Yeah, another person who downloaded this dumb pos...
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:20 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\aim6\anotify.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\move link.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [shimfree] C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREYDA~1\cornsafeamen.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6141 bytes
ComboFixLog
ComboFix 07-08-14.4 - "Matt" 2007-08-17 13:37:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
C:\Program Files\winupdates\a.tmp
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))
2007-08-17 13:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:05 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Aim
2007-08-16 23:59 <DIR> d-------- C:\Program Files\BuddyList Ops
2007-08-14 13:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:47 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 18:47 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-10 18:47 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-10 18:47 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-10 18:47 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 18:47 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-10 18:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-08 21:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-07 06:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 15:16 <DIR> d-------- C:\Program Files\iPod
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
2007-07-30 15:13 <DIR> d-------- C:\Program Files\Microangelo Toolset 6
2007-07-30 15:11 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-07-30 15:11 <DIR> d-------- C:\Program Files\WindowBlinds
2007-07-18 11:57 <DIR> d-------- C:\Program Files\Paint.NET
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-17 13:42 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Xfire
2007-08-17 03:08 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-16 23:02 --------- d---s---- C:\Program Files\Xfire
2007-08-14 00:21 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-13 21:24 --------- d-------- C:\Program Files\Trillian
2007-08-04 15:17 --------- d-------- C:\Program Files\iTunes
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Blumentals
2007-07-16 01:19 --------- d-------- C:\Program Files\QuickTime
2007-07-16 01:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-03 22:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\ArcSoft
2007-07-03 21:50 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Apple Computer
2007-07-03 14:52 --------- d-------- C:\Program Files\CoD2 Patch Switcher
2007-07-02 16:13 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:28 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Viewpoint
2007-06-17 17:23 --------- d-------- C:\Program Files\Common Files\SunnComm Shared
2007-06-17 16:06 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-06-17 16:06 --------- d-------- C:\Program Files\Common Files\Real
2007-06-17 16:06 --------- d-------- C:\Program Files\Best Buy Rhapsody
2007-06-17 16:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Real
2007-06-17 15:39 --------- d-------- C:\Program Files\Real
2007-06-17 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 15:37 --------- d-------- C:\Program Files\Common Files\ArcSoft
2007-06-17 15:37 --------- d-------- C:\Program Files\ArcSoft
2007-06-14 14:09 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-17 07:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 07:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 18:53 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\move link.exe" [2007-08-17 11:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"shimfree"="C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREYDA~1\cornsafeamen.exe" [2007-08-02 00:24]
C:\Documents and Settings\Dawn Bollenbecker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-02 18:44:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WINDOW~4\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\WINDOW~4\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Contents of the 'Scheduled Tasks' folder
2007-08-17 17:00:00 C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job - c:\docume~1\dawnbo~1\applic~1\greyda~1\ThatDaleProgram.exe
2007-08-11 19:11:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 13:41:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 13:43:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-17 13:43
--- E O F ---
Full Version: W3player...
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi,
I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!
Avira, AVG OR Avast are good FREE antivirus.
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!
Avira, AVG OR Avast are good FREE antivirus.
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
QUOTE
File::
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
Folder::
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Dog Beep Grid"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shimfree"=-
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
Folder::
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Dog Beep Grid"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shimfree"=-
Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
I have adaware or whatever but i didn't realize i didn't have anti-virus protection...my windows version is screwed up and now regedit/taskmanger/etc. and some system tools like volume/paint/etc. have been uninstalled...i don't have a windows cd so i can't reinstall any of it.. but yeah, getting to the point, windows got screwed up before, had to do fresh install, didn't have a cd so i had to use cousins and it didn't accept the original cd key i had on my computer, so we had to use a key generator. i already had AVG on there before the fresh install. Thank you for the reply. Much appreciated.
