 |  |  |  |  |  |  |  |
A few random popups remain after Vundo
 |
After what I thought was a good job of cleaning my system of Vundo, a few popups remain.
Please find below my HJT log file and any ideas you have are more than welcome.
Thanks,
Matthew
------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:37 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdc...ad/tgctlcm.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6614 bytes
Please find below my HJT log file and any ideas you have are more than welcome.
Thanks,
Matthew
------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:37 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdc...ad/tgctlcm.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6614 bytes
Download this file from one of the following links :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe
1. Make sure that Combofix is downloaded and run from your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe
1. Make sure that Combofix is downloaded and run from your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Thanks for your help so far, here is what you requested.
----
ComboFix 07-11-06.4 - baff 2007-11-06 10:13:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1682 [GMT -5:00]
Running from: Z:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.
2007-11-05 23:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-05 15:34 83,008 --a------ C:\WINDOWS\system32\jcowxcmv.dll
2007-11-05 15:28 85,568 --a------ C:\WINDOWS\system32\toigxtgr.dll
2007-11-03 22:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 22:12 <DIR> d-------- C:\VundoFix Backups
2007-11-03 22:05 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-03 22:05 32,256 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-03 22:02 6,802 ---hs---- C:\WINDOWS\system32\xyadd.ini2
2007-11-03 21:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:53 <DIR> d-------- C:\WINDOWS\?ymantec
2007-11-03 21:52 <DIR> d-------- C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:49 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-11-03 21:49 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:49 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-11-03 21:48 <DIR> dr--s---- C:\WINDOWS\assembly
2007-11-03 21:48 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-11-03 21:48 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:48 <DIR> d---s---- C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:48 36,352 --a------ C:\WINDOWS\system32\gebbcby.dll
2007-11-03 21:47 <DIR> d-------- C:\Program Files\Symantec
2007-11-03 21:47 36,352 --a------ C:\WINDOWS\system32\iifeday.dll
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-11-03 21:46 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\AppPatch
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\AppPatch
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-11-03 21:46 <DIR> d-------- C:\Program Files\Common Files\T?sks
2007-11-03 21:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\?dobe
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\?dobe
2007-11-03 21:45 <DIR> d-------- C:\Program Files\Common Files\System
2007-11-03 21:45 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-11-03 21:45 <DIR> d-------- C:\Program Files\?asks
2007-11-03 21:45 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-11-03 21:44 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-11-03 21:44 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?ssembly
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?racle
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?ppPatch
2007-11-03 21:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-03 21:44 36,352 --a------ C:\WINDOWS\system32\ssqpool.dll
2007-11-03 21:44 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\security
2007-11-03 21:43 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?ystem
2007-11-03 21:43 <DIR> d---s---- C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?asks
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-11-03 21:42 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2007-11-03 21:42 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-11-03 21:41 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-03 21:41 <DIR> d-------- C:\temp\mZOr
2007-10-31 01:46 <DIR> d-------- C:\Documents and Settings\baff\Application Data\Move Networks
2007-10-30 01:32 <DIR> d-------- C:\Program Files\7-Zip
2007-10-23 22:41 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-23 22:41 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-10-23 22:41 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-23 22:41 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-10-23 22:41 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-10-23 22:41 217,073 --a------ C:\WINDOWS\meta4.exe
2007-10-23 22:41 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-10-23 22:41 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-10-23 22:41 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-23 22:41 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-23 22:37 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-23 22:37 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-10-23 22:37 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-10-22 01:22 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-10-22 00:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-22 00:23 <DIR> d-------- C:\Program Files\Zune
2007-10-22 00:18 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-22 00:08 <DIR> d-------- C:\Program Files\Cucusoft
2007-10-22 00:08 <DIR> d-------- C:\ConverterOutput
2007-10-22 00:08 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-10-22 00:08 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-10-22 00:08 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-22 00:08 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-22 00:08 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-10-21 23:58 <DIR> d-------- C:\Program Files\ZuneTvWatcher
2007-10-16 09:18 <DIR> d-------- C:\Program Files\DIFX
