Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

I'm sure I have a Virus

Options
  • 06-10-2008 6:59pm
    #1
    calliopeia
    Closed Accounts Posts: 90 ✭✭


    Hi All,
    If anyone has a clue what is going on with my computer, I havent installed anything new in a long while! But since turning it on today, zonealarm is not starting up with the computer, it came up saying I was using the trial version and i'm not, the antivirus wasnt working in also! An error comes up that system32 is unaccessable (thats been happening a lot) and theres more (i cant remember it all)
    I've taken a log with Highjack this, if you could have a look that would be great


    Logfile of HijackThis v1.99.1
    Scan saved at 18:31:17, on 06/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\Program Files\HijackThis\Beatit.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxydrive.info
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.photo2life.de
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINDOWS\system32\naver.exe (file missing)
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    Any Ideas or help would be great
    Thanks
    :)
    Tagged:


Comments

  • Options
    #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Definitely have something on there

    Please visit this web page for instructions for downloading and running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


  • Options
    #3
    calliopeia
    Closed Accounts Posts: 90 ✭✭calliopeia


    Hi Actorseekingjob,
    Thanks for the quick come back :D, here's the log:

    ComboFix 08-10-06.03 - Pam Smyth 2008-10-06 20:23:22.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT 1:00]
    Running from: C:\Documents and Settings\Pam Smyth\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pam Smyth\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Program Files\VideoAccessCodec
    C:\Program Files\VideoAccessCodec\install.ico
    C:\WINDOWS\system32\alS5OYTp.exe.a_a
    C:\WINDOWS\system32\sp430A13.exe.a_a
    BITS: Possible infected sites

    hxxp://thenmnetwork.com
    hxxp://81.29.248.59
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_WINDOWSREMOTE
    \Service_WindowsRemote


    ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
    .

    2008-09-21 17:35 . 2008-09-21 17:34 30,272 --a
    C:\WINDOWS\system32\sp430A13.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-06 19:27 23,512,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-10-06 19:26 316,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-10-06 19:26
    d
    w C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-09-29 06:32 21,807,214 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-09-21 20:40
    d
    w C:\Documents and Settings\Pam Smyth\Application Data\MailFrontier
    2008-09-21 19:40
    d
    w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-21 17:58 585,728 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
    2008-09-21 17:58 2,045,440 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
    2008-09-17 21:39 3,533,824 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
    2008-08-24 18:28
    d
    w C:\Program Files\Common Files\Adobe Systems Shared
    2008-08-24 18:27
    d
    w C:\Program Files\Common Files\Adobe
    2008-07-22 20:59 3,026,944 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
    2008-07-09 08:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2003-10-23 16:52 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2008-01-03 21:33 56 --sh--r C:\WINDOWS\system32\459F5B72C2.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 1032640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2007-08-08 1398272]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-08-08 335872]
    "FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE" [2007-08-08 207360]
    "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-08-08 496640]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "SoundMan"="SOUNDMAN.EXE" [2006-08-02 C:\WINDOWS\soundman.exe]
    "WService"="WService.EXE" [2005-08-16 C:\WINDOWS\system32\WService.exe]

    C:\Documents and Settings\Pam Smyth\Start Menu\Programs\Startup\
    Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-24 155648]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-24 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kontiki\\KService.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23988:TCP"= 23988:TCP:*:Disabled:BitComet 23988 TCP
    "23988:UDP"= 23988:UDP:*:Disabled:BitComet 23988 UDP

