cookiie723 0 Report post Posted October 21, 2008 Can you post it here instead of attaching it, made a mistake sorry sure can... OTScanIt2 logfile created on: 10/21/2008 7:14:58 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.0.19b Folder = C:\Documents and Settings\Nora\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 93.05 Mb Available Physical Memory | 18.25% Memory free 671.24 Mb Paging File | 275.84 Mb Available in Paging File | 41.09% Paging File free Paging file location(s): C:\pagefile.sys 192 800; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35.27 Gb Total Space | 12.82 Gb Free Space | 36.35% Space Free | Partition Type: FAT32 D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: REGINA Current User Name: Nora Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Registry - Additional Scans - Safe List] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKLM] -> No CLSID value ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) < End of report > Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 21, 2008 You may need to zip this file to upload it Please download Runscanner to your desktop and run it. When the first page comes up select Beginner Mode On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top. At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes. On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here. Share this post Link to post Share on other sites
cookiie723 0 Report post Posted October 21, 2008 alright.. here's the .run file zipped... i also have the log incase its needed as well. runscanner.zip Share this post Link to post Share on other sites
cookiie723 0 Report post Posted October 22, 2008 bump. Need this runscanner log looked at to determine any further action to remedy my issue. Thanks. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 22, 2008 Don't bump your own thread I am a volunteer, I do this in my free time, I am not here for you 24/7 Is that understood ? Share this post Link to post Share on other sites
cookiie723 0 Report post Posted October 23, 2008 (edited) Don't bump your own thread I am a volunteer, I do this in my free time, I am not here for you 24/7 Is that understood ? And that's fine, I dont expect you to be here 24/7. I'm pretty sure you have your own life that takes priority to my problem. I just wanted to make sure that the zip file uploaded fine. I bumped the thread because, I didnt want it to get lost and you not notice that i've uploaded the runscanner document. It was just a simple gesture to let you know that I'm still here and havent danced off into la la land. Edited October 23, 2008 by nora antoinette Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 23, 2008 Hello Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Share this post Link to post Share on other sites
cookiie723 0 Report post Posted October 23, 2008 ComboFix Log: ComboFix 08-10-23.03 - Nora 2008-10-23 19:45:00.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.106 [GMT -4:00] Running from: C:\Documents and Settings\Nora\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))))) . 2008-10-21 18:55 . 2008-10-21 18:55 <DIR> d-------- C:\Program Files\ERUNT 2008-10-21 12:39 . 2008-10-21 12:39 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Malwarebytes 2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-21 12:38 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-21 12:38 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-21 12:31 . 2008-10-21 12:31 <DIR> d-------- C:\_OTMoveIt 2008-10-21 12:22 . 2008-10-21 12:22 <DIR> d-------- C:\rsit 2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs 2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad 2008-10-21 11:59 . 2008-10-21 11:59 <DIR> d-------- C:\_OTScanIt 2008-10-21 09:15 . 2008-10-21 09:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-20 10:37 . 2008-10-20 10:37 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Program Files\HTMLPad 2008 2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Blumentals 2008-10-18 12:28 . 2008-10-18 12:28 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\uTorrent 2008-10-15 21:55 . 2008-10-15 21:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-10-14 23:53 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-14 23:53 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-14 23:53 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-14 23:53 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 23:53 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 23:53 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Norton PC Checkup 2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-10-13 21:35 . 2008-10-13 21:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-10-13 18:56 . 2008-10-13 18:56 <DIR> d-------- C:\Program Files\ManyCam 2.3 2008-10-11 17:27 . 2008-10-11 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3 2008-10-11 17:08 . 2008-10-11 17:08 <DIR> d-------- C:\LaunchPad 2008-10-11 17:01 . 2008-10-11 17:01 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\U3 2008-10-09 00:39 . 2001-11-08 17:37 221,184 --a------ C:\WINDOWS\system32\Dualunis.exe 2008-10-06 01:13 . 2008-10-06 01:13 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\FileZilla 2008-10-06 01:11 . 2008-10-06 01:11 <DIR> d-------- C:\Program Files\FileZilla FTP Client 2008-10-05 23:26 . 2008-10-05 23:26 <DIR> d-------- C:\Program Files\Common Files\NSV 2008-10-04 14:06 . 2008-10-04 14:06 <DIR> d-------- C:\Program Files\Jasc Software Inc 2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-29 11:26 . 2008-09-25 11:00 922,464 --a------ C:\WINDOWS\system32\Incinerator.dll 2008-09-29 11:26 . 2008-09-24 10:32 28,672 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2008-09-29 11:26 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\system32\smrgdf.