Windows antivirus and pop up virus/spyware

Posted 7/8/2008 2:11 PM
#63331
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
I recently got a virus that acts like windows antivirus and tries to get me to buy spyshedder or something like that. Also i keep getting pop ups for porn or trying to get me to buy something. I ran a virus and spyware program that said it deleted all the infection and viruses on my comp but it is still happening. I had to go into my setup and stop most of it from starting during start up now but i would like to remove it from my computer completely. Im kind of new to this virus removal stuff so im not sure what you need i am running with vista btw. any help would be great
Posted 7/8/2008 3:43 PM
#63335
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
hello :smile: <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">1.<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> Get this version of Hijackthis from <SPAN class=spnmessagetext><SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'">http://danborg.org/spy/hjt/alternativ.exe<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/><SPAN style="mso-spacerun: yes"> <br/><SPAN class=postbody>2 <SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT<SPAN class=postbody><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">3<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> Run hijackthis.<SPAN style="mso-spacerun: yes"> (alternativ exe).<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN">Choose the "Do a system scan and save a log file" option to perform your scan. <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN">HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.<o:p></o:p> <br/> <br/><SPAN lang=EN>Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy. <br/>From within the browser window and with the message body text box selected, click Edit -> Paste. <br/> <br/><SPAN lang=EN>Post hijackthis log here<o:p></o:p> <br/> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: #222222; LINE-HEIGHT: 160%; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-US">NB.</B><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: #222222; LINE-HEIGHT: 160%; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-US"> On Windows Vista, right-click the HijackThis© icon and select "Run as administrator”<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/8/2008 11:00 PM
#63347
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
When i ran it a long error came up but this is what came up when it finished <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 6:57:35 PM, on 7/8/2008 <br/>Platform: Unknown Windows (WinNT 6.00.1904) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16681) <br/> <br/>Running processes: <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\AIM6\aim6.exe <br/>C:\Users\Josh Hudson\Program Files\DNA\btdna.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Windows\System32\rundll32.exe <br/>C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe <br/>C:\Program Files\Internet Explorer\ieuser.exe <br/>C:\Program Files\Spyware Doctor\pctsTray.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Program Files\Common Files\AOL\Loader\aolload.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>C:\Program Files\AIM6\aolsoftware.exe <br/>C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe <br/>C:\Windows\system32\WerCon.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Users\Josh Hudson\Downloads\hijak.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {20177355-706D-416B-A23B-49443A7118F3} - C:\Windows\system32\ssqOFUOe.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll <br/>O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll <br/>O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide <br/>O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe <br/>O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r <br/>O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE <br/>O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" <br/>O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp <br/>O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\khfDuUnl.dll,#1 <br/>O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll,c <br/>O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O13 - Gopher Prefix: <br/>O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll <br/>O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL <br/>O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll <br/>O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe <br/>O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe <br/>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe <br/>O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing) <br/>O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe <br/>O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe <br/>O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe <br/>O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 7/9/2008 4:54 AM
#63350
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">Please download Combofix:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'">[color=#222222][2]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/2][/color]<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">And save to the desktop.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN">[2]Close all other browser windows.<o:p></o:p>[/2] <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN"><o:p>[2] [/2]</o:p> <br/> <br/>[2]<SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: Arial">Please connect all your external hard drive/flash drive before running Combofix<SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'"><o:p></o:p>[/2] <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN"><o:p>[2] [/2]</o:p> <br/> <br/>[2]<SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN">Important-><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN"> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".