Sign in to follow this  
cookiie723

msziptool.dll file issue help

Recommended Posts

Can you post it here instead of attaching it, made a mistake sorry

 

 

sure can...

 

 

OTScanIt2 logfile created on: 10/21/2008 7:14:58 PM - Run 2

OTScanIt2 by OldTimer - Version 1.0.0.19b Folder = C:\Documents and

 

Settings\Nora\Desktop\OTScanIt2

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

509.98 Mb Total Physical Memory | 93.05 Mb Available Physical Memory | 18.25% Memory free

671.24 Mb Paging File | 275.84 Mb Available in Paging File | 41.09% Paging File free

Paging file location(s): C:\pagefile.sys 192 800;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 35.27 Gb Total Space | 12.82 Gb Free Space | 36.35% Space Free | Partition Type:

 

FAT32

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: REGINA

Current User Name: Nora

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

[Registry - Additional Scans - Safe List]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > ->

 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp: [HKLM] -> No CLSID value

ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->

 

%SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder

 

for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft

 

Corporation)

livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] ->

 

%SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not

 

be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)

msdaipp: [HKLM] -> No CLSID value

msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->

 

%SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder

 

for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft

 

Corporation)

msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->

 

%SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2008/04/13

 

17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation)

msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] ->

 

%SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not

 

be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)

< End of report >

Share this post


Link to post
Share on other sites

You may need to zip this file to upload it

 

Please download Runscanner to your desktop and run it.

  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

Share this post


Link to post
Share on other sites
Don't bump your own thread

 

I am a volunteer, I do this in my free time, I am not here for you 24/7

 

Is that understood ?

 

And that's fine, I dont expect you to be here 24/7. I'm pretty sure you have your own life that takes priority to my problem. I just wanted to make sure that the zip file uploaded fine.

 

I bumped the thread because, I didnt want it to get lost and you not notice that i've uploaded the runscanner document. It was just a simple gesture to let you know that I'm still here and havent danced off into la la land.

Edited by nora antoinette

Share this post


Link to post
Share on other sites

Hello

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

ComboFix Log:

 

ComboFix 08-10-23.03 - Nora 2008-10-23 19:45:00.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.106 [GMT -4:00]

Running from: C:\Documents and Settings\Nora\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))

.

 

2008-10-21 18:55 . 2008-10-21 18:55 <DIR> d-------- C:\Program Files\ERUNT

2008-10-21 12:39 . 2008-10-21 12:39 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Malwarebytes

2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-21 12:38 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-21 12:38 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-21 12:31 . 2008-10-21 12:31 <DIR> d-------- C:\_OTMoveIt

2008-10-21 12:22 . 2008-10-21 12:22 <DIR> d-------- C:\rsit

2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs

2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad

2008-10-21 11:59 . 2008-10-21 11:59 <DIR> d-------- C:\_OTScanIt

2008-10-21 09:15 . 2008-10-21 09:15 <DIR> d-------- C:\Program Files\Trend Micro

2008-10-20 10:37 . 2008-10-20 10:37 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Program Files\HTMLPad 2008

2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Blumentals

2008-10-18 12:28 . 2008-10-18 12:28 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\uTorrent

2008-10-15 21:55 . 2008-10-15 21:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-10-14 23:53 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 23:53 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 23:53 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 23:53 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-14 23:53 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-14 23:53 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Norton PC Checkup

2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2008-10-13 21:35 . 2008-10-13 21:35 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-10-13 18:56 . 2008-10-13 18:56 <DIR> d-------- C:\Program Files\ManyCam 2.3

2008-10-11 17:27 . 2008-10-11 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3

2008-10-11 17:08 . 2008-10-11 17:08 <DIR> d-------- C:\LaunchPad

2008-10-11 17:01 . 2008-10-11 17:01 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\U3

2008-10-09 00:39 . 2001-11-08 17:37 221,184 --a------ C:\WINDOWS\system32\Dualunis.exe

2008-10-06 01:13 . 2008-10-06 01:13 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\FileZilla

2008-10-06 01:11 . 2008-10-06 01:11 <DIR> d-------- C:\Program Files\FileZilla FTP Client

2008-10-05 23:26 . 2008-10-05 23:26 <DIR> d-------- C:\Program Files\Common Files\NSV

2008-10-04 14:06 . 2008-10-04 14:06 <DIR> d-------- C:\Program Files\Jasc Software Inc

2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-29 11:26 . 2008-09-25 11:00 922,464 --a------ C:\WINDOWS\system32\Incinerator.dll

2008-09-29 11:26 . 2008-09-24 10:32 28,672 --a------ C:\WINDOWS\system32\iolobtdfg.exe

