Member Avatar for ANIMEBUSTER

Bigfatbiffta sorry im using your thread but i couldnt figure out how to Make a new thread LOL! i was woundering if someone could help me i have the same problem Of the stupid Virus Alert Virus I have run HJthis and this is my log hope you can help me thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25: VIRUS ALERT!, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\3G Wireless
Module\Generic\Components\SWAutoLaunch.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\PENSOFT\fquick32.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\watcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program
Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security
2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
- http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176285444140
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E05D67B-0557-485A-B33E-27E16C5861E2}:
NameServer = 202.27.158.40 202.27.156.72
O20 - AppInit_DLLs:
????? ? P,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: rqbmvpso - {DE7CC0E0-35CE-44E1-BF3E-6E1A6549F474} -
C:\WINDOWS\rqbmvpso.dll (file missing)
O21 - SSODL: pdoskegl - {6AE120B9-2241-48CB-A453-CBA4EE37A9DE} -
C:\WINDOWS\pdoskegl.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\avp.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown
owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner
- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra
Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe

--
End of file - 7786 bytes

  • 2 Contributors
  • 10 Replies
  • 222 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 10 Replies

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Member Avatar for ANIMEBUSTER

ok thanks here is the smitfraudfix log

SmitFraudFix v2.343

Scan done at 23:00:06.10, 01/09/2008
Run from C:\Documents and Settings\Beckachu\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\3G Wireless
Module\Generic\Components\SWAutoLaunch.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\PENSOFT\fquick32.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\watcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tdssservers.dat detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssadw.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssinit.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssl.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdsslog.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssmain.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\drivers\tdssserv.sys detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Beckachu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Beckachu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Beckachu\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=hex(1):e7,21,80,7c,ff,ff,ff,ff,c0,1e,1a,00,c0,cc,07,00,50,00,2c,\


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet
Scheduler Miniport
DNS Server Search Order: 10.1.1.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 202.27.158.40
DNS Server Search Order: 202.27.156.72

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E05D67B-0557-485A-B33E-27E16C5861E2}:
NameServer=202.27.158.40 202.27.156.72
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C20F9117-5877-4AF9-BAD7-FF8DF6351D8F}:
DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C20F9117-5877-4AF9-BAD7-FF8DF6351D8F}:
DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C20F9117-5877-4AF9-BAD7-FF8DF6351D8F}:
DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2E05D67B-0557-485A-B33E-27E16C5861E2}:
NameServer=202.27.158.40 202.27.156.72
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C20F9117-5877-4AF9-BAD7-FF8DF6351D8F}:
DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Member Avatar for crunchie

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum.

    Please post the SDFix log within CODE Tags.

==

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Member Avatar for ANIMEBUSTER

ok thanks Sorry For being so late after using those programs all the restrictions seem to bo gone and the virus alert has gone but i thought i will post the logs just incase theres something else i hope i did the code tags right

[b]SDFix: Version 1.220 [/b]
Run by Beckachu on 04/09/2008 at 16:04

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Beckachu\Desktop\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\EPMR.EXE - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys  - Deleted
C:\WINDOWS\system32\tdssadw.dll  - Deleted
C:\WINDOWS\system32\tdssinit.dll  - Deleted
C:\WINDOWS\system32\tdssl.dll  - Deleted
C:\WINDOWS\system32\tdsslog.dll  - Deleted
C:\WINDOWS\system32\tdssmain.dll  - Deleted
C:\WINDOWS\system32\tdssservers.dat  - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-09-04 16:22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program
Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage
System Update"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program
Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program
Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common
Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common
Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger
(Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program
Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage
System Update"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger
(Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Beckachu\Desktop\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun  6 Apr 2008           328 ..SHR --- "C:\WINDOWS\system32\32A2D21EFE.sys"
Thu 21 Aug 2008        11,532 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 31 Aug 2008       692,556 ...H. --- "C:\Program Files\iolo\System
Mechanic Professional\unins000.exe"
Tue  3 Oct 2006        50,280 ...H. --- "C:\Program Files\Common
Files\Adobe\ESD\DLMCleanup.exe"

[b]Finished![/b]
Member Avatar for ANIMEBUSTER

ok im sorry i dont think i did the code tags right i searched and im sure thats how they said to do it:-O heres the other logs

ComboFix Log

ComboFix 08-09-01.01 - Beckachu 2008-09-04 16:37:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT 12:00]
Running from: C:\Documents and Settings\Beckachu\Desktop\ComboFix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE
INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\bin.clearspring.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\interclick.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\interclick.com\ud.sol
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\static.youku.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\#SharedObjects\HVS8CPZ3\static.youku.com\v1.0.0314\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Beckachu\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-04 to
2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 16:14 . 2008-09-04
16:47 1,774,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-04 16:14 . 2008-09-04
16:46 352,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-04 16:14 . 2008-09-04
16:46 14,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-04 16:14 . 2008-09-04
16:42 2,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-04 15:54 . 2008-09-04 15:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-01 23:00 . 2007-09-06
00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-01 23:00 . 2006-04-27
17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-01 23:00 . 2008-08-31
00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-01 23:00 . 2008-08-27
15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-01 23:00 . 2008-05-18
21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-01 23:00 . 2008-08-28
22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-01 23:00 . 2008-08-18
12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-01 23:00 . 2004-07-31
18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-01 23:00 . 2007-10-04
00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-01 22:59 . 2003-06-05
21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-01 07:20 . 2008-09-01 07:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-31 21:16 . 2008-08-31
21:16 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-08-31 21:14 . 2008-08-31 21:14 <DIR> d-------- C:\Program Files\iolo
2008-08-31 21:14 . 2008-08-31 21:14 <DIR> d-------- C:\Documents and
Settings\LocalService\Application Data\iolo
2008-08-31 21:14 . 2008-06-19
17:22 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-08-31 21:14 . 2008-06-16
19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-08-31 21:14 . 2008-06-06
16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-08-31 21:12 . 2008-08-31 21:27 <DIR> d-------- C:\Documents and
Settings\Beckachu\Application Data\iolo
2008-08-31 21:12 . 2008-08-31 21:16 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\iolo
2008-08-31 21:12 . 2008-08-31
21:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-31 18:36 . 2008-08-31 18:36 <DIR> d-------- C:\!KillBox
2008-08-31 17:38 . 2008-09-01 23:00 2,682 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-31 14:53 . 2008-08-31
15:14 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-31 14:53 . 2008-08-31
14:53 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-31 14:52 . 2008-08-31 14:52 <DIR> d-------- C:\Program
Files\Kaspersky Lab
2008-08-31 14:52 . 2008-09-04 16:46 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\Kaspersky Lab
2008-08-31 14:44 . 2008-08-31 14:44 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-31 12:04 . 2008-08-31 14:51 <DIR> d-------- C:\Program
Files\Spybot - Search & Destroy
2008-08-31 12:04 . 2008-08-31 14:51 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-31 11:08 . 2008-08-31 21:27 <DIR> d-------- C:\Program
Files\SUPERAntiSpyware
2008-08-31 11:08 . 2008-08-31 11:08 <DIR> d-------- C:\Program
Files\Common Files\Wise Installation Wizard
2008-08-31 11:08 . 2008-08-31 11:08 <DIR> d-------- C:\Documents and
Settings\Beckachu\Application Data\SUPERAntiSpyware.com
2008-08-31 11:08 . 2008-08-31 11:08 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-31 00:47 . 2008-08-31
00:47 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-13 08:43 . 2008-05-02
02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 20:41 . 2008-08-10 20:41 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\Messenger Plus!
2008-08-10 20:15 . 2008-08-10 20:15 <DIR> d-------- C:\Program
Files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 09:21 --------- d-----w C:\Program Files\StepMania
2008-08-31 05:22 --------- d-----w C:\Program Files\Java
2008-08-30 13:42 --------- d-----w C:\Program Files\Declan's Japanese Dictionary
2008-07-29 08:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 06:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-06 02:07 328 --sh--r C:\WINDOWS\system32\32A2D21EFE.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
[2007-10-18 10:34 5724184]
"SUPERAntiSpyware"="C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33
1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-29
12:58 761945]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-21 15:47 94208]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-11
03:29 24064]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-05-21 04:28 24576]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe"
[2005-12-15 18:10 1236992]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-04 10:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-04 10:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-04 10:26 118784]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe"
[2004-08-10 01:03 221184]
"ISUSScheduler"="C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" [2005-06-11 05:44 81920]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-23 15:36 507904]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 20:00 106496]
"IBM Warranty Notification"="C:\Program
Files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 18:24 106496]
"TkBellExe"="C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" [2007-05-04 20:44 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27
11:25 257088]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\avp.exe" [2008-07-29 20:20 206088]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
[2005-01-08 12:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 09:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"atwtusb"="atwtusb.exe" [2002-12-10 10:31 180224
C:\WINDOWS\system32\atwtusb.exe]

C:\Documents and Settings\Beckachu\Start Menu\Programs\Startup\
Quick StartUp.lnk - C:\PENSOFT\fquick32.exe [2008-05-14 08:41:43 185476]
Start.lnk - C:\PENSOFT\Quick95.exe [2008-05-14 08:41:44 60928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-01 20:17:20
113664]
ImageMixer HDD Camera Monitor.lnk - C:\Program
Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-10-29 16:38:20
2117632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\tphotkey]
2005-12-21 15:46 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security
center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard
Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-22 09:09]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program
Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program
Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 SWAutoLaunch;SWAutoLaunch;C:\Program Files\Sierra Wireless\3G
Wireless Module\Generic\Components\SWAutoLaunch.exe [2006-10-30 12:14]
R3 KLFLTDEV;Kaspersky Lab
KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS
Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PenLock - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Beckachu\Application
Data\Mozilla\Firefox\Profiles\apja9v7s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 16:46:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-04 16:53:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 04:53:31

Pre-Run: 2,275,192,832 bytes free
Post-Run: 2,227,048,448 bytes free

183 --- E O F --- 2008-08-13 06:01:16

And the new HJthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:13, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\3G Wireless
Module\Generic\Components\SWAutoLaunch.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\PENSOFT\fquick32.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\watcher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program
Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security
2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
- http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176285444140
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E05D67B-0557-485A-B33E-27E16C5861E2}:
NameServer = 202.27.158.40 202.27.156.72
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\avp.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown
owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner
- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra
Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe

--
End of file - 7677 bytes

Member Avatar for crunchie

Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.

Member Avatar for ANIMEBUSTER

Ok here Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:18, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\PENSOFT\fquick32.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\watcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176285444140
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E05D67B-0557-485A-B33E-27E16C5861E2}: NameServer = 202.27.158.40 202.27.156.72
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe

--
End of file - 7670 bytes

Member Avatar for crunchie

Looks ok to me. How is it?

Member Avatar for ANIMEBUSTER

Sweet thanks its perfect, everythings gone all the restrictions and everything running combofix and sdfix seems to cleared everything up thanks alot!

Member Avatar for crunchie

You are welcome :).

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.