2007-10-16 09:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-16 09:17 <DIR> d-------- C:\Program Files\Common Files\ComponentOne
2007-10-13 22:37 <DIR> d-------- C:\WINDOWS\nview
2007-10-13 22:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-13 22:36 <DIR> d-------- C:\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 07:25 --------- d-----w C:\Program Files\nbpro
2007-11-06 06:57 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-06 06:39 --------- d-----w C:\Program Files\Steam
2007-11-05 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-04 02:49 --------- d-----w C:\Program Files\Common Files\?ppPatch
2007-11-04 02:48 --------- d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:47 --------- d-----w C:\Program Files\??mantec
2007-11-04 02:46 --------- d-----w C:\Program Files\Common Files\??sks
2007-11-04 02:46 --------- d-----w C:\Program Files\?icrosoft.NET
2007-11-04 02:45 --------- d-----w C:\Program Files\Common Files\??crosoft
2007-11-04 02:45 --------- d-----w C:\Program Files\?asks
2007-11-04 02:45 --------- d-----w C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-04 02:44 --------- d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:44 --------- d-----w C:\Program Files\?ssembly
2007-11-04 02:44 --------- d-----w C:\Program Files\?racle
2007-11-04 02:44 --------- d-----w C:\Program Files\?ppPatch
2007-11-04 02:44 --------- d-----w C:\Program Files\??crosoft.NET
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?ystem
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?icrosoft
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?asks
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\??sembly
2007-11-04 02:42 --------- d-----w C:\Program Files\Common Files\?asks
2007-11-02 08:03 --------- d-----w C:\Program Files\ffdshow
2007-10-25 17:46 142 ----a-w C:\Program Files\Common Files\proky.html
2007-10-22 05:10 --------- d-----w C:\Program Files\XviD
2007-10-21 06:14 --------- d-----w C:\Program Files\ASUS
2007-10-20 18:36 --------- d-----w C:\Documents and Settings\baff\Application Data\IGN_DLM
2007-10-15 04:08 --------- d-----w C:\Program Files\Qtracker
2007-10-15 04:03 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-15 04:03 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-14 05:05 --------- d-----w C:\Program Files\ATITool
2007-10-13 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 01:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 01:50 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-05 19:25 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-05 19:25 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-05 19:25 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-05 19:25 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-05 19:25 6,854,368 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-05 19:25 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-05 19:25 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-05 19:25 5,755,520 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-05 19:25 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-05 19:25 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 19:25 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-05 19:25 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-05 19:25 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-05 19:25 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-05 19:25 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-05 19:25 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-05 19:25 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-05 19:25 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-05 19:25 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-05 19:25 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-05 19:25 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-05 19:25 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-05 19:25 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-05 19:25 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-05 19:25 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-05 19:25 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-05 19:25 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-05 19:25 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-05 19:25 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-05 19:25 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-27 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-24 05:22 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2007-09-24 05:02 --------- d-----w C:\Program Files\JoyceAudioConverter
2007-09-24 05:00 --------- d-----w C:\Program Files\Helpsoft
2007-09-24 04:56 --------- d-----w C:\Program Files\GCFScape
2007-09-24 04:49 --------- d-----w C:\Documents and Settings\baff\Application Data\Softplicity
2007-09-24 04:47 --------- d-----w C:\Documents and Settings\baff\Application Data\GetRightToGo
2007-09-13 13:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-13 05:14 --------- d-----w C:\Documents and Settings\baff\Application Data\Bioshock
2007-09-11 02:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-07 18:55 6,173 ----a-w C:\WINDOWS\system32\drivers\Entech.vxd
2007-09-07 18:55 27,672 ----a-w C:\WINDOWS\system32\drivers\Entech.sys
2007-09-07 18:55 12,744 ----a-w C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-07 04:39 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-04 06:10 13,110 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-10 06:44 22,328 ----a-w C:\Documents and Settings\baff\Application Data\PnkBstrK.sys
2007-07-13 04:36 246 ----a-w C:\Program Files\Common Files\labu545
2005-04-06 01:41 663 ----a-w C:\Documents and Settings\baff\Application Data\waver_2.95.dat
2003-04-17 02:21 27,552 ----a-w C:\Documents and Settings\baff\Application Data\GDIPFONTCACHEV1.DAT
2007-05-23 06:37:18 23 --sha-w C:\WINDOWS\system32\dbfdb9_r.dll
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-07-13 04:21:17 6,369 --sh--w C:\WINDOWS\system32\rqtwa.bak1
2007-07-14 07:52:39 514 --sh--w C:\WINDOWS\system32\rqtwa.ini2
.