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-03 14:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-21 23:25 --------- d-----w C:\Program Files\QuickTime 2008-09-18 16:05 --------- d-----w C:\Documents and Settings\Nora\Application Data\Apple Computer 2008-09-18 16:04 --------- d-----w C:\Program Files\Sun 2008-09-16 01:08 --------- d-----w C:\Program Files\Safari 2008-09-16 00:58 --------- d-----w C:\Program Files\Apple Software Update 2008-09-15 09:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-09 23:13 --------- d-----w C:\Documents and Settings\Nora\Application Data\acccore 2008-09-09 08:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-09 03:47 --------- d-----w C:\Documents and Settings\Nora\Application Data\LimeWire 2008-09-08 23:38 --------- d-----w C:\Program Files\Unlocker 2008-09-08 23:38 --------- d-----w C:\Documents and Settings\Nora\Application Data\Desktopicon 2008-09-08 07:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-08 03:14 --------- d-----w C:\Program Files\TweakXP 2 2008-09-08 02:52 --------- d-----w C:\Documents and Settings\Nora\Application Data\Leadertech 2008-09-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-09-08 02:21 --------- d-----w C:\Program Files\Common Files\Logitech 2008-09-08 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-09-08 02:10 --------- d-----w C:\Program Files\Logitech 2008-09-06 03:30 241,704 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll 2008-09-06 03:29 917,032 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe 2008-09-04 10:25 46,014 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-09-04 10:25 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-09-04 10:25 2,271 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-09-02 02:39 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-09-01 14:42 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Search 2008-08-30 21:13 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-29 10:25 --------- d-----w C:\Documents and Settings\Nora\Application Data\Winamp 2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Desktop Search 2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\iolo 2008-08-29 01:32 --------- d-----w C:\Program Files\Windows Desktop Search 2008-08-27 05:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 05:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 05:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 02:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 02:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-19 19:40 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll 2008-08-14 07:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 06:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-07-26 19:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll 2008-07-26 19:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll 2008-07-26 19:23 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll 2008-07-26 19:23 195,096 ----a-w C:\WINDOWS\system32\lvci11801048.dll 2008-07-26 18:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg 2006-11-16 17:26 1,095,224 ----a-w C:\Program Files\LaunchU3.exe 2006-08-15 14:15 22,486 ----a-w C:\Program Files\U3Launcher.ico 2008-01-14 19:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-14 19:40 88 --sh--r C:\WINDOWS\system32\4B9319776A.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "Google Update"="C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-12 133104] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] C:\Documents and Settings\Nora\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=C:\Documents and Settings\Nora\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-06-21 16:44 126976 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 02:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-06-21 16:48 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2008-08-14 17:11 565008 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 17:15 2407184 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-01-07 12:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 16:02 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] --a------ 2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLSetupSvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "iPod Service"=3 (0x3) "ioloDMV"=2 (0x2) "idsvc"=3 (0x3) "CCALib8"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\AIM6\\AIM6.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384] R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 18048] S4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] S4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 22:22] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-TVT Scheduler Proxy - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe MSConfigStartUp-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe MSConfigStartUp-YSearchProtection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nora\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\ FF -: plugin - C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 19:46:38 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-23 19:47:25 ComboFix-quarantined-files.txt 2008-10-23 23:47:22 Pre-Run: 13,341,949,952 bytes free Post-Run: 14,422,966,272 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 263 --- E O F --- 2008-10-21 07:03:51 Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 24, 2008 Nearly done Post a new HJT log Share this post Link to post Share on other sites
cookiie723 0 Report post Posted October 24, 2008 Should I just post a new HJT log whenever a scan is done? here's the new HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:45:29 AM, on 10/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 5901 bytes Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 24, 2008 Your log is clean Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. *ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. *Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted October 28, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you ! Share this post Link to post Share on other sites