Hello, I have been to this forum before and it had really helped me return my pc to normal. However recently the problem has returned and there's been more popups and automatic updates disabled; and I don't even remember downloading anything or clicking anything of suspicion! Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:38 PM, on 06/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [0058b1c0] rundll32.exe "C:\WINDOWS\system32\voyvyjtb.dll",b
O4 - HKLM\..\Run: [BM036b825c] Rundll32.exe "C:\WINDOWS\system32\vvaicphm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219891777750
O20 - AppInit_DLLs: bopare.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7597 bytes
I'm aware that the next step is probably scan using Combofix, but I have an older version of it and it prompts me that it will lose some of it's functionality if ran.
Please help! Big thanks!
Here is my ComboFix log:
ComboFix 08-09-05.02 - Hugo 2008-09-06 22:15:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.150 [GMT -4:00]
Running from: C:\Documents and Settings\Hugo\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Hugo\Cookies\hugo@clicktorrent[2].txt
C:\WINDOWS\BM036b825c.txt
C:\WINDOWS\BM036b825c.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alugtlsy.ini
C:\WINDOWS\system32\axykuu.dll
C:\WINDOWS\system32\bnovcdnl.dll
C:\WINDOWS\system32\bopare.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\btjyvyov.ini
C:\WINDOWS\system32\cqqtoa.dll
C:\WINDOWS\system32\dxntwfgv.dll
C:\WINDOWS\system32\efiSAyay.ini
C:\WINDOWS\system32\efiSAyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sinverte.dll
C:\WINDOWS\system32\thmclmsm.ini
C:\WINDOWS\system32\voyvyjtb.dll
C:\WINDOWS\system32\vvaicphm.dll
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\wpcuohxm.dll
C:\WINDOWS\system32\yayASife.dll
C:\WINDOWS\system32\yfljys.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-06 18:57 . 2008-09-06 18:57 56,832 --a------ C:\WINDOWS\v8ohh0m4.exe
2008-09-06 12:54 . 2008-09-06 12:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-06 12:39 . 2008-04-13 14:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-04 17:20 . 2008-09-04 17:20 <DIR> d-------- C:\WINDOWS\system32\wTR19
2008-09-04 17:20 . 2008-09-04 17:20 <DIR> d-------- C:\Temp\dax41
2008-09-04 17:20 . 2008-09-04 17:20 <DIR> d-------- C:\Temp
2008-08-28 15:28 . 2008-08-30 22:59 <DIR> d-------- C:\Downloads
2008-08-28 15:06 . 2008-08-28 15:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-28 15:03 . 2008-08-28 15:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-28 14:19 . 2008-08-30 13:56 <DIR> d-------- C:\Program Files\FlashGet
2008-08-28 14:03 . 2008-08-28 14:03 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-28 14:03 . 2008-08-28 14:03 <DIR> d-------- C:\Documents and Settings\Hugo\Application Data\vlc
2008-08-28 13:45 . 2008-08-28 13:45 <DIR> d-------- C:\Program Files\Real
2008-08-28 13:45 . 2008-08-28 13:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-28 13:45 . 2008-08-28 13:45 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-28 13:41 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-28 13:41 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-28 13:41 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-28 00:08 . 2008-08-28 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-28 00:01 . 2008-09-04 14:45 <DIR> d-------- C:\Program Files\Magic Workstation
2008-08-27 23:57 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-27 23:57 . 2008-08-27 23:57 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-27 23:55 . 2008-08-27 23:55 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-27 23:55 . 2008-08-27 23:55 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-27 23:55 . 2008-08-27 23:55 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-08-27 23:54 . 2008-08-30 01:02 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-27 23:53 . 2008-08-27 23:55 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-27 23:48 . 2008-08-27 23:48 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-27 23:47 . 2008-08-27 23:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-27 23:45 . 2008-08-28 13:40 <DIR> d-------- C:\Program Files\NOS
2008-08-27 23:45 . 2008-08-28 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-27 23:37 . 2008-08-30 19:38 <DIR> d-------- C:\Documents and Settings\Hugo\Contacts
2008-08-27 23:36 . 2008-08-27 23:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-27 23:34 . 2008-08-27 23:36 <DIR> d-------- C:\Program Files\Windows Live
2008-08-27 23:34 . 2008-08-27 23:35 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-27 23:34 . 2008-08-27 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-27 23:30 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-27 23:27 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-27 23:18 . 2008-08-27 23:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-27 23:18 . 2008-08-27 23:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-27 23:18 . 2008-08-27 23:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-27 23:18 . 2008-08-27 23:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-27 23:04 . 2008-04-13 20:12 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-08-27 22:50 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-27 22:50 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-27 22:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-27 22:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-27 22:50 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-27 22:43 . 2008-08-28 15:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-27 22:40 . 2008-08-27 22:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-27 22:39 . 2008-08-27 22:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-27 22:39 . 2008-08-27 22:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-27 22:27 . 2008-08-27 22:27 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-27 22:24 . 2008-08-27 22:26 <DIR> d-------- C:\Program Files\Ahead