2008-09-29 11:26 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\system32\smrgdf.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-03 14:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-21 23:25 --------- d-----w C:\Program Files\QuickTime

2008-09-18 16:05 --------- d-----w C:\Documents and Settings\Nora\Application Data\Apple Computer

2008-09-18 16:04 --------- d-----w C:\Program Files\Sun

2008-09-16 01:08 --------- d-----w C:\Program Files\Safari

2008-09-16 00:58 --------- d-----w C:\Program Files\Apple Software Update

2008-09-15 09:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-09 23:13 --------- d-----w C:\Documents and Settings\Nora\Application Data\acccore

2008-09-09 08:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-09-09 03:47 --------- d-----w C:\Documents and Settings\Nora\Application Data\LimeWire

2008-09-08 23:38 --------- d-----w C:\Program Files\Unlocker

2008-09-08 23:38 --------- d-----w C:\Documents and Settings\Nora\Application Data\Desktopicon

2008-09-08 07:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-08 03:14 --------- d-----w C:\Program Files\TweakXP 2

2008-09-08 02:52 --------- d-----w C:\Documents and Settings\Nora\Application Data\Leadertech

2008-09-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd

2008-09-08 02:21 --------- d-----w C:\Program Files\Common Files\Logitech

2008-09-08 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech

2008-09-08 02:10 --------- d-----w C:\Program Files\Logitech

2008-09-06 03:30 241,704 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll

2008-09-06 03:29 917,032 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe

2008-09-04 10:25 46,014 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-09-04 10:25 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-09-04 10:25 2,271 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-09-02 02:39 --------- d-----w C:\Program Files\Common Files\LogiShrd

2008-09-01 14:42 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Search

2008-08-30 21:13 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-29 10:25 --------- d-----w C:\Documents and Settings\Nora\Application Data\Winamp

2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Desktop Search

2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\iolo

2008-08-29 01:32 --------- d-----w C:\Program Files\Windows Desktop Search

2008-08-27 05:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-08-25 05:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-08-25 05:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-23 02:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-08-23 02:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-08-19 19:40 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll

2008-08-14 07:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 06:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-26 19:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll

2008-07-26 19:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll

2008-07-26 19:23 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll

2008-07-26 19:23 195,096 ----a-w C:\WINDOWS\system32\lvci11801048.dll

2008-07-26 18:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg

2006-11-16 17:26 1,095,224 ----a-w C:\Program Files\LaunchU3.exe

2006-08-15 14:15 22,486 ----a-w C:\Program Files\U3Launcher.ico

2008-01-14 19:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-01-14 19:40 88 --sh--r C:\WINDOWS\system32\4B9319776A.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

"Google Update"="C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-12 133104]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

C:\Documents and Settings\Nora\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

"NoLogoff"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk

backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=C:\Documents and Settings\Nora\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2005-06-21 16:44 126976 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]

--a------ 2004-08-06 02:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2005-06-21 16:48 155648 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2008-08-14 17:11 565008 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2008-08-14 17:15 2407184 C:\Program Files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2008-01-07 12:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 16:02 36352 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

--a------ 2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLSetupSvc"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"iPod Service"=3 (0x3)

"ioloDMV"=2 (0x2)

"idsvc"=3 (0x3)

"CCALib8"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"ioloSystemService"=2 (0x2)

"ioloFileInfoList"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\AIM6\\AIM6.EXE"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

R3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 18048]

S4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]

S4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 22:22]

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe

MSConfigStartUp-SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-TVT Scheduler Proxy - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

MSConfigStartUp-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe

MSConfigStartUp-YSearchProtection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Nora\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\

FF -: plugin - C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 19:46:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-10-23 19:47:25

ComboFix-quarantined-files.txt 2008-10-23 23:47:22

 

Pre-Run: 13,341,949,952 bytes free

Post-Run: 14,422,966,272 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

263 --- E O F --- 2008-10-21 07:03:51

Share this post


Link to post
Share on other sites

Should I just post a new HJT log whenever a scan is done?

 

here's the new HJT log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:45:29 AM, on 10/24/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 5901 bytes

Share this post


Link to post
Share on other sites

Your log is clean

 

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png

 

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

 

 

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

http://www.adobe.com/products/acrobat/readstep2.html

 

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

 

* Keep Windows updated by regularly checking their website at :

http://windowsupdate.microsoft.com/

This will ensure your computer has always the latest security updates available installed on your computer.

 

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

 

SpywareBlaster protects against bad ActiveX

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

Have a look at this tutorial for IE-Spyad here

 

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

 

Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

 

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

 

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

 

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

Here

 

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'

Here

 

Thank you for your patience, and performing all of the procedures requested.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this