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:24 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5356 bytes
ComboFix Log
ComboFix 07-08-14.4 - "Dawn Bollenbecker" 2007-08-17 13:37:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
C:\Program Files\winupdates\a.tmp
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))
2007-08-17 13:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:05 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Aim
2007-08-16 23:59 <DIR> d-------- C:\Program Files\BuddyList Ops
2007-08-14 13:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:47 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 18:47 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-10 18:47 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-10 18:47 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-10 18:47 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 18:47 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-10 18:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-08 21:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-07 06:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 15:16 <DIR> d-------- C:\Program Files\iPod
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
2007-07-30 15:13 <DIR> d-------- C:\Program Files\Microangelo Toolset 6
2007-07-30 15:11 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-07-30 15:11 <DIR> d-------- C:\Program Files\WindowBlinds
2007-07-18 11:57 <DIR> d-------- C:\Program Files\Paint.NET
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-17 13:42 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Xfire
2007-08-17 03:08 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-16 23:02 --------- d---s---- C:\Program Files\Xfire
2007-08-14 00:21 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-13 21:24 --------- d-------- C:\Program Files\Trillian
2007-08-04 15:17 --------- d-------- C:\Program Files\iTunes
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Blumentals
2007-07-16 01:19 --------- d-------- C:\Program Files\QuickTime
2007-07-16 01:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-03 22:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\ArcSoft
2007-07-03 21:50 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Apple Computer
2007-07-03 14:52 --------- d-------- C:\Program Files\CoD2 Patch Switcher
2007-07-02 16:13 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:28 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Viewpoint
2007-06-17 17:23 --------- d-------- C:\Program Files\Common Files\SunnComm Shared
2007-06-17 16:06 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-06-17 16:06 --------- d-------- C:\Program Files\Common Files\Real
2007-06-17 16:06 --------- d-------- C:\Program Files\Best Buy Rhapsody
2007-06-17 16:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Real
2007-06-17 15:39 --------- d-------- C:\Program Files\Real
2007-06-17 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 15:37 --------- d-------- C:\Program Files\Common Files\ArcSoft
2007-06-17 15:37 --------- d-------- C:\Program Files\ArcSoft
2007-06-14 14:09 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-17 07:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 07:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 18:53 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\move link.exe" [2007-08-17 11:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"shimfree"="C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREYDA~1\cornsafeamen.exe" [2007-08-02 00:24]
C:\Documents and Settings\Dawn Bollenbecker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-02 18:44:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WINDOW~4\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\WINDOW~4\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Contents of the 'Scheduled Tasks' folder
2007-08-17 17:00:00 C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job - c:\docume~1\dawnbo~1\applic~1\greyda~1\ThatDaleProgram.exe
2007-08-11 19:11:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 13:41:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 13:43:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-17 13:43
--- E O F ---
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:24 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5356 bytes
ComboFix Log
ComboFix 07-08-14.4 - "Dawn Bollenbecker" 2007-08-17 13:37:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
C:\Program Files\winupdates\a.tmp
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))
2007-08-17 13:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:05 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Aim
2007-08-16 23:59 <DIR> d-------- C:\Program Files\BuddyList Ops
2007-08-14 13:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:47 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 18:47 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-10 18:47 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-10 18:47 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-10 18:47 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 18:47 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-10 18:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-08 21:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-07 06:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 15:16 <DIR> d-------- C:\Program Files\iPod
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
2007-08-02 00:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
2007-07-30 15:13 <DIR> d-------- C:\Program Files\Microangelo Toolset 6
2007-07-30 15:11 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-07-30 15:11 <DIR> d-------- C:\Program Files\WindowBlinds
2007-07-18 11:57 <DIR> d-------- C:\Program Files\Paint.NET
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-17 13:42 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Xfire
2007-08-17 03:08 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-16 23:02 --------- d---s---- C:\Program Files\Xfire
2007-08-14 00:21 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-13 21:24 --------- d-------- C:\Program Files\Trillian
2007-08-04 15:17 --------- d-------- C:\Program Files\iTunes
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Blumentals
2007-07-16 01:19 --------- d-------- C:\Program Files\QuickTime
2007-07-16 01:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-03 22:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\ArcSoft
2007-07-03 21:50 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Apple Computer
2007-07-03 14:52 --------- d-------- C:\Program Files\CoD2 Patch Switcher
2007-07-02 16:13 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:28 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Viewpoint
2007-06-17 17:23 --------- d-------- C:\Program Files\Common Files\SunnComm Shared
2007-06-17 16:06 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-06-17 16:06 --------- d-------- C:\Program Files\Common Files\Real
2007-06-17 16:06 --------- d-------- C:\Program Files\Best Buy Rhapsody
2007-06-17 16:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Real
2007-06-17 15:39 --------- d-------- C:\Program Files\Real
2007-06-17 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 15:37 --------- d-------- C:\Program Files\Common Files\ArcSoft
2007-06-17 15:37 --------- d-------- C:\Program Files\ArcSoft
2007-06-14 14:09 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-17 07:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 07:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 18:53 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\move link.exe" [2007-08-17 11:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"shimfree"="C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREYDA~1\cornsafeamen.exe" [2007-08-02 00:24]
C:\Documents and Settings\Dawn Bollenbecker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-02 18:44:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WINDOW~4\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\WINDOW~4\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Contents of the 'Scheduled Tasks' folder
2007-08-17 17:00:00 C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job - c:\docume~1\dawnbo~1\applic~1\greyda~1\ThatDaleProgram.exe
2007-08-11 19:11:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 13:41:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 13:43:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-17 13:43
--- E O F ---
Hi,
Can you post the C:\Combofix.txt please? Because you posted the same combofixlog as before.
Can you post the C:\Combofix.txt please? Because you posted the same combofixlog as before.
Doh! sorry dude, here ya go.
ComboFix 07-08-14.4 - "Dawn Bollenbecker" 2007-08-20 23:50:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.489 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Dawn Bollenbecker\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog\move link.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA\cornsafeamen.exe
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA\gzogflnv.exe
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))
2007-08-17 13:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:05 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Aim
2007-08-16 23:59 <DIR> d-------- C:\Program Files\BuddyList Ops
2007-08-14 13:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:47 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 18:47 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-10 18:47 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-10 18:47 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-10 18:47 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 18:47 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-10 18:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-08 21:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-07 06:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 15:16 <DIR> d-------- C:\Program Files\iPod
2007-07-30 15:13 <DIR> d-------- C:\Program Files\Microangelo Toolset 6
2007-07-30 15:11 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-07-30 15:11 <DIR> d-------- C:\Program Files\WindowBlinds
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-20 23:55 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Xfire
2007-08-20 23:47 --------- d-------- C:\Program Files\Viewpoint
2007-08-19 23:38 --------- d-------- C:\Program Files\Trillian
2007-08-18 18:54 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-16 23:02 --------- d---s---- C:\Program Files\Xfire
2007-08-14 00:21 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-10 19:09 --------- d-------- C:\Program Files\Paint.NET
2007-08-04 15:17 --------- d-------- C:\Program Files\iTunes
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Blumentals
2007-07-16 01:19 --------- d-------- C:\Program Files\QuickTime
2007-07-16 01:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-03 22:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\ArcSoft
2007-07-03 21:50 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Apple Computer
2007-07-03 14:52 --------- d-------- C:\Program Files\CoD2 Patch Switcher
2007-07-02 16:13 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 14:09 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 18:53 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
C:\Documents and Settings\Dawn Bollenbecker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-02 18:44:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WINDOW~4\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\WINDOW~4\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Contents of the 'Scheduled Tasks' folder
2007-08-18 19:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 23:54:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-20 23:57:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 23:57
C:\ComboFix2.txt ... 2007-08-17 13:43
--- E O F ---
ComboFix 07-08-14.4 - "Dawn Bollenbecker" 2007-08-20 23:50:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.489 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Dawn Bollenbecker\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Open Ante Anti Dog\move link.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Camp Grid Open
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA\cornsafeamen.exe
C:\DOCUME~1\DAWNBO~1\APPLIC~1\GREY DATA\gzogflnv.exe
C:\WINDOWS\Tasks\AF9C9A3A93DB0B6A.job
((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))
2007-08-17 13:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:05 <DIR> d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Aim
2007-08-16 23:59 <DIR> d-------- C:\Program Files\BuddyList Ops
2007-08-14 13:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:47 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 18:47 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-10 18:47 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-10 18:47 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-10 18:47 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 18:47 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-10 18:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-08 21:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-07 06:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 15:16 <DIR> d-------- C:\Program Files\iPod
2007-07-30 15:13 <DIR> d-------- C:\Program Files\Microangelo Toolset 6
2007-07-30 15:11 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-07-30 15:11 <DIR> d-------- C:\Program Files\WindowBlinds
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-20 23:55 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Xfire
2007-08-20 23:47 --------- d-------- C:\Program Files\Viewpoint
2007-08-19 23:38 --------- d-------- C:\Program Files\Trillian
2007-08-18 18:54 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-16 23:02 --------- d---s---- C:\Program Files\Xfire
2007-08-14 00:21 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-10 19:09 --------- d-------- C:\Program Files\Paint.NET
2007-08-04 15:17 --------- d-------- C:\Program Files\iTunes
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Blumentals
2007-07-16 01:19 --------- d-------- C:\Program Files\QuickTime
2007-07-16 01:17 --------- d-------- C:\Program Files\Apple Software Update
2007-07-03 22:06 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\ArcSoft
2007-07-03 21:50 --------- d-------- C:\DOCUME~1\DAWNBO~1\APPLIC~1\Apple Computer
2007-07-03 14:52 --------- d-------- C:\Program Files\CoD2 Patch Switcher
2007-07-02 16:13 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 11:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 14:09 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 18:53 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
C:\Documents and Settings\Dawn Bollenbecker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-02 18:44:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WINDOW~4\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\WINDOW~4\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Contents of the 'Scheduled Tasks' folder
2007-08-18 19:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 23:54:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-20 23:57:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 23:57
C:\ComboFix2.txt ... 2007-08-17 13:43
--- E O F ---
Hi,
Check and fix next leftover in HijackThis:
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
Delete the C:\Qoobox folder
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
Check and fix next leftover in HijackThis:
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
Delete the C:\Qoobox folder
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 6
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Everything works fine now.
The only reason I had a downgraded version of Java was because the virus somehow slowed Java down, and I play on pogo.com which made it really really slow to use, and I got frustrated.
Haven't seen a pop-up yet and computer seems a bit faster, thanks
-Matt
The only reason I had a downgraded version of Java was because the virus somehow slowed Java down, and I play on pogo.com which made it really really slow to use, and I got frustrated.
Haven't seen a pop-up yet and computer seems a bit faster, thanks
-Matt
Glad I could help. 
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Happy Surfing again!
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Happy Surfing again!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.