2008-08-27 22:22 . 2008-08-27 22:22 0 --a------ C:\WINDOWS\vpc32.INI
2008-08-27 22:09 . 2008-08-27 22:09 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-08-27 22:09 . 2008-08-27 22:09 <DIR> d-------- C:\Program Files\QuickTime
2008-08-27 22:09 . 2008-08-27 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-27 22:09 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-08-27 22:09 . 2008-09-06 22:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-27 22:09 . 2008-09-06 22:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-27 22:07 . 2008-08-27 22:07 <DIR> d-------- C:\WINDOWS\system32\color
2008-08-27 22:07 . 2008-08-27 22:07 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2008-08-27 22:07 . 2008-08-27 22:07 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-08-27 22:06 . 2008-08-27 22:08 <DIR> d-------- C:\Program Files\Kodak
2008-08-27 22:06 . 2008-08-27 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-27 22:06 . 2008-08-27 22:06 83 --a------ C:\WINDOWS\CDPLAYER.INI
2008-08-27 22:04 . 2008-09-06 22:21 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-27 22:04 . 2008-08-27 22:04 <DIR> d-------- C:\Program Files\Symantec
2008-08-27 22:04 . 2008-08-27 22:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-27 22:04 . 2008-08-27 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-27 22:04 . 2006-09-18 17:55 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-27 22:04 . 2006-09-18 17:55 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-27 22:03 . 2008-08-27 22:24 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-27 21:54 . 2008-08-27 21:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 21:53 . 2008-04-13 13:39 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-27 21:52 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-27 21:52 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002059_.tmp
2008-08-27 21:50 . 2008-08-27 23:09 <DIR> d-------- C:\WINDOWS\EHome
2008-08-27 21:46 . 2008-08-27 21:46 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2008-08-27 21:46 . 2008-08-27 21:46 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 9
2008-08-27 21:15 . 2002-06-27 06:53 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2008-08-27 21:08 . 2008-08-27 21:08 <DIR> d-------- C:\Program Files\FaxTools
2008-08-27 21:08 . 2008-08-27 21:08 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-08-27 21:08 . 2008-08-27 21:08 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-08-27 21:08 . 2008-08-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-27 21:07 . 2008-08-27 21:07 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-08-27 21:07 . 2008-08-27 21:07 <DIR> d-------- C:\Documents and Settings\Hugo\WINDOWS
2008-08-27 21:03 . 2008-08-27 21:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-08-27 21:03 . 2004-06-10 21:10 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-08-27 21:02 . 2008-08-27 21:02 <DIR> d-------- C:\ATI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 02:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-28 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 00:58 --------- d-----w C:\Program Files\Intel Desktop Board
2008-08-28 00:56 --------- d-----w C:\Program Files\Intel
2008-08-28 00:52 --------- d-----w C:\Program Files\Analog Devices
2008-08-28 00:28 558,142 ----a-w C:\WINDOWS\java\Packages\GDRF5VTV.ZIP
2008-08-28 00:28 155,995 ----a-w C:\WINDOWS\java\Packages\E5NPFJVP.ZIP
2008-08-28 00:28 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-27 77824]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bopare.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
.
- - - - ORPHANS REMOVED - - - -
BHO-{3D861CFD-0077-4200-B1BD-0531773D2304} - C:\WINDOWS\system32\yayASife.dll
HKLM-Run-0058b1c0 - C:\WINDOWS\system32\voyvyjtb.dll
HKLM-Run-BM036b825c - C:\WINDOWS\system32\vvaicphm.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:23:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-06 22:25:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 02:25:30
Pre-Run: 18,157,568,000 bytes free
Post-Run: 18,121,338,880 bytes free
238 --- E O F --- 2008-08-30 15:22:39
Full Version: Automatic Updates turned off and lots of ads
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
You shouldn't run ComboFix unless a helper tells you to, it is extremely dangerous
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
QUOTE
File::
C:\WINDOWS\v8ohh0m4.exe
Folder::
C:\Temp\dax41
DirLook::
C:\Downloads
Sysrst::
Registry::
Driver::
C:\WINDOWS\v8ohh0m4.exe
Folder::
C:\Temp\dax41
DirLook::
C:\Downloads
Sysrst::
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.