((((((((((((((((((((((((((((( snapshot@2007-11-03_22.16.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-11 20:04:36 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2007-11-05 04:50:42 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-10-28 16:52:42 60,664 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 03:20:21 60,664 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 16:52:42 398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 03:20:21 398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8aff8d03-afc0-479a-8e86-c980fe25346f}]
2007-11-05 15:34 83008 --a------ C:\WINDOWS\system32\jcowxcmv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
C:\WINDOWS\system32\aivskurq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C6CA3-77BF-4299-AB70-5019FCD4AF09}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 15:11 C:\WINDOWS\system32\P17.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25]
"nwiz"="nwiz.exe" [2007-10-05 14:25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25]
"fce7cecd"="C:\WINDOWS\system32\toigxtgr.dll" [2007-11-05 15:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 06:11]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 12:57]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-14 03:13:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"IMEKRMIG6.1"=764864796526306025252386548716015713461135492
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlig]
pmnmlig.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SI3114;SiI-3114 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3114.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S1 TVicPort64;TVicPort64;\??\C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys
S2 lsass;Local Security Authority Subsystem Service;"C:\WINDOWS\svhost.exe"
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;E:\Folding@Home Windows SMP Client V1.01\smpd.exe
S3 cpuz126;cpuz126;\??\C:\DOCUME~1\baff\LOCALS~1\Temp\cpuz.sys
S3 CrystalCpuInfo;CrystalCpuInfo;\??\C:\Program Files\OCCT\CpuInfo.sys
S3 RivaTuner;RivaTuner;\??\C:\RivaTuner\RivaTuner.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
S3 RivaTunerEx;RivaTunerEx;\??\C:\Program Files\RivaTuner\RivaTunerEx.sys
S3 SERREGS;SERREGS;C:\WINDOWS\system32\drivers\serregs.sys
S3 TVicPort;TVICPORT;\??\C:\WINDOWS\System32\DRIVERS\TVICPORT.SYS
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 10:13:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-06 10:14:11
C:\ComboFix2.txt ... 2007-11-03 22:16
.
--- E O F ---
And the Hijackthis log.
-------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:20 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdc...ad/tgctlcm.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6627 bytes
----
ComboFix 07-11-06.4 - baff 2007-11-06 10:13:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1682 [GMT -5:00]
Running from: Z:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.
2007-11-05 23:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-05 15:34 83,008 --a------ C:\WINDOWS\system32\jcowxcmv.dll
2007-11-05 15:28 85,568 --a------ C:\WINDOWS\system32\toigxtgr.dll
2007-11-03 22:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 22:12 <DIR> d-------- C:\VundoFix Backups
2007-11-03 22:05 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-03 22:05 32,256 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-03 22:02 6,802 ---hs---- C:\WINDOWS\system32\xyadd.ini2
2007-11-03 21:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:53 <DIR> d-------- C:\WINDOWS\?ymantec
2007-11-03 21:52 <DIR> d-------- C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:49 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-11-03 21:49 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:49 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2007-11-03 21:48 <DIR> dr--s---- C:\WINDOWS\assembly
2007-11-03 21:48 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-11-03 21:48 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:48 <DIR> d---s---- C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:48 36,352 --a------ C:\WINDOWS\system32\gebbcby.dll
2007-11-03 21:47 <DIR> d-------- C:\Program Files\Symantec
2007-11-03 21:47 36,352 --a------ C:\WINDOWS\system32\iifeday.dll
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-11-03 21:46 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\AppPatch
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\AppPatch
2007-11-03 21:46 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-11-03 21:46 <DIR> d-------- C:\Program Files\Common Files\T?sks
2007-11-03 21:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\?dobe
2007-11-03 21:45 <DIR> d-------- C:\WINDOWS\?dobe
2007-11-03 21:45 <DIR> d-------- C:\Program Files\Common Files\System
2007-11-03 21:45 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-11-03 21:45 <DIR> d-------- C:\Program Files\?asks
2007-11-03 21:45 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-11-03 21:44 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\system32
2007-11-03 21:44 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-11-03 21:44 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?ssembly
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?racle
2007-11-03 21:44 <DIR> d-------- C:\Program Files\?ppPatch
2007-11-03 21:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-03 21:44 36,352 --a------ C:\WINDOWS\system32\ssqpool.dll
2007-11-03 21:44 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-11-03 21:43 <DIR> d-------- C:\WINDOWS\security
2007-11-03 21:43 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?ystem
2007-11-03 21:43 <DIR> d---s---- C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\?asks