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
    S3 Scpieska;Scpieska;C:\WINDOWS\system32\drivers\processr.sys [2004-08-03 35328]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-30 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-26 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-12 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-04 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-04 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-14 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-21 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-21 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-10-04 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-21 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-24 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-10-01 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-10-06 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-10-06 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-10-03 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-30 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-30 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-30 C:\WINDOWS\Tasks\At25.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-10-01 C:\WINDOWS\Tasks\At26.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-28 C:\WINDOWS\Tasks\At27.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At28.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At29.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-28 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-21 C:\WINDOWS\Tasks\At30.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At31.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At32.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-29 C:\WINDOWS\Tasks\At33.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-26 C:\WINDOWS\Tasks\At34.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At35.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At36.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At37.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At38.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At39.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-14 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-21 C:\WINDOWS\Tasks\At40.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-10-04 C:\WINDOWS\Tasks\At41.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-21 C:\WINDOWS\Tasks\At42.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-24 C:\WINDOWS\Tasks\At43.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-10-06 C:\WINDOWS\Tasks\At44.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-10-06 C:\WINDOWS\Tasks\At45.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-10-03 C:\WINDOWS\Tasks\At46.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-30 C:\WINDOWS\Tasks\At47.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-30 C:\WINDOWS\Tasks\At48.job
    - C:\WINDOWS\system32\sp430A13.exe [2008-09-21 17:34]

    2008-09-14 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-14 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-07-27 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2007-12-26 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-29 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\alS5OYTp.exe []

    2008-09-14 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
    - C:\Program Files\SpywareBot\SpywareBot.exe []

    2008-09-14 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
    - C:\Program Files\SpywareBot []
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe


    .
    Supplementary Scan
    .
    FireFox -: Profile - C:\Documents and Settings\Pam Smyth\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-06 20:28:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll
    .
    Other Running Processes
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Ahead\InCD\incdsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\drivers\WtSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Muiltmedia keyboard utility\2.2D\KBDAP32A.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-06 20:45:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-06 19:44:52
    ComboFix2.txt 2007-05-07 21:46:14

    Pre-Run: 62,001,496,064 bytes free
    Post-Run: 62,283,837,440 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

    243


  • Options
    #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\system32\sp430A13.exe
C:\WINDOWS\system32\alS5OYTp.exe
C:\WINDOWS\Tasks\At*.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  • Options
    #5
    calliopeia
    Closed Accounts Posts: 90 ✭✭calliopeia


    This is what I've got so far:
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\system32\sp430A13.exe moved successfully.
    File/Folder C:\WINDOWS\system32\alS5OYTp.exe not found.
    C:\WINDOWS\Tasks\At1.job moved successfully.
    C:\WINDOWS\Tasks\At10.job moved successfully.
    C:\WINDOWS\Tasks\At11.job moved successfully.
    C:\WINDOWS\Tasks\At12.job moved successfully.
    C:\WINDOWS\Tasks\At13.job moved successfully.
    C:\WINDOWS\Tasks\At14.job moved successfully.
    C:\WINDOWS\Tasks\At15.job moved successfully.
    C:\WINDOWS\Tasks\At16.job moved successfully.
    C:\WINDOWS\Tasks\At17.job moved successfully.
    C:\WINDOWS\Tasks\At18.job moved successfully.
    C:\WINDOWS\Tasks\At19.job moved successfully.
    C:\WINDOWS\Tasks\At2.job moved successfully.
    C:\WINDOWS\Tasks\At20.job moved successfully.
    C:\WINDOWS\Tasks\At21.job moved successfully.
    C:\WINDOWS\Tasks\At22.job moved successfully.
    C:\WINDOWS\Tasks\At23.job moved successfully.
    C:\WINDOWS\Tasks\At24.job moved successfully.
    C:\WINDOWS\Tasks\At25.job moved successfully.
    C:\WINDOWS\Tasks\At26.job moved successfully.
    C:\WINDOWS\Tasks\At27.job moved successfully.
    C:\WINDOWS\Tasks\At28.job moved successfully.
    C:\WINDOWS\Tasks\At29.job moved successfully.
    C:\WINDOWS\Tasks\At3.job moved successfully.
    C:\WINDOWS\Tasks\At30.job moved successfully.
    C:\WINDOWS\Tasks\At31.job moved successfully.
    C:\WINDOWS\Tasks\At32.job moved successfully.
    C:\WINDOWS\Tasks\At33.job moved successfully.
    C:\WINDOWS\Tasks\At34.job moved successfully.
    C:\WINDOWS\Tasks\At35.job moved successfully.
    C:\WINDOWS\Tasks\At36.job moved successfully.
    C:\WINDOWS\Tasks\At37.job moved successfully.
    C:\WINDOWS\Tasks\At38.job moved successfully.
    C:\WINDOWS\Tasks\At39.job moved successfully.
    C:\WINDOWS\Tasks\At4.job moved successfully.
    C:\WINDOWS\Tasks\At40.job moved successfully.
    C:\WINDOWS\Tasks\At41.job moved successfully.
    C:\WINDOWS\Tasks\At42.job moved successfully.
    C:\WINDOWS\Tasks\At43.job moved successfully.
    C:\WINDOWS\Tasks\At44.job moved successfully.
    C:\WINDOWS\Tasks\At45.job moved successfully.
    C:\WINDOWS\Tasks\At46.job moved successfully.
    C:\WINDOWS\Tasks\At47.job moved successfully.
    C:\WINDOWS\Tasks\At48.job moved successfully.
    C:\WINDOWS\Tasks\At5.job moved successfully.
    C:\WINDOWS\Tasks\At6.job moved successfully.
    C:\WINDOWS\Tasks\At7.job moved successfully.
    C:\WINDOWS\Tasks\At8.job moved successfully.
    C:\WINDOWS\Tasks\At9.job moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\JETCE5D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF50F9.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF525E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF586E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF8E49.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF98C7.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~WRF0000.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_480.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT01cf5.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT01cff.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10062008_223557


