Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need help with my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need help with my computer

Unread postby collins » July 10th, 2008, 10:48 pm

Ive had a nasty virus for the last few months and ive gotten rid of alot of it but is still messing around with my machine and its becoming frustrating.

heres the scan results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12: VIRUS ALERT!, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Chris Collins\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {2FB68C59-C098-415B-8563-837B33DD7D0D} - C:\WINDOWS\system32\iifgHwwT.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5AF35086-12C2-4A83-866B-18931C43F117} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QXK Olive - {DC5949AE-3837-4FDA-8B51-060B61FB432E} - C:\WINDOWS\kvsdpfeabxm.dll (file missing)
O2 - BHO: (no name) - {E3C0E61B-AEE7-4889-BF9D-CD807187FF38} - C:\WINDOWS\system32\tuvULDUm.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [c0166a4a] rundll32.exe "C:\WINDOWS\system32\khdaesbf.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2261322218
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O20 - Winlogon Notify: iifccdc - iifccdc.dll (file missing)
O20 - Winlogon Notify: iifgHwwT - iifgHwwT.dll (file missing)
O23 - Service: DSE Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\firebird\firebird_2_0\bin\fbserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8863 bytes


please help ASAP
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm
Advertisement
Register to Remove

Re: need help with my computer

Unread postby Bio-Hazard » July 11th, 2008, 11:22 am

Welcome to the MWR forums. My name is Bio-Hazard. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear.
  • Absence of symptoms does not mean that everything is clear.
  • I f you don't know or understand something please don't hesitate to ask.
  • It is important that you reply to this thread. Do not start a new topic.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.


Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby Bio-Hazard » July 11th, 2008, 1:46 pm

P2P Warning!

BitTorrent

I understand that downloading music and other files may be important to you; however, the P2P programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., copyrighted material, pirated software, and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

An often unanticipated and unintended consequence of using p2p programs is that you may be leaving your computer open to access by others without either your knowledge or consent. I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. This is how you can uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    BitTorrent

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

If you wish to keep them, you MUST NOT use them until your computer is clean.



Remove programs

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    MessengerPlus3

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby Bio-Hazard » July 14th, 2008, 6:46 am

Hello!

It has been few days since my last post.
  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!!


Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby collins » July 15th, 2008, 10:54 pm

hi there, sorry about the delay, i am currently away at the moment but i will be back tomorrow so i will post anouther report then.
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby Bio-Hazard » July 16th, 2008, 5:52 am

hi there, sorry about the delay, i am currently away at the moment but i will be back tomorrow so i will post anouther report then.


Ok no problem. Just follow my instructions in my previous post.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby collins » July 16th, 2008, 6:24 am