2007-11-03 21:43 <DIR> d-------- C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-03 21:42 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-11-03 21:42 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2007-11-03 21:42 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-11-03 21:41 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-03 21:41 <DIR> d-------- C:\temp\mZOr
2007-10-31 01:46 <DIR> d-------- C:\Documents and Settings\baff\Application Data\Move Networks
2007-10-30 01:32 <DIR> d-------- C:\Program Files\7-Zip
2007-10-23 22:41 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-23 22:41 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-10-23 22:41 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-10-23 22:41 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-10-23 22:41 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-10-23 22:41 217,073 --a------ C:\WINDOWS\meta4.exe
2007-10-23 22:41 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-10-23 22:41 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-10-23 22:41 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-10-23 22:41 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-10-23 22:37 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-23 22:37 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-10-23 22:37 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-10-22 01:22 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-10-22 00:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-22 00:23 <DIR> d-------- C:\Program Files\Zune
2007-10-22 00:18 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-22 00:08 <DIR> d-------- C:\Program Files\Cucusoft
2007-10-22 00:08 <DIR> d-------- C:\ConverterOutput
2007-10-22 00:08 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-10-22 00:08 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-10-22 00:08 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-22 00:08 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-22 00:08 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-10-21 23:58 <DIR> d-------- C:\Program Files\ZuneTvWatcher
2007-10-16 09:18 <DIR> d-------- C:\Program Files\DIFX
2007-10-16 09:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-16 09:17 <DIR> d-------- C:\Program Files\Common Files\ComponentOne
2007-10-13 22:37 <DIR> d-------- C:\WINDOWS\nview
2007-10-13 22:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-13 22:36 <DIR> d-------- C:\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 07:25 --------- d-----w C:\Program Files\nbpro
2007-11-06 06:57 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-06 06:39 --------- d-----w C:\Program Files\Steam
2007-11-05 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-04 02:49 --------- d-----w C:\Program Files\Common Files\?ppPatch
2007-11-04 02:48 --------- d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:47 --------- d-----w C:\Program Files\??mantec
2007-11-04 02:46 --------- d-----w C:\Program Files\Common Files\??sks
2007-11-04 02:46 --------- d-----w C:\Program Files\?icrosoft.NET
2007-11-04 02:45 --------- d-----w C:\Program Files\Common Files\??crosoft
2007-11-04 02:45 --------- d-----w C:\Program Files\?asks
2007-11-04 02:45 --------- d-----w C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-04 02:44 --------- d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:44 --------- d-----w C:\Program Files\?ssembly
2007-11-04 02:44 --------- d-----w C:\Program Files\?racle
2007-11-04 02:44 --------- d-----w C:\Program Files\?ppPatch
2007-11-04 02:44 --------- d-----w C:\Program Files\??crosoft.NET
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?ystem
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?icrosoft
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\?asks
2007-11-04 02:43 --------- d-----w C:\Documents and Settings\baff\Application Data\??sembly
2007-11-04 02:42 --------- d-----w C:\Program Files\Common Files\?asks
2007-11-02 08:03 --------- d-----w C:\Program Files\ffdshow
2007-10-25 17:46 142 ----a-w C:\Program Files\Common Files\proky.html
2007-10-22 05:10 --------- d-----w C:\Program Files\XviD
2007-10-21 06:14 --------- d-----w C:\Program Files\ASUS
2007-10-20 18:36 --------- d-----w C:\Documents and Settings\baff\Application Data\IGN_DLM
2007-10-15 04:08 --------- d-----w C:\Program Files\Qtracker
2007-10-15 04:03 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-15 04:03 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-14 05:05 --------- d-----w C:\Program Files\ATITool
2007-10-13 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 01:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 01:50 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-05 19:25 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-05 19:25 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-05 19:25 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-05 19:25 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-05 19:25 6,854,368 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-05 19:25 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-05 19:25 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-05 19:25 5,755,520 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-05 19:25 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-05 19:25 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 19:25 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-05 19:25 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-05 19:25 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-05 19:25 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-05 19:25 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-05 19:25 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-05 19:25 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-05 19:25 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-05 19:25 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-05 19:25 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-05 19:25 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-05 19:25 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-05 19:25 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-05 19:25 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-05 19:25 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-05 19:25 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-05 19:25 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-05 19:25 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-05 19:25 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-05 19:25 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-27 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-24 05:22 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2007-09-24 05:02 --------- d-----w C:\Program Files\JoyceAudioConverter