  • Options
    #6
    calliopeia
    Closed Accounts Posts: 90 ✭✭calliopeia


    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\sp430A13.exe not found.
    File/Folder C:\WINDOWS\system32\alS5OYTp.exe not found.
    File/Folder C:\WINDOWS\Tasks\At*.job not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\JETCE5D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF8E49.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_480.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT01cf5.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT01cff.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10062008_224148

    Files moved on Reboot...
    File C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\JETCE5D.tmp not found!
    C:\DOCUME~1\PAMSMY~1\LOCALS~1\Temp\~DF8E49.tmp moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
    File C:\WINDOWS\temp\Perflib_Perfdata_480.dat not found!
    File C:\WINDOWS\temp\ZLT01cf5.TMP not found!
    File C:\WINDOWS\temp\ZLT01cff.TMP not found!
    C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Pam Smyth\Local Settings\Application Data\Mozilla\Firefox\Profiles\jklp7z18.default\XUL.mfl moved successfully.


  • Advertisement
  • Options
    #7
    calliopeia
    Closed Accounts Posts: 90 ✭✭calliopeia


    1.
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Pam Smyth at 2008-10-06 22:48:27
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 59 GB (45%) free of 131 GB
    Total RAM: 1022 MB (54% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:48:47, on 06/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Pam Smyth\Desktop\RSIT.exe
    C:\Program Files\trend micro\Pam Smyth.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxydrive.info
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.photo2life.de
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 6671 bytes


  • Options
    #8
    calliopeia
    Closed Accounts Posts: 90 ✭✭calliopeia


    info.txt logfile of random's system information tool 1.04 2008-10-06 22:48:51

    ======Uninstall list======

    -->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
    -->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Ahead NeroMediaPlayer-->C:\WINDOWS\UNNMP.exe /UNINSTALL
    Ahead NeroVision Express-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
    AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    BitComet 0.89-->C:\Program Files\BitComet\uninst.exe
    Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
    Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
    Canon PIXMA iP1500-->C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
    Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
    Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
    Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
    Corel Painter IX-->MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
    Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
    Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
    Creative ZEN Vision M Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
    Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    [email]Medi@Show-->C:\WINDOWS\IsUninst.exe[/email] -f"C:\Program Files\CyberLink DVD Solution\MediaShow\Uninst.isu"
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
    Muiltmedia keyboard utility 2.2D-->C:\Program Files\Muiltmedia keyboard utility\2.2D\uninst00.exe
    Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    Photomatix Pro version 3.0.3RC2-->"C:\Program Files\PhotomatixPro3\unins000.exe"
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
    Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
    Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Tone Mapping Plug-In 1.2-->"C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Photomatix\unins000.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
    Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
    ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009
    ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: ZoneAlarm Security Suite Antivirus
    FW: ZoneAlarm Security Suite Firewall

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    "tvdumpflags"=8
    EOF


  • Options
    #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



    Please do an online scan with Kaspersky WebScanner

    Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      Advertisement