COMBOFIX LOG


ComboFix 08-07-14.2 - Chris Collins 2008-07-16 21:49:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT 12:00]
Running from: C:\Documents and Settings\Chris Collins\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chris Collins\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\brsylkom.ini
C:\WINDOWS\system32\cbxjngcu.ini
C:\WINDOWS\system32\cnqdnaet.ini
C:\WINDOWS\system32\cnrgyyun.ini
C:\WINDOWS\system32\eniddcim.ini
C:\WINDOWS\system32\fbseadhk.ini
C:\WINDOWS\system32\hbtxofey.ini
C:\WINDOWS\system32\holpgtdp.ini
C:\WINDOWS\system32\lhcbqext.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgnbrmbq.ini
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\moklysrb.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mUDLUvut.ini
C:\WINDOWS\system32\mUDLUvut.ini2
C:\WINDOWS\system32\npqwvhdr.ini
C:\WINDOWS\system32\qxjbigsa.ini
C:\WINDOWS\system32\ruxsjljp.ini
C:\WINDOWS\system32\sagbddja.ini
C:\WINDOWS\system32\sbgsahcv.ini
C:\WINDOWS\system32\suvgeliw.ini
C:\WINDOWS\system32\tnsbuxil.ini
C:\WINDOWS\system32\wpbwfnrl.ini
C:\WINDOWS\system32\xaddqbga.ini
C:\WINDOWS\system32\xyalgkxj.ini
C:\WINDOWS\system32\yktfreyf.ini
C:\WINDOWS\system32\yvrxvwwl.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-13 13:00 . 2008-07-13 13:00 <DIR> d----c--- C:\Program Files\Paint.NET
2008-07-13 04:34 . 2008-07-13 04:34 <DIR> d----c--- C:\WINDOWS\system32\XPSViewer
2008-07-13 04:34 . 2008-07-13 04:34 <DIR> d----c--- C:\Program Files\MSBuild
2008-07-13 04:33 . 2008-07-13 04:33 <DIR> d----c--- C:\Program Files\Reference Assemblies
2008-07-13 04:32 . 2006-06-29 13:07 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll
2008-07-13 04:31 . 2008-07-13 04:31 <DIR> d----c--- C:\Program Files\MSXML 6.0
2008-07-13 04:17 . 2008-07-13 04:17 <DIR> d----c--- C:\Program Files\SpaceShuttleMission2007
2008-07-10 21:04 . 2008-07-15 16:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 21:04 . 2008-07-11 16:04 <DIR> d----c--- C:\Documents and Settings\Chris Collins\Application Data\AVGTOOLBAR
2008-07-10 21:04 . 2008-07-10 21:04 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-10 21:04 . 2008-07-10 21:04 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-10 21:04 . 2008-07-10 21:04 10,520 --a--c--- C:\WINDOWS\system32\avgrsstx.dll
2008-07-10 21:03 . 2008-07-10 21:03 <DIR> d----c--- C:\Program Files\AVG
2008-07-10 21:03 . 2008-07-10 21:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-10 20:09 . 2007-01-23 16:25 689,664 -ra------ C:\WINDOWS\system32\drivers\athr.sys
2008-07-08 23:40 . 2008-07-08 23:41 <DIR> d----c--- C:\gmax
2008-07-06 19:00 . 2008-07-06 19:00 1,605,708 --ahsc--- C:\WINDOWS\system32\sbgsahcv.tmp
2008-06-23 19:33 . 2008-06-23 19:33 65,536 --a--c--- C:\WINDOWS\IFinst27.exe
2008-06-22 16:29 . 2008-07-16 21:55 <DIR> d----c--- C:\Program Files\TopDesk
2008-06-22 16:29 . 2008-06-22 16:29 <DIR> d----c--- C:\Documents and Settings\Chris Collins\Application Data\OtakuSoftware
2008-06-20 20:30 . 2008-07-16 21:47 <DIR> d----c--- C:\Program Files\MessengerPlus! 3
2008-06-20 09:26 . 2008-06-20 09:26 <DIR> d----c--- C:\Program Files\Sun
2008-06-19 16:39 . 2008-07-11 16:34 <DIR> d----c--- C:\Program Files\Crawler
2008-06-17 07:21 . 2008-07-10 21:05 <DIR> d----c--- C:\Documents and Settings\Administrator
2008-06-16 20:14 . 2008-07-16 21:57 <DIR> d----c--- C:\Program Files\WinClamAVShield
2008-06-16 20:13 . 2008-07-12 14:36 <DIR> d----c--- C:\Program Files\Spyware Terminator
2008-06-16 20:13 . 2008-07-14 11:00 <DIR> d----c--- C:\Documents and Settings\Chris Collins\Application Data\Spyware Terminator
2008-06-16 20:13 . 2008-06-30 18:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-16 20:13 . 2008-06-16 20:13 141,312 --a--c--- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-16 19:47 . 2008-06-16 19:47 <DIR> d----c--- C:\Program Files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 09:59 --------- dc----w C:\Program Files\Steam
2008-07-16 09:59 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\Skype
2008-07-16 09:53 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\DNA
2008-07-15 09:46 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\teamspeak2
2008-07-15 07:18 --------- dc----w C:\Program Files\LimeWire
2008-07-15 04:00 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\skypePM
2008-07-13 12:15 --------- dc----w C:\Program Files\Microsoft Games
2008-07-11 03:56 --------- dc----w C:\Program Files\Microsoft Works
2008-07-10 09:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-04 04:34 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-07-03 06:22 --------- dc----w C:\Program Files\Incomplete
2008-06-30 07:39 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\LimeWire
2008-06-30 06:50 --------- dc----w C:\Program Files\Safari
2008-06-26 09:50 --------- dc----w C:\Program Files\RealFlight
2008-06-20 08:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-19 21:25 --------- dc----w C:\Program Files\Java
2008-06-16 19:15 --------- dc----w C:\Program Files\iMesh Applications
2008-06-16 07:45 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:38 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-06-11 08:28 --------- dc----w C:\Program Files\Teamspeak2_RC2
2008-06-02 07:36 --------- dc----w C:\Program Files\AVG(2)
2008-06-02 07:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-02 07:35 --------- dc----w C:\Program Files\Cheat Engine
2008-06-02 07:34 --------- dc----w C:\Documents and Settings\Chris Collins\Application Data\uTorrent
2008-05-23 22:07 --------- dc----w C:\Program Files\Apple Software Update
2008-05-07 05:18 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 10:55 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-08 01:35 47,360 -c--a-w C:\Documents and Settings\Chris Collins\Application Data\pcouffin.sys
2005-08-06 06:32 19,782,812 -c--a-w C:\Documents and Settings\Chris Collins\setup.exe
2008-01-14 22:39 56 -csh--r C:\WINDOWS\system32\341A4948EA.sys
2008-01-14 22:39 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24 1694208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 10:29 165784]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 00:23 289088]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-17 17:28 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [2000-06-02 18:07 24650]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38 987187]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-16 20:13 1817600]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 21:03 1232152]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 15:54 65024 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 00:00 15360]