2007-09-24 05:00 --------- d-----w C:\Program Files\Helpsoft
2007-09-24 04:56 --------- d-----w C:\Program Files\GCFScape
2007-09-24 04:49 --------- d-----w C:\Documents and Settings\baff\Application Data\Softplicity
2007-09-24 04:47 --------- d-----w C:\Documents and Settings\baff\Application Data\GetRightToGo
2007-09-13 13:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-13 05:14 --------- d-----w C:\Documents and Settings\baff\Application Data\Bioshock
2007-09-11 02:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-07 18:55 6,173 ----a-w C:\WINDOWS\system32\drivers\Entech.vxd
2007-09-07 18:55 27,672 ----a-w C:\WINDOWS\system32\drivers\Entech.sys
2007-09-07 18:55 12,744 ----a-w C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-07 04:39 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-04 06:10 13,110 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-10 06:44 22,328 ----a-w C:\Documents and Settings\baff\Application Data\PnkBstrK.sys
2007-07-13 04:36 246 ----a-w C:\Program Files\Common Files\labu545
2005-04-06 01:41 663 ----a-w C:\Documents and Settings\baff\Application Data\waver_2.95.dat
2003-04-17 02:21 27,552 ----a-w C:\Documents and Settings\baff\Application Data\GDIPFONTCACHEV1.DAT
2007-05-23 06:37:18 23 --sha-w C:\WINDOWS\system32\dbfdb9_r.dll
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-07-13 04:21:17 6,369 --sh--w C:\WINDOWS\system32\rqtwa.bak1
2007-07-14 07:52:39 514 --sh--w C:\WINDOWS\system32\rqtwa.ini2
.
((((((((((((((((((((((((((((( snapshot@2007-11-03_22.16.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-11 20:04:36 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2007-11-05 04:50:42 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-10-28 16:52:42 60,664 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 03:20:21 60,664 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 16:52:42 398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 03:20:21 398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8aff8d03-afc0-479a-8e86-c980fe25346f}]
2007-11-05 15:34 83008 --a------ C:\WINDOWS\system32\jcowxcmv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
C:\WINDOWS\system32\aivskurq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C6CA3-77BF-4299-AB70-5019FCD4AF09}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 15:11 C:\WINDOWS\system32\P17.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25]
"nwiz"="nwiz.exe" [2007-10-05 14:25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25]
"fce7cecd"="C:\WINDOWS\system32\toigxtgr.dll" [2007-11-05 15:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 06:11]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 12:57]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-14 03:13:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"IMEKRMIG6.1"=764864796526306025252386548716015713461135492
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlig]
pmnmlig.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SI3114;SiI-3114 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3114.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S1 TVicPort64;TVicPort64;\??\C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys
S2 lsass;Local Security Authority Subsystem Service;"C:\WINDOWS\svhost.exe"
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;E:\Folding@Home Windows SMP Client V1.01\smpd.exe
S3 cpuz126;cpuz126;\??\C:\DOCUME~1\baff\LOCALS~1\Temp\cpuz.sys
S3 CrystalCpuInfo;CrystalCpuInfo;\??\C:\Program Files\OCCT\CpuInfo.sys
S3 RivaTuner;RivaTuner;\??\C:\RivaTuner\RivaTuner.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
S3 RivaTunerEx;RivaTunerEx;\??\C:\Program Files\RivaTuner\RivaTunerEx.sys
S3 SERREGS;SERREGS;C:\WINDOWS\system32\drivers\serregs.sys
S3 TVicPort;TVICPORT;\??\C:\WINDOWS\System32\DRIVERS\TVICPORT.SYS
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 10:13:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-06 10:14:11
C:\ComboFix2.txt ... 2007-11-03 22:16
.
--- E O F ---
And the Hijackthis log.
-------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:20 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdc...ad/tgctlcm.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6627 bytes
Can you please do the following.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
C:\Program Files\PartyPoker
files...
C:\WINDOWS\system32\jcowxcmv.dll
C:\WINDOWS\system32\toigxtgr.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
Run Combofix again and then after a reboot, post both logs please.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
C:\Program Files\PartyPoker
files...
C:\WINDOWS\system32\jcowxcmv.dll
C:\WINDOWS\system32\toigxtgr.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
Run Combofix again and then after a reboot, post both logs please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Random PopUps (HJT log) (Viruses, Spyware and other Nasties)
- Random PopUps (HJT log) (Viruses, Spyware and other Nasties)
- Random popups, even when not online (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: DNS error
- Next Thread: HJT Please help me remove virus
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday