C:\WINDOWS\system32\update176.exe C:\WINDOWS\system32\update177.exe C:\WINDOWS\system32\update246.exe C:\WINDOWS\system32\update285.exe C:\WINDOWS\system32\update294.exe C:\WINDOWS\system32\vp4 C:\WINDOWS\system32\vp4\dode83122.exe C:\WINDOWS\system32\wnsintcc.exe C:\WINDOWS\system32\zb2 C:\WINDOWS\Temp\436277.exe C:\WINDOWS\Temp\440042.exe C:\WINDOWS\tsitra1000106.exe C:\WINDOWS\tsitra11.exe C:\WINDOWS\tsitra77.exe C:\WINDOWS\tsitra801.exe C:\WINDOWS\TTC-4444.exe C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\winshow.exe C:\WINDOWS\wnsxs~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ANAQ61 -------\LEGACY_CMDSERVICE -------\LEGACY_DOMAINSERVICE -------\LEGACY_LANMANDRV -------\LEGACY_MICROSOFT_INTERNET_EXPLORER -------\LEGACY_NETWORK_MONITOR -------\LEGACY_POOF -------\LEGACY_SYMAVC32 -------\DomainService -------\kprof -------\lanmandrv -------\Microsoft Internet Explorer -------\poof -------\Anaq61 ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-24 22:42 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-24 03:09 <DIR> d-------- C:\WINDOWS\All Users 2007-10-24 02:20 <DIR> d-------- C:\WINDOWS\provisioning 2007-10-24 02:20 <DIR> d-------- C:\WINDOWS\peernet 2007-10-24 01:13 1,082,368 --a------ C:\WINDOWS\system32\esent.dll 2007-10-24 00:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-10-24 00:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-23 22:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-10-23 22:54 <DIR> d-------- C:\WINDOWS\ehome 2007-10-23 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-10-23 21:54 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 21:48 84,544 --a------ C:\WINDOWS\system32\gjxatywx.dll 2007-10-23 17:01 <DIR> d-------- C:\WINDOWS\sv3965 2007-10-23 17:01 16,024 --a------ C:\WINDOWS\system32\qmogemap.exe 2007-10-23 01:38 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2007-10-23 01:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avant Profiles 2007-10-22 22:36 16,024 --a------ C:\WINDOWS\system32\qmipejlf.exe 2007-10-22 22:04 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-22 18:23 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-10-22 18:23 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-10-22 18:17 35,840 --a------ C:\WINDOWS\system32\ssl.dat 2007-10-22 18:17 35,840 --a------ C:\WINDOWS\system32\KernelDrv.exe 2007-10-22 18:17 23,685 --a------ C:\WINDOWS\system32\kcopt.dll 2007-10-22 18:17 18,967 --a------ C:\WINDOWS\system32\ksvcl.dll 2007-10-22 18:17 10,240 --a------ C:\WINDOWS\system32\Dll.dll 2007-10-22 18:07 16,024 --a------ C:\WINDOWS\system32\qmpdnbmf.exe 2007-10-22 17:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avant Profiles 2007-10-22 17:37 44 --a------ C:\WINDOWS\system32\p2hhr.bat 2007-10-22 17:35 10,000 --a------ C:\WINDOWS\system32\S7dsf4g.dll 2007-10-22 17:35 10,000 --a------ C:\WINDOWS\system32\Dhgthfg.dll 2007-10-22 17:33 7,680 --a------ C:\WINDOWS\ie_update3r.exe 2007-10-22 03:23 <DIR> d-------- C:\Documents and Settings\ibm\Application Data\SpyGuardPro 2007-10-22 03:22 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-10-22 03:22 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-10-22 03:22 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-10-22 03:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-10-22 03:22 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-22 03:20 <DIR> d-------- C:\Temp 2007-10-21 18:34 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-21 18:33 <DIR> d--hs---- C:\WINDOWS\aWJt 2007-10-21 18:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-21 18:31 19,755,376 --a------ C:\aaw2007.exe 2007-10-21 18:30 1,939,926 --a------ C:\absetup.exe 2007-10-21 03:14 77,824 --a------ C:\MicroSofts.pif . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-22 03:02 --------- d-----w C:\Program Files\Avant Browser 2007-09-15 04:39 --------- d-----w C:\Program Files\Simu 2007-08-31 08:40 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-26 05:19 --------- d-----w C:\Documents and Settings\ibm\Application Data\Viewpoint 2007-08-26 05:12 --------- d-----w C:\Documents and Settings\ibm\Application Data\acccore 2007-08-26 05:11 --------- d-----w C:\Program Files\Viewpoint 2007-08-26 05:11 --------- d-----w C:\Program Files\AIM6 2007-08-26 05:10 --------- d-----w C:\Program Files\Common Files\AOL 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-31 02:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\aWJt\uqLQ.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}] C:\Program Files\ISM\BndDrive7.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrackPointSrv"="tp4mon.exe" [2004-08-04 03:56 C:\WINDOWS\system32\tp4mon.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 00:24] "KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [2007-10-22 18:17] "fc606473"="C:\WINDOWS\System32\gjxatywx.dll" [2007-10-23 21:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 05:56] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "Pira"="C:\DOCUME~1\ibm\MYDOCU~1\MBOLS~1\mmc.exe" [] "ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [] "Mgrr"="C:\Program Files\?ecurity\w?nlogon.exe" [] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 12:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ksmntix] Ksmntix.dll 2001-08-18 08:00 62464 C:\WINDOWS\system32\Ksmntix.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Mnbdiev] Mnbdiev.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Tetbvpe] tetbvpe.dll S3 WlanUIB;iodata 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 00:15:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ?:[email protected][email protected]?d???D???????d????<?w0???B;[email protected][email protected][email protected][email protected]?????????????????????????????????????????????????v??w ??w????B;[email protected]??????>[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]????s??????????? scanning hidden files ... C:\WINDOWS\system32\ntos.exe 262144 bytes executable C:\WINDOWS\system32\wsnpoem scan completed successfully hidden files: 2 ************************************************************************** . Completion time: 2007-10-25 0:16:58 . --- E O F --- HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 2:58:57 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\KernelDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\AVANTB~1\avant.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe O4 - HKLM\..\Run: [fc606473] rundll32.exe "C:\WINDOWS\System32\gjxatywx.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Pira] "C:\DOCUME~1\ibm\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazb O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [Mgrr] "C:\Program Files\?ecurity\w?nlogon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O20 - Winlogon Notify: Ksmntix - C:\WINDOWS\SYSTEM32\ksmntix.dll O20 - Winlogon Notify: Mnbdiev - Mnbdiev.dll (file missing) O20 - Winlogon Notify: Tetbvpe - tetbvpe.dll (file missing) O21 - SSODL: AHnGixIyej - {FC6064DD-56CA-CE77-E65A-774AC7C63540} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 5336 bytes
  13. After three attempts I was finally able to get ComboFix to run and produce a log, but since I ran ComboFix I can now not use any internet browsing programs on the machine. So without any way to send information from that machine, I can not post a ComboFix log file, or any more HiJackThis log files.
  14. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:36:21 PM, on 10/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sv3965\svchost.exe C:\WINDOWS\system32\tp4mon.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\KernelDrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVANTB~1\avant.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Documents and Settings\ibm\Local Settings\Temporary Internet Files\Content.IE5\AJAFC7KT\HiJackThis_v2[1].exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\update\update.exe F3 - REG:win.ini: load=C:\WINDOWS\sv3965\svchost.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {86882CA4-BE70-4BCE-AEA5-CF40EB8E0BC3} - C:\WINDOWS\system32\iifebcy.dll (file missing) O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {CCA54EC4-F71D-4735-8E0A-1CC82C500052} - C:\WINDOWS\System32\mllig.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe O4 - HKLM\..\Run: [fc606473] rundll32.exe "C:\WINDOWS\System32\gjxatywx.dll",b O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Pira] "C:\DOCUME~1\ibm\MYDOCU~1\MBOLS~1\mmc.exe" -vt yazb O4 - HKCU\..\Run: [iSMModule7] "C:\Program Files\ISM\ISMModule7.exe" O4 - HKCU\..\Run: [Mgrr] "C:\Program Files\?ecurity\w?nlogon.exe" O4 - HKCU\..\Run: [iSMPack7] "C:\Program Files\ISM2\ISMPack7.exe" O4 - HKCU\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKCU\..\Run: [Windows Rescue System] C:\DOCUME~1\ibm\LOCALS~1\Temp\winsto.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146894552 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189146879240 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD44D9D0-2243-4DC6-9BB3-BC180D995C77}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F3F161-F8DD-45F8-9CBD-900D718A2B16}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B8EC79A-D092-423A-9C8A-CEA3EF0B7C21}: NameServer = 85.255.113.134,85.255.112.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.140 O20 - Winlogon Notify: iifebcy - iifebcy.dll (file missing) O20 - Winlogon Notify: Ksmntix - C:\WINDOWS\SYSTEM32\ksmntix.dll O20 - Winlogon Notify: Mnbdiev - Mnbdiev.dll (file missing) O20 - Winlogon Notify: Tetbvpe - tetbvpe.dll (file missing) O21 - SSODL: AHnGixIyej - {FC6064DD-56CA-CE77-E65A-774AC7C63540} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe -- End of file - 6270 bytes
  15. O.. k.. a.. y.. After numerous restarts with no success, I looked all over Microsoft.com and found that I can't get 1a because it is nolonger supported. I found a mirror site and downloaded, and installed, Windows XP Service Pack 1a. After the restart from that, ComboFix was finally able to finish running, and now my computer is finally actually allowing me to run programs, and the popups have stopped. I know enough about viral infections however to realize that there's much more to fixing this problem. ComboFix did not generate a log file though, so I don't have one to post. I've got to run out for a bit, so I don't have time just now to run HiJackThis, but I'll post a log of that soon, hopefully within the next few hours.