C:\Documents and Settings\Chris Collins\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-21 17:12:52 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Chris Collins^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\Chris Collins\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Thraex Software\\AutoUpdator\\AutoUpdator.exe"=
"C:\\PacCafe\\steamapps\\skrillaka3\\half-life 2 deathmatch\\hl2.exe"=
"C:\\PacCafe\\steamapps\\skrillaka3\\half-life 2\\hl2.exe"=
"C:\\PacCafe\\steamapps\\skrillaka3\\garrysmod\\hl2.exe"=
"C:\\PacCafe\\steamapps\\skrillaka3\\day of defeat source\\hl2.exe"=
"C:\\PacCafe\\steamapps\\skrillaka3\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-10 21:04]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-16 20:13]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 21:03]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 21:03]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-10 21:04]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys []
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\firebird\firebird_2_0\bin\fbserver.exe []
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 23:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{5AF35086-12C2-4A83-866B-18931C43F117} - C:\WINDOWS\system32\pmnnm.dll
BHO-{E3C0E61B-AEE7-4889-BF9D-CD807187FF38} - C:\WINDOWS\system32\tuvULDUm.dll
HKLM-Run-c0166a4a - C:\WINDOWS\system32\khdaesbf.dll
HKLM-Run-CardBus-PCI - C:\Program Files\DSE\CardBus-PCI\CardBus-PCI.exe
Notify-WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
Notify-iifccdc - iifccdc.dll
Notify-iifgHwwT - iifgHwwT.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 21:57:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-16 22:15:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 10:13:50

Pre-Run: 35,132,018,688 bytes free
Post-Run: 35,970,023,424 bytes free

220 --- E O F --- 2008-07-15 05:11:07


HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Chris Collins\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2261322218
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: DSE Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\firebird\firebird_2_0\bin\fbserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8057 bytes
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby Bio-Hazard » July 16th, 2008, 11:49 am

I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\system32\sbgsahcv.tmp
C:\Documents and Settings\Chris Collins\setup.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and Paste results in your next reply.
  • Repeat for all files on the list, and post me the details please


RECOVERY CONSOLE

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System


Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Image


Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    Image

  • When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby collins » July 16th, 2008, 9:24 pm

hi there, the virus appears to be gone, everything is back to normal and the computer is running much better, thanks alot for the help!

Chris Collins
Last edited by collins on July 16th, 2008, 9:28 pm, edited 1 time in total.
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby collins » July 16th, 2008, 9:24 pm

hi there, the virus appears to be gone, everything is back to normal and the computer is running much better, thanks alot for the help!

Chris Collins
Last edited by collins on July 16th, 2008, 9:28 pm, edited 1 time in total.
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby collins » July 16th, 2008, 9:24 pm

hi there, the virus appears to be gone, everything is back to normal and the computer is running much better, thanks alot for the help!

Chris Collins
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby collins » July 16th, 2008, 9:24 pm

sorry about that, dont no what happend
Last edited by collins on July 16th, 2008, 9:27 pm, edited 1 time in total.
collins
Active Member
 
Posts: 7
Joined: July 10th, 2008, 10:29 pm

Re: need help with my computer

Unread postby Bio-Hazard » July 17th, 2008, 4:27 am

hi there, the virus appears to be gone, everything is back to normal and the computer is running much better, thanks alot for the help!


There are still few things to do. Could you please follow my instructions from my last post.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby Bio-Hazard » July 20th, 2008, 2:20 pm

Hello!

It has been few days since my last post.
  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!!


Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: need help with my computer

Unread postby Blade81 » July 22nd, 2008, 1:54 pm

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware