954,242 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

Selective sites

Hello to my family at DaniWeb !!!
I have a Emachine W3050,Windows Home Edition, SP2
The computer has "connecting problems and I'm not sure if it is a virus that is causing the problem.
The computer goes to the following sites with no problems......msn,dell,download.com, and daniweb.com. I'm sure there are a million other sites that it will go to but thats the ones I've mainly tried.
The computer won't go to the following sights....avg.com,avast.com. The computer also will not update any antispyware/antivirus programs that I have tried.....AVG & Avast.
I looked in the "restricted" sites and there are none listed. I went into the "trusted" sites and added avg & avast, but that didn't help. I'm confused ! I thought that it might have been ZoneAlarm but I have uninstalled that and am now just using Windows Firewall till I get this computer fixed.
Here is a HijackThis log to see if there are any nasties.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:36 AM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-91371904-2387650626-3166037947-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-91371904-2387650626-3166037947-1007\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (User '?')
O4 - HKUS\S-1-5-21-91371904-2387650626-3166037947-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-91371904-2387650626-3166037947-1007\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6980 bytes
Please let me know what you think. All help is greatly appreciated !!!

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.

  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    Select it and click Remove.

  • Then Download and install the newest version from here:


==

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

==

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} -


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster . If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Brother Crunchie Sir ,
Thanks for your reply and wisdom !
I removed the old Java, and installed the latest and greatest.
I downloaded Hostsexpert and ran it. It took half a second and was done.
Did the HijackThis thing.
Downloaded SpywareBlaster, updated it, BUT, still, when I try to go to avg.com or Avast.com, it redirects me to LiveSearch.com - grrrrrr
I tried to update Avast and it still says that it cannot connect to server.
I did a little looking around and see that I have SP3 but I don't have Internet Explorer 7. I still have Internet 6 for some reason. Would that have anything to do with all this ?
Here is my new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:50 AM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6246 bytes

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

I went ahead and installed Internet Explorer 7. When it came time for me to choose a " Search provider " I tried choosing Google but it wouldn't let me. It kept saying that " The search provider could not be installed".
Guess which provider was the only one it would let me use.......Yep, LIVE SEARCH. Thats the one it kept going to when I tried to go to AVG & Avast.com.
I tried going back and changing it to Google search provider and it still won't let me.
My home page is Google, so I don't know why it won't let me make that my primary search provider up in the top right cornner of my home page ?
After I installed Internet Explorer 7 , I tried to go to AVG & Avast.com and it just says " Internet Explorer cannot display the webpage"
I also can't go to Bleepingcomputer.com either. Those are the only 3 websites that I can't go to. I am lost !
I also tried to update Avast Antivirus and all I still get is " Cannot connect to the server"
Any more help ?

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

Please download ComboFix by sUBs from HERE or HERE You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop

  • Physically disconnect from the internet.

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


It wouldn't let me go to those sights to download CF so I am downloading it to my other computer and transfer it by way of thumb drives, to the desktop of the non working machine. I'll send logs when I'm in in a little while.
Thank you for working with me so far Mr. Crunchie Sir !