<o:p></o:p>[/2] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p>[2] [/2]</o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'">[2]Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.<o:p></o:p>[/2] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p>[2] [/2]</o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">[2]Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p>[/2]</B> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">Post the contents of that log in your next reply with a new hijackthis log.<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p> </o:p> <br/> <br/>[2]<SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: #222222; LINE-HEIGHT: 160%; FONT-FAMILY: 'Verdana','sans-serif'">Please copy and paste your log files. <SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: red; LINE-HEIGHT: 160%; FONT-FAMILY: 'Verdana','sans-serif'">DO NOT add it as an attachment<SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: #222222; LINE-HEIGHT: 160%; FONT-FAMILY: 'Verdana','sans-serif'"><o:p></o:p>[/2] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN class=postbody><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p></o:p> <br/> <br/>[2]<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">NB. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">If you are using any P2P (file sharing) programs, please remove them before we clean your computer.<SPAN class=postbody1><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; LETTER-SPACING: 0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.<SPAN class=postbody1><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; LETTER-SPACING: 0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p></o:p>[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/9/2008 12:07 PM
#63368
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
ComboFix 08-07-08.7 - Josh Hudson 2008-07-09 8:00:49.1 - NTFSx86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2124 [GMT -4:00] <br/>Running from: C:\Users\Josh Hudson\Downloads\ComboFix.exe <br/> * Created a new restore point <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>C:\Program Files\PCHealthCenter <br/>C:\Program Files\PCHealthCenter\0.exe <br/>C:\Program Files\PCHealthCenter\0.gif <br/>C:\Program Files\PCHealthCenter\1.exe <br/>C:\Program Files\PCHealthCenter\1.gif <br/>C:\Program Files\PCHealthCenter\2.exe <br/>C:\Program Files\PCHealthCenter\2.gif <br/>C:\Program Files\PCHealthCenter\3.exe <br/>C:\Program Files\PCHealthCenter\3.gif <br/>C:\Program Files\PCHealthCenter\4.exe <br/>C:\Program Files\PCHealthCenter\5.exe <br/>C:\Program Files\PCHealthCenter\sc.html <br/>C:\Program Files\PCHealthCenter\sex1.ico <br/>C:\Program Files\PCHealthCenter\sex2.ico <br/>C:\Windows\system32\sex1.ico <br/>C:\Windows\system32\sex2.ico <br/>C:\Windows\system32\vav.cpl <br/> <br/>. <br/>((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>No new files created in this timespan <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2008-07-09 12:02 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\BitTorrent <br/>2008-07-09 12:00 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DNA <br/>2008-07-09 11:57 --------- d---a-w C:\ProgramData\TEMP <br/>2008-07-09 11:57 --------- d-----w C:\Program Files\Spyware Doctor <br/>2008-07-08 23:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy <br/>2008-07-08 13:05 --------- d-----w C:\Program Files\Trend Micro <br/>2008-07-08 12:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy <br/>2008-07-08 04:53 80 ----a-w C:\Users\Josh Hudson\AppData\Roaming\wklnhst.dat <br/>2008-07-08 04:53 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\Template <br/>2008-07-08 04:09 --------- d-----w C:\Program Files\WinTV <br/>2008-07-08 04:04 --------- d-----w C:\Program Files\RegCure <br/>2008-07-08 02:14 --------- d-----w C:\ProgramData\Roxio <br/>2008-07-08 01:50 --------- d-----w C:\Program Files\Common Files\PC Tools <br/>2008-07-08 01:49 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PC Tools <br/>2008-07-08 01:49 --------- d-----w C:\ProgramData\PC Tools <br/>2008-07-07 13:59 28,800 ----a-w C:\Windows\System32\ssqOFUOe.dll <br/>2008-07-07 13:14 --------- d-----w C:\ProgramData\Microsoft Help <br/>2008-07-07 12:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DivX <br/>2008-07-07 12:30 --------- d-----w C:\Program Files\DivX <br/>2008-07-07 12:30 --------- d-----w C:\Program Files\Common Files\PX Storage Engine <br/>2008-07-07 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information <br/>2008-07-07 00:32 --------- d-----w C:\Program Files\Common Files\IviSDK <br/>2008-06-18 18:31 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe <br/>2008-06-10 22:30 --------- d-----w C:\Program Files\Windows Mail <br/>2008-06-10 22:12 682,232 ----a-w C:\Windows\system32\drivers\sptd.sys <br/>2008-06-10 22:09 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\Roxio <br/>2008-06-03 02:23 --------- d-----w C:\Program Files\Google <br/>2008-06-03 02:15 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PeerNetworking <br/>2008-06-02 07:08 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys <br/>2008-06-02 07:08 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys <br/>2008-06-02 07:06 944,184 ----a-w C:\Windows\System32\winload.exe <br/>2008-06-02 07:06 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll <br/>2008-06-02 07:06 620,088 ----a-w C:\Windows\System32\ci.dll <br/>2008-06-02 07:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll <br/>2008-06-02 07:06 40,960 ----a-w C:\Windows\System32\srclient.dll <br/>2008-06-02 07:06 371,712 ----a-w C:\Windows\System32\srcore.dll <br/>2008-06-02 07:06 313,856 ----a-w C:\Windows\System32\rstrui.exe <br/>2008-06-02 07:06 19,000 ----a-w C:\Windows\System32\kd1394.dll <br/>2008-06-02 07:06 16,384 ----a-w C:\Windows\System32\srdelayed.exe <br/>2008-06-02 07:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys <br/>2008-06-02 07:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll <br/>2008-06-02 07:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll <br/>2008-06-02 07:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll <br/>2008-06-02 07:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll <br/>2008-06-02 07:04 296,448 ----a-w C:\Windows\System32\gdi32.dll <br/>2008-06-02 07:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe <br/>2008-06-02 07:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll <br/>2008-06-02 07:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll <br/>2008-06-02 07:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll <br/>2008-06-02 07:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll <br/>2008-06-02 01:29 --------- d-----w C:\Program Files\DNA <br/>2008-06-02 01:29 --------- d-----w C:\Program Files\BitTorrent <br/>2008-06-02 00:17 53,080 ----a-w C:\Windows\System32\wuauclt.exe <br/>2008-06-02 00:17 43,352 ----a-w C:\Windows\System32\wups2.dll <br/>2008-06-02 00:17 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll <br/>2008-06-02 00:17 1,524,224 ----a-w C:\Windows\System32\wucltux.dll <br/>2008-06-02 00:16 80,896 ----a-w C:\Windows\System32\wudriver.dll <br/>2008-06-02 00:16 549,720 ----a-w C:\Windows\System32\wuapi.dll <br/>2008-06-02 00:16 33,624 ----a-w C:\Windows\System32\wups.dll <br/>2008-06-02 00:16 31,232 ----a-w C:\Windows\System32\wuapp.exe <br/>2008-06-02 00:16 163,000 ----a-w C:\Windows\System32\wuwebv.dll <br/>2008-06-01 23:27 --------- d-----w C:\Program Files\Common Files\Remote Control Software Common <br/>2008-06-01 23:26 --------- d-----w C:\Program Files\Logitech <br/>2008-06-01 23:26 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver <br/>2008-06-01 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe <br/>2008-06-01 23:25 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\InstallShield <br/>2008-06-01 22:07 --------- d-----w C:\Program Files\Common Files\Adobe <br/>2008-06-01 21:43 --------- d-----w C:\ProgramData\AOL OCP <br/>2008-06-01 21:42 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\acccore <br/>2008-06-01 21:42 --------- d-----w C:\ProgramData\Viewpoint <br/>2008-06-01 21:42 --------- d-----w C:\ProgramData\AOL <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\Viewpoint <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\Common Files\AOL <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\AIM6 <br/>2008-06-01 19:16 --------- d-----w C:\Program Files\support.com <br/>2008-05-30 17:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe <br/>2008-05-30 17:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll <br/>2008-05-30 17:19 200,704 ----a-w C:\Windows\System32\ssldivx.dll <br/>2008-05-30 17:19 1,044,480 ----a-w C:\Windows\System32\libdivx.dll <br/>2008-05-26 20:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\ATI <br/>2008-05-26 20:30 --------- d-----w C:\ProgramData\ATI <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Templates <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Start Menu <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Favorites <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Documents <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Desktop <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Application Data <br/>2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll <br/>2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys <br/>2008-05-09 22:38 87,040 ----a-w C:\Windows\System32\msoert2.dll <br/>2008-05-09 22:38 39,424 ----a-w C:\Windows\System32\ACCTRES.dll <br/>2008-05-09 22:38 229,888 ----a-w C:\Windows\System32\msshsq.dll <br/>2008-05-09 22:38 205,824 ----a-w C:\Windows\System32\msoeacct.dll <br/>2008-05-09 22:38 2,048 ----a-w C:\Windows\System32\msxml6r.dll <br/>2008-05-09 22:38 1,335,296 ----a-w C:\Windows\System32\msxml6.dll <br/>2008-05-09 22:37 750,080 ----a-w C:\Windows\System32\qmgr.dll <br/>2008-05-09 22:35 974,336 ----a-w C:\Windows\System32\crypt32.dll <br/>2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hcrstco.dll <br/>2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hccoin.dll <br/>2008-05-09 22:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}] <br/>2008-07-07 09:59 28800 --a------ C:\Windows\system32\ssqOFUOe.dll <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440] <br/>"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528] <br/>"BitTorrent DNA"="C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" [2008-06-02 08:22 289088] <br/>"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728] <br/>"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224] <br/>"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112] <br/>"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 11:03 29744] <br/>"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] <br/>"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 09:26 4452352 C:\Windows\RtHDVCpl.exe] <br/> <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-01 19:26:04 67128] <br/> <br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{20177355-706D-416B-A23B-49443A7118F3}"= "C:\Windows\system32\ssqOFUOe.dll" [2008-07-07 09:59 28800] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] <br/>2008-05-09 11:13 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds] <br/>--a------ 2008-07-07 10:04 318208 C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] <br/>--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] <br/>"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] <br/>"{D6BAD6EC-0CD8-4C8D-B2AB-F334825A0ABF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader <br/>"{32B32560-1944-4D0B-BEDE-A1D92713A627}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader <br/>"{20B2A54D-CC08-42CC-BF98-DDF951803BAB}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM <br/>"{2D32F850-9CD8-4D18-ACE0-08811776C50D}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM <br/>"{B7A30357-2316-4430-974D-EB1E9716403D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{ECCC1027-4640-4362-BA3C-9A39318A2FE0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{D82A9F86-44C0-426A-94EE-402746B10EAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{2B27A29B-F078-465D-AE45-95FCD703DB83}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{40435C03-72DB-4CE2-98C8-A2B9DC08A580}"= UDP:C:\Program Files\DNA\btdna.exe:DNA <br/>"{58211F4C-DEC4-4033-9B4B-FFB75D246F9E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA <br/>"{DB09820A-50E0-483E-BA45-97796820BCD2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent <br/>"{BB9DFF95-E855-4660-BCE6-92ECBF2B1C7C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent <br/>"TCP Query User{3DDEEB8D-69DD-4E33-9590-C74104597415}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger <br/>"UDP Query User{D3EC16AD-C47D-4F2F-BBB2-43B36C36422F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger <br/>"TCP Query User{F761ED08-71C5-4EDF-8A60-64B44C3AAF58}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent <br/>"UDP Query User{5B9A829C-5D51-40E8-B97F-0AFAE36898BF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] <br/>"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] <br/>"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 <br/>"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent <br/> <br/>R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-04-10 15:14] <br/>R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38] <br/>R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-24 06:37] <br/>R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 08:21] <br/>S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-09 11:03] <br/>S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [] <br/> <br/>*Newly Created Service* - CATCHME <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>"2008-07-09 03:30:21 C:\Windows\Tasks\RegCure Program Check.job" <br/>- C:\Program Files\RegCure\RegCure.exe <br/>"2008-07-08 04:10:56 C:\Windows\Tasks\RegCure.job" <br/>- C:\Program Files\RegCure\RegCure.exe <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>MSConfigStartUp-MSServer - C:\Users\JOSHHU~1\AppData\Local\Temp\khfDuUnl.dll <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2008-07-09 08:02:26 <br/>Windows 6.0.6000 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>Completion time: 2008-07-09 8:03:20 <br/>ComboFix-quarantined-files.txt 2008-07-09 12:03:17 <br/> <br/> The system cannot find message text for message number 0x2379 in the message file for Application. <br/>Post-Run: 414,349,041,664 bytes free <br/> <br/>218 --- E O F --- 2008-07-09 03:26:35
Posted 7/9/2008 12:09 PM
#63369
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
Logfile of HijackThis v1.99.1 <br/>Scan saved at 8:09:14 AM, on 7/9/2008 <br/>Platform: Unknown Windows (WinNT 6.00.1904) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16681) <br/> <br/>Running processes: <br/>C:\Windows\system32\Dwm.exe <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\AIM6\aim6.exe <br/>C:\Users\Josh Hudson\Program Files\DNA\btdna.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Program Files\BitTorrent\bittorrent.exe <br/>C:\Program Files\Internet Explorer\ieuser.exe <br/>C:\Windows\Explorer.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Users\Josh Hudson\Downloads\hijak.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {20177355-706D-416B-A23B-49443A7118F3} - C:\Windows\system32\ssqOFUOe.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll <br/>O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll <br/>O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe <br/>O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r <br/>O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE <br/>O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto <br/>O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp <br/>O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll,c <br/>O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\urqnMGVO.dll,#1 <br/>O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O13 - Gopher Prefix: <br/>O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll <br/>O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL <br/>O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll <br/>O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe <br/>O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe <br/>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe <br/>O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing) <br/>O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe <br/>O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe <br/>O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe <br/>O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 7/10/2008 2:29 PM
#63399
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
well havent heard back but the icon is gone from my control panel.. i still get random pop ups though
Posted 7/10/2008 3:43 PM
#63402
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. <br/> <br/><br /><br /> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Please download Malwarebytes' Anti-Malware:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">http://www.besttechie.net/tools/mbam-setup.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #555454; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">to your desktop<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #555454; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #555454; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Double-click <B style="mso-bidi-font-weight: normal">mbam-setup.exe</B> and follow the prompts to install the program. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-tab-count: 1"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Malwarebytes' Anti-Malware, then click Finish. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-tab-count: 1"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">If an update is found, it will download and install the latest version. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-tab-count: 1"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Once the program has loaded, select Perform full scan, then click Scan. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-tab-count: 1"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">When the scan is complete, click OK, then Show Results to view the results. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Be sure that everything is checked, and click Remove Selected. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">When completed, a log will open in Notepad. Please save it to a convenient location. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Copy and Paste that log into your next reply, along with new combofix log.<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/10/2008 9:41 PM
#63414
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
Malwarebytes' Anti-Malware 1.20 <br/>Database version: 938 <br/>Windows 6.0.6000 <br/> <br/>5:39:36 PM 7/10/2008 <br/>mbam-log-7-10-2008 (17-39-36).txt <br/> <br/>Scan type: Full Scan (C:\|D:\|) <br/>Objects scanned: 124168 <br/>Time elapsed: 26 minute(s), 50 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 2 <br/>Registry Keys Infected: 3 <br/>Registry Values Infected: 3 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 13 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>C:\Users\Josh Hudson\AppData\Local\Temp\sSmjIxwu.dll (Trojan.Vundo) -> Unloaded module successfully. <br/>C:\Windows\System32\ssqOFUOe.dll (Trojan.Vundo) -> Unloaded module successfully. <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\CLSID\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>C:\Users\Josh Hudson\AppData\Local\Temp\sSmjIxwu.dll (Trojan.Vundo) -> Delete on reboot. <br/>C:\Windows\System32\ssqOFUOe.dll (Trojan.Vundo) -> Delete on reboot. <br/>C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. <br/>C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. <br/>C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AMI0X06\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKRLEIDK\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKRLEIDK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Temp\gottanqm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Temp\lojqyykv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Temp\pomubbqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Temp\sknwhsci.dll (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>C:\Users\Josh Hudson\AppData\Local\Temp\yayxxxUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Posted 7/10/2008 9:54 PM
#63415
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
ComboFix 08-07-10.1 - Josh Hudson 2008-07-10 17:50:25.1 - NTFSx86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2232 [GMT -4:00] <br/>Running from: C:\Users\Josh Hudson\Downloads\ComboFix.exe <br/> * Created a new restore point <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>C:\Windows\system32\x64 <br/> <br/>. <br/>((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2008-07-10 17:08 . 2008-07-10 17:08 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\Malwarebytes <br/>2008-07-10 17:08 . 2008-07-10 17:08 <DIR> d-------- C:\Users\All Users\Malwarebytes <br/>2008-07-10 17:08 . 2008-07-10 17:08 <DIR> d-------- C:\ProgramData\Malwarebytes <br/>2008-07-10 17:08 . 2008-07-10 17:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware <br/>2008-07-10 17:08 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys <br/>2008-07-10 17:08 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys <br/>2008-07-09 23:27 . 2008-07-09 23:27 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\My Games <br/>2008-07-09 23:27 . 2008-07-09 23:27 <DIR> d-------- C:\Users\All Users\Trymedia <br/>2008-07-09 23:27 . 2008-07-09 23:27 <DIR> d-------- C:\ProgramData\Trymedia <br/>2008-07-09 23:21 . 2008-07-09 23:21 <DIR> d-------- C:\Program Files\Firaxis Games <br/>2008-07-09 23:20 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll <br/>2008-07-09 23:19 . 2008-07-09 23:19 <DIR> d--h----- C:\Windows\msdownld.tmp <br/>2008-07-09 20:56 . 2008-07-09 20:56 <DIR> d-------- C:\Program Files\AC3Filter <br/>2008-07-09 20:30 . 2008-07-09 20:31 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\Creative <br/>2008-07-09 18:44 . 2008-07-09 18:44 <DIR> d-------- C:\Intel <br/>2008-07-09 18:08 . 2008-07-09 18:08 <DIR> d-------- C:\Windows\System32\Lang <br/>2008-07-09 18:08 . 2007-09-25 07:10 920,088 --a------ C:\Windows\System32\igxpun.exe <br/>2008-07-09 18:08 . 2007-09-25 07:10 319,456 --a------ C:\Windows\System32\difxapi.dll <br/>2008-07-08 08:55 . 2008-07-09 08:06 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy <br/>2008-07-08 08:55 . 2008-07-09 08:06 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy <br/>2008-07-08 08:55 . 2008-07-08 08:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy <br/>2008-07-08 00:53 . 2008-07-08 00:53 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\Template <br/>2008-07-08 00:53 . 2008-07-08 00:53 80 --a------ C:\Users\Josh Hudson\AppData\Roaming\wklnhst.dat <br/>2008-07-07 23:59 . 2008-07-08 00:04 <DIR> d-------- C:\Program Files\RegCure <br/>2008-07-07 21:49 . 2008-07-07 21:49 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\PC Tools <br/>2008-07-07 21:49 . 2008-07-10 17:46 <DIR> d-a------ C:\Users\All Users\TEMP <br/>2008-07-07 21:49 . 2008-07-07 21:49 <DIR> d-------- C:\Users\All Users\PC Tools <br/>2008-07-07 21:49 . 2008-07-10 17:46 <DIR> d-a------ C:\ProgramData\TEMP <br/>2008-07-07 21:49 . 2008-07-07 21:49 <DIR> d-------- C:\ProgramData\PC Tools <br/>2008-07-07 21:49 . 2008-07-10 17:46 <DIR> d-------- C:\Program Files\Spyware Doctor <br/>2008-07-07 21:49 . 2008-07-07 21:50 <DIR> d-------- C:\Program Files\Common Files\PC Tools <br/>2008-07-07 21:49 . 2008-04-10 15:14 159,880 --a------ C:\Windows\System32\drivers\pctfw2.sys <br/>2008-07-07 21:49 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys <br/>2008-07-07 21:49 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys <br/>2008-07-07 21:49 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys <br/>2008-07-07 21:49 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys <br/>2008-07-07 09:01 . 2008-07-07 09:14 <DIR> d-------- C:\Users\All Users\Microsoft Help <br/>2008-07-07 09:01 . 2008-07-07 09:14 <DIR> d-------- C:\ProgramData\Microsoft Help <br/>2008-07-07 08:30 . 2008-07-09 20:46 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\DivX <br/>2008-07-07 08:30 . 2008-07-07 08:30 <DIR> d-------- C:\Program Files\DivX <br/>2008-07-06 20:32 . 2008-07-06 20:32 <DIR> d-------- C:\Program Files\Common Files\IviSDK <br/>2008-07-06 20:31 . 2000-02-11 16:58 995,383 --a------ C:\Windows\System32\temp.005 <br/>2008-07-06 20:31 . 2000-03-07 15:22 278,581 --a------ C:\Windows\System32\temp.004 <br/>2008-07-06 20:31 . 1998-06-16 19:45 77,878 --a------ C:\Windows\System32\temp.003 <br/>2008-07-06 20:31 . 2008-07-06 20:32 3,783 --a------ C:\Windows\HCWPNP.INI <br/>2008-07-06 20:29 . 2008-03-17 13:11 <DIR> d-------- C:\Users\Josh Hudson\cd_4.1a <br/>2008-07-06 20:29 . 2007-10-01 08:21 1,129,344 --a------ C:\Windows\System32\drivers\HCW85BDA.sys <br/>2008-07-06 20:29 . 2007-10-01 08:20 140,800 --a------ C:\Windows\System32\hcw85enc.ax <br/>2008-07-06 20:29 . 2007-10-01 08:20 115,712 --a------ C:\Windows\System32\hcw85prop.ax <br/>2008-07-06 20:27 . 2000-02-11 16:58 995,383 --a------ C:\Windows\System32\temp.002 <br/>2008-07-06 20:27 . 2001-07-19 07:44 393,216 --a------ C:\Windows\System32\hcwsnbd9.dll <br/>2008-07-06 20:27 . 2000-03-07 15:22 278,581 --a------ C:\Windows\System32\temp.001 <br/>2008-07-06 20:27 . 1998-06-16 19:45 77,878 --a------ C:\Windows\System32\temp.000 <br/>2008-06-18 14:31 . 2008-06-18 14:31 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe <br/>2008-06-14 09:16 . 2008-04-23 01:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll <br/>2008-06-14 09:16 . 2008-04-23 00:27 428,032 --a------ C:\Windows\System32\EncDec.dll <br/>2008-06-14 09:16 . 2008-04-23 01:12 292,352 --a------ C:\Windows\System32\psisdecd.dll <br/>2008-06-14 09:16 . 2008-04-23 01:12 218,624 --a------ C:\Windows\System32\psisrndr.ax <br/>2008-06-14 09:16 . 2008-04-23 01:12 80,896 --a------ C:\Windows\System32\MSNP.ax <br/>2008-06-14 09:16 . 2008-04-23 01:11 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax <br/>2008-06-14 09:16 . 2008-04-23 01:11 57,856 --a------ C:\Windows\System32\MSDvbNP.ax <br/>2008-06-10 18:12 . 2008-06-10 18:12 682,232 --a------ C:\Windows\System32\drivers\sptd.sys <br/>2008-06-10 18:09 . 2008-06-10 18:09 <DIR> d-------- C:\Users\Josh Hudson\AppData\Roaming\Roxio <br/>2008-06-10 18:09 . 2008-07-07 22:14 <DIR> d-------- C:\Users\All Users\Roxio <br/>2008-06-10 18:09 . 2008-07-07 22:14 <DIR> d-------- C:\ProgramData\Roxio <br/>2008-06-10 18:07 . 2008-04-26 03:41 1,327,616 --a------ C:\Windows\System32\quartz.dll <br/>2008-06-10 18:07 . 2008-05-09 21:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys <br/>2008-06-10 18:07 . 2008-05-09 23:30 14,848 --a------ C:\Windows\System32\wshrm.dll <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2008-07-10 21:41 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DNA <br/>2008-07-10 03:21 --------- d--h--w C:\Program Files\InstallShield Installation Information <br/>2008-07-10 01:09 --------- d-----w C:\ProgramData\Creative <br/>2008-07-10 01:02 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\BitTorrent <br/>2008-07-09 23:54 174 --sha-w C:\Program Files\desktop.ini <br/>2008-07-09 23:47 --------- d-----w C:\Program Files\Windows Mail <br/>2008-07-08 13:05 --------- d-----w C:\Program Files\Trend Micro <br/>2008-07-08 04:09 --------- d-----w C:\Program Files\WinTV <br/>2008-07-07 12:30 --------- d-----w C:\Program Files\Common Files\PX Storage Engine <br/>2008-06-03 02:23 --------- d-----w C:\Program Files\Google <br/>2008-06-03 02:15 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PeerNetworking <br/>2008-06-02 07:08 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys <br/>2008-06-02 07:08 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys <br/>2008-06-02 07:06 944,184 ----a-w C:\Windows\System32\winload.exe <br/>2008-06-02 07:06 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll <br/>2008-06-02 07:06 620,088 ----a-w C:\Windows\System32\ci.dll <br/>2008-06-02 07:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll <br/>2008-06-02 07:06 40,960 ----a-w C:\Windows\System32\srclient.dll <br/>2008-06-02 07:06 371,712 ----a-w C:\Windows\System32\srcore.dll <br/>2008-06-02 07:06 313,856 ----a-w C:\Windows\System32\rstrui.exe <br/>2008-06-02 07:06 19,000 ----a-w C:\Windows\System32\kd1394.dll <br/>2008-06-02 07:06 16,384 ----a-w C:\Windows\System32\srdelayed.exe <br/>2008-06-02 07:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys <br/>2008-06-02 07:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll <br/>2008-06-02 07:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll <br/>2008-06-02 07:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll <br/>2008-06-02 07:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll <br/>2008-06-02 07:04 296,448 ----a-w C:\Windows\System32\gdi32.dll <br/>2008-06-02 07:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe <br/>2008-06-02 07:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll <br/>2008-06-02 07:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll <br/>2008-06-02 07:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll <br/>2008-06-02 07:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll <br/>2008-06-02 01:29 --------- d-----w C:\Program Files\DNA <br/>2008-06-02 01:29 --------- d-----w C:\Program Files\BitTorrent <br/>2008-06-02 00:17 53,080 ----a-w C:\Windows\System32\wuauclt.exe <br/>2008-06-02 00:17 43,352 ----a-w C:\Windows\System32\wups2.dll <br/>2008-06-02 00:17 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll <br/>2008-06-02 00:17 1,524,224 ----a-w C:\Windows\System32\wucltux.dll <br/>2008-06-02 00:16 80,896 ----a-w C:\Windows\System32\wudriver.dll <br/>2008-06-02 00:16 549,720 ----a-w C:\Windows\System32\wuapi.dll <br/>2008-06-02 00:16 33,624 ----a-w C:\Windows\System32\wups.dll <br/>2008-06-02 00:16 31,232 ----a-w C:\Windows\System32\wuapp.exe <br/>2008-06-02 00:16 163,000 ----a-w C:\Windows\System32\wuwebv.dll <br/>2008-06-01 23:27 --------- d-----w C:\Program Files\Common Files\Remote Control Software Common <br/>2008-06-01 23:26 --------- d-----w C:\Program Files\Logitech <br/>2008-06-01 23:26 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver <br/>2008-06-01 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe <br/>2008-06-01 23:25 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\InstallShield <br/>2008-06-01 22:07 --------- d-----w C:\Program Files\Common Files\Adobe <br/>2008-06-01 21:43 --------- d-----w C:\ProgramData\AOL OCP <br/>2008-06-01 21:42 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\acccore <br/>2008-06-01 21:42 --------- d-----w C:\ProgramData\Viewpoint <br/>2008-06-01 21:42 --------- d-----w C:\ProgramData\AOL <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\Viewpoint <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\Common Files\AOL <br/>2008-06-01 21:42 --------- d-----w C:\Program Files\AIM6 <br/>2008-06-01 19:16 --------- d-----w C:\Program Files\support.com <br/>2008-05-30 18:19 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll <br/>2008-05-30 18:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll <br/>2008-05-30 18:17 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll <br/>2008-05-30 18:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll <br/>2008-05-30 18:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll <br/>2008-05-30 18:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll <br/>2008-05-30 18:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll <br/>2008-05-30 17:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe <br/>2008-05-30 17:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll <br/>2008-05-30 17:19 200,704 ----a-w C:\Windows\System32\ssldivx.dll <br/>2008-05-30 17:19 1,044,480 ----a-w C:\Windows\System32\libdivx.dll <br/>2008-05-26 20:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\ATI <br/>2008-05-26 20:30 --------- d-----w C:\ProgramData\ATI <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Templates <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Start Menu <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Favorites <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Documents <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Desktop <br/>2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Application Data <br/>2008-05-09 22:38 87,040 ----a-w C:\Windows\System32\msoert2.dll <br/>2008-05-09 22:38 39,424 ----a-w C:\Windows\System32\ACCTRES.dll <br/>2008-05-09 22:38 229,888 ----a-w C:\Windows\System32\msshsq.dll <br/>2008-05-09 22:38 205,824 ----a-w C:\Windows\System32\msoeacct.dll <br/>2008-05-09 22:38 2,048 ----a-w C:\Windows\System32\msxml6r.dll <br/>2008-05-09 22:38 1,335,296 ----a-w C:\Windows\System32\msxml6.dll <br/>2008-05-09 22:37 750,080 ----a-w C:\Windows\System32\qmgr.dll <br/>2008-05-09 22:35 974,336 ----a-w C:\Windows\System32\crypt32.dll <br/>2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hcrstco.dll <br/>2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hccoin.dll <br/>2008-05-09 22:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL <br/>2008-05-09 22:35 788,992 ----a-w C:\Windows\System32\rpcrt4.dll <br/>2008-05-09 22:35 7,680 ----a-w C:\Windows\System32\spwmp.dll <br/>2008-05-09 22:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll <br/>2008-05-09 22:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll <br/>2008-05-09 22:33 8,192 ----a-w C:\Windows\System32\riched32.dll <br/>2008-05-09 22:32 905,400 ----a-w C:\Windows\System32\winresume.exe <br/>2008-05-09 22:30 2,048 ----a-w C:\Windows\System32\tzres.dll <br/>2008-05-09 22:29 84,480 ----a-w C:\Windows\System32\INETRES.dll <br/>2008-05-09 22:29 737,792 ----a-w C:\Windows\System32\inetcomm.dll <br/>2008-05-09 22:29 49,664 ----a-w C:\Windows\System32\csrsrv.dll <br/>2008-05-09 22:29 376,320 ----a-w C:\Windows\System32\winsrv.dll <br/>2008-05-09 22:29 2,048 ----a-w C:\Windows\System32\msxml3r.dll <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440] <br/>"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528] <br/>"BitTorrent DNA"="C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" [2008-06-02 08:22 289088] <br/>"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224] <br/>"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112] <br/>"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 11:03 29744] <br/>"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] <br/>"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208] <br/>"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-25 07:10 141848] <br/>"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-25 07:10 154136] <br/>"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-25 07:10 129560] <br/>"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 09:26 4452352 C:\Windows\RtHDVCpl.exe] <br/> <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-01 19:26:04 67128] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] <br/>2008-05-09 11:13 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] <br/>"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] <br/>--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] <br/>"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] <br/>"{D6BAD6EC-0CD8-4C8D-B2AB-F334825A0ABF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader <br/>"{32B32560-1944-4D0B-BEDE-A1D92713A627}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader <br/>"{20B2A54D-CC08-42CC-BF98-DDF951803BAB}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM <br/>"{2D32F850-9CD8-4D18-ACE0-08811776C50D}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM <br/>"{B7A30357-2316-4430-974D-EB1E9716403D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{ECCC1027-4640-4362-BA3C-9A39318A2FE0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{D82A9F86-44C0-426A-94EE-402746B10EAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{2B27A29B-F078-465D-AE45-95FCD703DB83}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger <br/>"{40435C03-72DB-4CE2-98C8-A2B9DC08A580}"= UDP:C:\Program Files\DNA\btdna.exe:DNA <br/>"{58211F4C-DEC4-4033-9B4B-FFB75D246F9E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA <br/>"{DB09820A-50E0-483E-BA45-97796820BCD2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent <br/>"{BB9DFF95-E855-4660-BCE6-92ECBF2B1C7C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent <br/>"TCP Query User{3DDEEB8D-69DD-4E33-9590-C74104597415}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger <br/>"UDP Query User{D3EC16AD-C47D-4F2F-BBB2-43B36C36422F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger <br/>"TCP Query User{F761ED08-71C5-4EDF-8A60-64B44C3AAF58}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent <br/>"UDP Query User{5B9A829C-5D51-40E8-B97F-0AFAE36898BF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] <br/>"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] <br/>"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 <br/>"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent <br/> <br/>R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-04-10 15:14] <br/>R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38] <br/>R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-24 06:37] <br/>R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 08:21] <br/>S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [] <br/> <br/>*Newly Created Service* - CATCHME <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>"2008-07-10 21:43:07 C:\Windows\Tasks\RegCure Program Check.job" <br/>- C:\Program Files\RegCure\RegCure.exe <br/>"2008-07-10 21:05:13 C:\Windows\Tasks\RegCure.job" <br/>- C:\Program Files\RegCure\RegCure.exe <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>MSConfigStartUp-cmds - C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2008-07-10 17:52:07 <br/>Windows 6.0.6000 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>Completion time: 2008-07-10 17:52:59 <br/>ComboFix-quarantined-files.txt 2008-07-10 21:52:56 <br/>ComboFix2.txt 2008-07-09 12:03:20 <br/> <br/>Pre-Run: 402,222,424,064 bytes free <br/>Post-Run: 402,207,875,072 bytes free <br/> <br/>268 --- E O F --- 2008-07-09 23:47:52
Posted 7/11/2008 7:12 AM
#63426
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/11/2008 12:56 PM
#63436
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
so far so good. Thanks a bunch you were a great help.
Posted 7/12/2008 4:12 AM
#63457
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
My pleasure :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> Please download OTMoveIt by OldTimer: [color=#0000ff>http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe</FONT>[/url]<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p> </o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Verdana; mso-fareast-font-family: Verdana"><SPAN style="mso-list: Ignore">1.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">Save it to your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Verdana; mso-fareast-font-family: Verdana"><SPAN style="mso-list: Ignore">2.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">Please double-click OTMoveIt.exe to run it. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Verdana; mso-fareast-font-family: Verdana"><SPAN style="mso-list: Ignore">3.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB; mso-bidi-font-family: Verdana; mso-fareast-font-family: Verdana"><SPAN style="mso-list: Ignore">4.<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB">This step removes the files, folders, and shortcuts created by the tools I had you download and run. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"><a target="_blank" href="http://free.grisoft.com/freeweb.php/doc/2/" target=_blank>[3][/3]</o:p> <br/><SPAN lang=EN-GB style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; mso-ansi-language: EN-GB">Please<SPAN style="mso-spacerun: yes"> read Tony Klein's excellent article<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> about how to prevent against<SPAN style="mso-spacerun: yes"> spyware/hijackers in the future<o:p></o:p> <br/> <br/>[color=#22229c><SPAN]<SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB">http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html<SPAN style="mso-spacerun: yes"> <SPAN class=MsoHyperlink><SPAN lang=EN-GB style="COLOR: windowtext; TEXT-DECORATION: none; mso-ansi-language: EN-GB; text-underline: none"><o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-ansi-language: EN-GB"><o:p> </o:p> <br/> <br/></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/12/2008 5:21 AM
#63465
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
when i click cleanup it says file access denied.
Posted 7/12/2008 5:37 AM
#63467
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Delete the alternativ/hijackthis manually then. <br/> <br/>Uninstall ComboFix.exe and all Backups of files that it deleted <br/>Click START then RUN <br/>Now type/copy: Combofix /u in the runbox and click OK. <br/> <br/>Note the space between the X and the U, it needs to be there.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 8:01 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.