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

Ok, Mr Crunchie Sir.,
Here are the logs ya wanted. It looks like it found stuff that no other programs could find.
ComboFix 08-10-25.01 - Penny 2008-10-26 23:32:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.177 [GMT -5:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\TDSSinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 18:26 . 2008-10-26 18:26 d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 11:07 . 2008-10-26 11:09 d-------- C:\Program Files\SpywareBlaster
2008-10-26 10:52 . 2008-10-26 10:52 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 10:52 . 2008-10-26 10:52 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-26 02:27 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-10-26 02:27 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-10-26 02:23 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005586_.tmp
2008-10-26 02:23 . 2008-10-26 03:41 2,711 --a------ C:\WINDOWS\imsins.BAK
2008-10-25 02:02 . 2008-10-26 03:53 53,248 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-25 02:02 . 2008-10-25 02:04 34,816 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-25 01:01 . 2008-10-25 10:40 d-------- C:\Program Files\Alwil Software
2008-10-04 15:24 . 2008-10-04 15:24 d-------- C:\Documents and Settings\Penny\Application Data\iolo
2008-10-04 15:24 . 2008-10-04 15:24 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-10-04 15:24 . 2008-10-04 15:24 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-30 01:17 . 2008-10-25 02:04 d-------- C:\Program Files\FrostWire
2008-09-30 01:17 . 2008-10-09 11:59 d-------- C:\Documents and Settings\Penny\Application Data\FrostWire
2008-09-29 12:28 . 2008-09-29 12:28 1,402 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-29 12:11 . 2008-04-14 05:42 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-09-29 12:10 . 2008-04-14 05:42 162,304 --------- C:\WINDOWS\system32\wuaucpl.cpl
2008-09-29 11:53 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002399_.tmp
2008-09-28 17:02 . 2002-09-03 11:25 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-28 17:01 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-28 17:00 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-09-28 16:59 . 2008-04-14 00:16 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-09-28 16:59 . 2008-04-14 00:16 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-09-28 16:59 . 2008-04-14 00:16 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-09-28 16:59 . 2008-04-14 00:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-09-28 16:58 . 2008-09-28 16:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-28 16:58 . 2008-09-28 16:58 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-28 16:58 . 2008-09-28 16:58 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-28 16:58 . 2008-09-28 16:58 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-28 16:58 . 2008-09-28 16:58 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-28 14:16 . 2008-04-14 05:41 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2008-09-28 14:16 . 2008-04-14 05:42 34,304 --a------ C:\WINDOWS\system32\mtxlegih.dll
2008-09-28 14:16 . 2008-04-14 05:42 30,720 --a------ C:\WINDOWS\system32\mtxdm.dll
2008-09-28 14:16 . 2008-04-14 05:42 6,144 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2008-09-28 14:16 . 2008-04-14 05:42 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2008-09-28 10:14 . 2008-04-14 05:41 28,160 --a------ C:\WINDOWS\system32\comaddin.dll
2008-09-28 10:13 . 2008-04-14 05:41 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2008-09-28 10:13 . 2008-04-14 05:42 59,392 --a------ C:\WINDOWS\system32\stclient.dll
2008-09-28 10:12 . 2008-04-14 05:41 226,304 --a------ C:\WINDOWS\system32\catsrv.dll
2008-09-28 10:12 . 2008-04-14 05:41 110,592 --a------ C:\WINDOWS\system32\clbcatex.dll
2008-09-28 10:12 . 2008-04-14 05:41 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2008-09-28 10:11 . 2008-04-14 05:41 539,648 --a------ C:\WINDOWS\system32\comuid.dll
2008-09-28 10:11 . 2008-04-14 05:41 167,424 --a------ C:\WINDOWS\system32\comsnap.dll
2008-09-28 10:10 . 2008-04-14 05:41 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2008-09-28 10:04 . 2008-04-14 05:42 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2008-09-28 10:01 . 2008-04-14 05:41 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2008-09-28 10:01 . 2008-04-14 05:41 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2008-09-28 10:00 . 2008-04-14 05:42 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2008-09-28 10:00 . 2008-04-14 05:42 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2008-09-28 10:00 . 2008-04-14 05:42 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2008-09-28 09:59 . 2008-04-14 05:42 1,135,616 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-09-28 09:59 . 2008-04-14 05:42 538,624 --a------ C:\WINDOWS\system32\spider.exe
2008-09-28 09:59 . 2008-04-14 05:43 139,656 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2008-09-28 09:59 . 2008-04-14 05:42 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2008-09-28 09:59 . 2008-04-14 05:42 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2008-09-28 09:59 . 2008-04-14 05:42 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2008-09-28 09:58 . 2008-04-14 05:41 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll
2008-09-28 09:58 . 2008-04-14 05:42 677,888 --a------ C:\WINDOWS\system32\mstsc.exe
2008-09-28 09:57 . 2008-04-14 05:42 141,312 --a------ C:\WINDOWS\system32\sessmgr.exe
2008-09-28 09:57 . 2008-04-14 05:42 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2008-09-28 09:57 . 2008-04-14 05:42 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2008-09-28 09:56 . 2008-04-14 05:42 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2008-09-28 09:56 . 2004-08-03 22:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2008-09-28 09:55 . 2008-04-14 05:42 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2008-09-28 09:55 . 2008-04-14 05:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2008-09-28 09:54 . 2008-04-14 05:42 62,976 --a------ C:\WINDOWS\system32\rdpclip.exe
2008-09-28 09:54 . 2008-04-14 05:42 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2008-09-28 09:53 . 2008-04-14 05:41 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2008-09-28 09:53 . 2008-04-14 05:41 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2008-09-28 09:52 . 2008-04-14 05:41 625,664 --a------ C:\WINDOWS\system32\catsrvut.dll
2008-09-28 09:52 . 2008-04-14 05:42 427,008 --a------ C:\WINDOWS\system32\msdtcprx.dll
2008-09-28 09:51 . 2008-04-14 05:41 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2008-09-28 09:41 . 2008-04-14 00:02 196,224 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-09-28 09:41 . 2008-04-14 05:41 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2008-09-28 09:40 . 2008-04-14 00:15 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-09-28 09:39 . 2008-04-14 00:10 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-28 09:39 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-09-28 09:37 . 2004-07-12 01:50 1,642,496 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-28 09:37 . 2004-07-12 01:50 1,363,968 --a------ C:\WINDOWS\system32\nview.dll
2008-09-28 09:37 . 2004-07-12 01:50 1,110,016 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-09-28 09:37 . 2004-07-12 01:50 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-09-28 09:37 . 2004-07-12 01:50 843,776 --a------ C:\WINDOWS\system32\nwiz.exe
2008-09-28 09:37 . 2004-07-12 01:50 454,656 --a------ C:\WINDOWS\system32\nvshell.dll
2008-09-28 09:37 . 2004-07-12 01:50 438,272 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-09-28 09:37 . 2004-07-12 01:50 352,256 --a------ C:\WINDOWS\system32\keystone.exe
2008-09-28 09:37 . 2004-07-12 01:50 73,728 --a------ C:\WINDOWS\system32\nvtuicpl.cpl
2008-09-28 09:37 . 2008-10-26 23:21 4,452 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-28 09:36 . 2008-04-14 05:42 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-09-28 09:36 . 2008-04-14 05:41 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-09-28 09:35 . 2008-04-14 05:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-09-28 09:33 . 2002-09-03 11:50 1,086,182 -ra------ C:\WINDOWS\SETAA.tmp
2008-09-28 09:33 . 2002-09-03 11:35 13,608 -ra------ C:\WINDOWS\SETB5.tmp
2008-09-28 09:33 . 2002-09-03 12:16 7,046 -ra------ C:\WINDOWS\SETC5.tmp
2008-09-28 04:25 . 2008-10-26 18:53 469,319,680 --a------ C:\WINDOWS\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 04:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-26 15:52 --------- d-----w C:\Program Files\Java
2008-10-26 06:20 --------- d-----w C:\Program Files\Common Files\EncodeMP3Mem2
2008-10-26 05:52 --------- d-----w C:\Program Files\Trend Micro
2008-10-25 07:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-25 07:04 --------- d-----w C:\Program Files\Shockwave.com
2008-10-25 07:04 --------- d-----w C:\Program Files\Poker Superstars
2008-10-25 07:04 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-10-25 07:04 --------- d-----w C:\Program Files\Microsoft Works
2008-10-25 07:04 --------- d-----w C:\Program Files\FaxTools
2008-10-25 07:04 --------- d-----w C:\Program Files\DivX
2008-10-25 07:04 --------- d-----w C:\Program Files\BFG
2008-10-25 05:55 --------- d-----w C:\Program Files\VS Revo Group
2008-10-09 17:03 47,804 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-09 17:03 3,987,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-29 17:46 --------- d-----w C:\Documents and Settings\Penny\Application Data\SUPERAntiSpyware.com
2008-09-29 17:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-29 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 02:59 --------- d-----w C:\Documents and Settings\Penny\Application Data\BearShare
2008-09-15 02:57 --------- d-----w C:\Program Files\BearShare applications
2008-09-14 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-14 19:18 --------- d-----w C:\Program Files\Zone Labs
2008-09-14 07:06 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-09-14 07:06 --------- d-----w C:\Documents and Settings\Penny\Application Data\Auslogics
2008-09-14 07:02 --------- d-----w C:\Program Files\Yahoo!
2008-09-14 07:02 --------- d-----w C:\Program Files\Common Files\scanner
2008-09-14 06:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-09-14 04:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-13 23:15 --------- d-----w C:\Program Files\BFGT
2008-09-13 22:23 --------- d-----w C:\Documents and Settings\Penny\Application Data\GlarySoft
2008-09-13 22:22 --------- d-----w C:\Program Files\Registry Repair
2008-09-13 21:22 --------- d-----w C:\Documents and Settings\Penny\Application Data\Malwarebytes
2008-09-13 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-13 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-09 11:47 1,285,562 --sh--w C:\WINDOWS\system32\afuabjvb.tmp
2008-08-31 15:12 --------- d-----w C:\Documents and Settings\Penny\Application Data\Sony Corporation
2008-08-30 16:16 2,605,196 --sha-w C:\WINDOWS\system32\fpiecaxm.tmp
2008-08-30 15:13 --------- d-----w C:\Program Files\Defender Pro
2008-04-06 10:42 590 ----a-w C:\Documents and Settings\Theodis\Application Data\wklnhst.dat
2007-10-31 18:22 292 -c--a-w C:\Documents and Settings\Penny\Application Data\wklnhst.dat
2007-01-07 07:41 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 4112384]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-06-26 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\69963498633979262361482885005788
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antispy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe334b1db
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0078247
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryCleanFixMFC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Santa
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seusbkm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_TBPS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-07 02:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-12 01:50 843776 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"LexBceS"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 SNDMI13;Mega Pixel Camera (8105 SXGA);C:\WINDOWS\system32\DRIVERS\sndmi13.sys [2004-09-17 217856]
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-21 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\system32\cleanmgr.exe [2008-04-14 05:42]

2005-03-19 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 05:42]

2005-03-19 C:\WINDOWS\Tasks\ISP signup reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 05:42]

2008-09-13 C:\WINDOWS\Tasks\McAfee Cleanup.job
- C:\DOCUME~1\Penny\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 23:36:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\tdssserv.sys)]

.
Completion time: 2008-10-26 23:39:27
ComboFix-quarantined-files.txt 2008-10-27 04:38:59
ComboFix2.txt 2008-09-14 15:18:30

Pre-Run: 57,703,198,720 bytes free
Post-Run: 57,710,735,360 bytes free

277 --- E O F --- 2008-07-09 13:03:07
------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:27 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5472 bytes

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

YES !!!!!!!!!!!!!!!!!!
That did it ! It must have been that ROOT KIT, that no other program could find.
This computer works perfect ! Avast updated instantly when I rebooted, I can go to avast and avg.com, and it was able to change my search provider to Google !!!!!!!!!!!!!!!!!!!
YES !
Thank you Mr Crunchie Sir ! You are awsome help ! I hope to help others as you have helped me soo much !!!
How can I gaurd better from those root-kits. I have Avast, and Spyware Blaster, now. Should I put Zone Alarm back on here ? Or is there another firewall thats even better ?
Let me know, please Sir.

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

I will have to get back to you later. My apologies.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

I will close this since Crunchie is very busy.
Thanks again Mr Crunchie Sir !!!!!!!!!

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

Comodo firewall is better imo. Sorry for not getting back sooner. Be careful where you surf and what you download is the main thing :).
Logs look good.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Mr. Crunchie Sir, I just read about the new Comodo Internet Security
http://www.downloadsquad.com/2008/10/30/free-comodo-internet-security-is-here-screenshot-tour/
Please tell me what ya think about this.

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

and, could you use it with Avast Antivirus ?

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

I only use the Comodo firewall+defence, not the AV. Two AV's should not be used side by side as they will cause problems.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
3 Years Ago
0

Thank you again Sir for your wisdom !!!
I am switching to Comodo+defence!

Tumbleweedracef
Posting Pro in Training
453 posts since Aug 2007
Reputation Points: 54
Solved Threads: 0
 
3 Years Ago
0

No worries :)

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed