0

The virus infects my computer by not letting me go to antivirus websites, not letting me update my antivirus programs, avg, malwarebytes, etc. And every 30 minutes or so i get a internet explorer opens automatically to adultfriend finder. I might get a blue screen if im doing to much when i restart my desktop is changed in the center it says restore active deskstop. Now i can just change my desktop back to normal but i know it will happen again. I dont know whats infecting my computer but its driving me crazy. I dont want to reinstall that takes about a day. THAT MY LAST RESORT can someone help me? i used hijack this and here 's my log file. also tried safe mode with networking and it still blocks the antivirus sites

D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: m0_glkP_150908 - D:\WINDOWS\m0_glkP_150908.dll
O20 - Winlogon Notify: xxyyxyWN - xxyyxyWN.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4338 bytes

2
Contributors
10
Replies
11
Views
9 Years
Discussion Span
Last Post by fiyasuppliya
0

Hi and welcome to daniweb;
We need to see the ENTIRE HiJackThis log from the very top to bottom. You are missing the top portion of the log that looks like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:28 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Judy

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:44 PM, on 9/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BitTorrent\bittorrent.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: m0_glkP_150908 - D:\WINDOWS\m0_glkP_150908.dll
O20 - Winlogon Notify: xxyyxyWN - xxyyxyWN.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 3443 bytes

0

First of all you are running a P2P file sharing program. TURN IT OFF for the duration of this clean up, otherwise you cannot be helped.
I want you to try Safe Mode with Networking to attempt to update Malwarebytes'
To do this do the following;
Using the F8 Method
1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode with Networking using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode with Networking.
Then attempt to update Malwarebytes' and your AVG.
After attempting to update you find you are unable to update then please, WHILE STILL IN SAFE MODE Run Malwarebytes' and have it FIX EVERYTHING FOUND.

Also then run your AVG.
Then reboot the computer in normal mode and post back here with the MBA-M log.

0

Malwarebytes' Anti-Malware 1.28
Database version: 1184
Windows 5.1.2600 Service Pack 2

9/21/2008 8:42:34 AM
mbam-log-2008-09-21 (08-42-34).txt

Scan type: Full Scan (D:\|E:\|)
Objects scanned: 164745
Time elapsed: 49 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Obviously nothing found in either log but there IS something there.
I want you to rename HiJackThis by doing this; Right Click the icon and choose Rename.
Then in the box which will come up type the following hjtscan.exe. then hit Enter.
Run a new scan with it and save the log and post it here.

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:07 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MOTU\Audio\MFWAKeys.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\hjtscan.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: m0_glkP_150908 - D:\WINDOWS\m0_glkP_150908.dll
O20 - Winlogon Notify: xxyyxyWN - xxyyxyWN.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 3993 bytes

0

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.
Edit/Delete Message

0

ComboFix 08-09-20.05 - fiya 2008-09-21 19:20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.271 [GMT -4:00]
Running from: D:\Documents and Settings\fiya\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\cbJSBcdd.ini
D:\WINDOWS\system32\ijlmlnmp.ini
D:\WINDOWS\system32\otwsgvii.ini
D:\WINDOWS\system32\qjuippmi.ini
D:\WINDOWS\system32\qliixnhy.ini
D:\WINDOWS\system32\qyselwad.ini
D:\WINDOWS\system32\rgemagfl.ini
D:\WINDOWS\system32\vwHhQXbc.ini
.
---- Previous Run -------
.
D:\WINDOWS\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-20 15:01 . 2008-09-20 15:01 <DIR> d-------- D:\Program Files\CCleaner
2008-09-20 15:01 . 2008-09-20 15:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-20 11:19 . 2008-09-21 12:02 <DIR> d--h----- D:\$AVG8.VAULT$
2008-09-20 08:29 . 2008-09-20 08:29 <DIR> d-------- D:\Program Files\Trend Micro
2008-09-19 23:26 . 2008-09-20 10:56 <DIR> d-------- D:\WINDOWS\system32\drivers\Avg
2008-09-19 23:26 . 2008-09-19 23:28 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\AVGTOOLBAR
2008-09-19 23:26 . 2008-09-19 23:26 97,928 --a------ D:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-19 23:26 . 2008-09-19 23:26 76,040 --a------ D:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-19 23:26 . 2008-09-19 23:26 10,520 --a------ D:\WINDOWS\system32\avgrsstx.dll
2008-09-19 14:16 . 2008-09-19 14:18 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\vlc
2008-09-19 14:14 . 2008-09-19 14:14 <DIR> d-------- D:\Program Files\VideoLAN
2008-09-19 13:40 . 2008-09-19 13:40 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\Malwarebytes
2008-09-19 13:37 . 2008-09-19 13:37 2,189,864 --a------ D:\mbam-setup.exe
2008-09-19 13:32 . 2008-09-19 13:32 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 13:32 . 2008-09-19 13:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 13:32 . 2008-09-19 13:32 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-19 13:32 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 13:32 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 13:01 . 2008-09-19 13:01 2,678 --a------ D:\WINDOWS\system32\tmp.reg
2008-09-19 12:58 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-09-19 12:58 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-09-19 12:58 . 2008-09-08 23:38 88,576 --a------ D:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-19 12:58 . 2008-09-02 16:51 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-09-19 12:58 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-09-19 12:58 . 2008-09-19 12:26 82,944 --a------ D:\WINDOWS\system32\IEDFix.C.exe
2008-09-19 12:58 . 2008-08-18 12:19 82,432 --a------ D:\WINDOWS\system32\404Fix.exe
2008-09-19 12:58 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-09-19 12:58 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-09-19 12:58 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-09-19 07:56 . 2008-09-19 07:56 <DIR> d-------- D:\Program Files\Yahoo!
2008-09-19 07:30 . 2008-09-19 07:30 2,928,600 --a------ D:\ccsetup211.exe
2008-09-19 07:10 . 2008-09-19 07:10 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-09-19 07:03 . 2008-09-19 07:03 665 --a------ D:\help.rtf
2008-09-19 06:27 . 2008-09-19 06:27 1,152 --a------ D:\WINDOWS\system32\windrv.sys
2008-09-19 06:26 . 2008-09-19 06:26 <DIR> d-------- D:\Program Files\Common Files\Download Manager
2008-09-19 06:18 . 2008-09-19 06:18 128,336 --a------ D:\Download_snm-2.67_swpl.exe
2008-09-18 13:49 . 2008-09-18 13:49 21,200 --a------ D:\WINDOWS\m0_glkP_150908.dll
2008-09-13 10:14 . 2008-09-18 13:42 228,845 --a------ D:\Documents and Settings\fiya\base.dat
2008-09-13 02:27 . 2008-09-13 02:27 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\SecureExpertCleaner
2008-08-23 15:03 . 2008-08-23 15:03 <DIR> d-------- D:\Program Files\Alwil Software
2008-08-23 15:03 . 2003-03-18 16:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-08-23 14:53 . 2008-08-23 14:53 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\ESET
2008-08-23 14:18 . 2008-08-23 14:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 12:14 . 2008-08-23 12:14 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\DivX
2008-08-23 05:33 . 2008-08-23 05:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-08-22 04:00 . 2008-08-22 04:02 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-08-22 03:53 . 2008-08-22 01:59 24,576 --a------ D:\TaskManager Enable-Disable.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 22:00 --------- d-----w D:\Documents and Settings\fiya\Application Data\U3
2008-09-21 00:36 --------- d-----w D:\Documents and Settings\fiya\Application Data\BitTorrent
2008-09-20 14:54 --------- d-----w D:\Program Files\PowerISO
2008-09-20 03:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\avg8
2008-09-07 16:29 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 16:03 --------- d-----w D:\Documents and Settings\fiya\Application Data\DNA
2008-08-30 21:01 --------- d-----w D:\Program Files\DNA
2008-08-22 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 05:32 692,006 --sha-w D:\WINDOWS\system32\cbJSBcdd.ini2
2008-06-13 03:57 680,419 --sha-w D:\WINDOWS\system32\ijlmlnmp.ini2
2008-06-13 03:17 677,983 --sha-w D:\WINDOWS\system32\vwHhQXbc.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"H2O"="D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PhilipsDM"="D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-07-05 888832]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MOTU Pedal Handler.lnk - D:\Program Files\MOTU\Audio\MFWAKeys.exe [2008-03-12 189224]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoSetFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\m0_glkP_150908]
2008-09-18 13:49 21200 D:\WINDOWS\m0_glkP_150908.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\³]
e [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\˜]
exe [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"D:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"D:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"D:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;D:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-19 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-19 875288]
R2 avg8wd;AVG Free8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;D:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-19 76040]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;D:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 mfwagsif;MOTU Audio GSIF;D:\WINDOWS\system32\drivers\mfwagsif.sys [2008-03-12 22576]
R3 mfwamidi;MOTU Audio MIDI;D:\WINDOWS\system32\drivers\mfwamidi.sys [2008-03-12 26160]
R3 mfwawave;MOTU Audio Wave;D:\WINDOWS\system32\drivers\mfwawave.sys [2008-03-12 60976]
R3 motubus;MOTU Audio MIDI Extension;D:\WINDOWS\system32\drivers\MotuBus.sys [2008-03-12 23600]
R3 MotuFWA;MotuFWA;D:\WINDOWS\system32\drivers\motufwa.sys [2008-03-12 378416]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-01-17 166656]
S0 myyh;myyh;D:\WINDOWS\system32\drivers\tpvz.sys [ ]
S3 7a7ffc0c00adee30;7a7ffc0c00adee30;D:\7a7ffc0c00adee30.dat [ ]
S3 d59003ccd31a2533;d59003ccd31a2533;D:\d59003ccd31a2533.dat [ ]
S3 e4672eb8b53321b1;e4672eb8b53321b1;D:\e4672eb8b53321b1.dat [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ýÈçw - (no file)
HKU-Default-Run-Antivirus - D:\Program Files\VAV\vav.exe
HKLM-Explorer_Run-xmFkTNnrfH - D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
Notify-xxyyxyWN - xxyyxyWN.dll
MSConfigStartUp-avast! - D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-BM8f2c935f - D:\WINDOWS\system32\yenjmoqh.dll
MSConfigStartUp-CmdSrvUtil - D:\WINDOWS\system32\xurgzmvq.exe
MSConfigStartUp-lphcnvkj0eadc - D:\WINDOWS\system32\lphcnvkj0eadc.exe
MSConfigStartUp-QuickInstallPack - D:\Documents and Settings\fiya\Local Settings\Application Data\qip\QuickInstallPack.exe
MSConfigStartUp-RegistryMechanic - D:\Program Files\Registry Mechanic\RegMech.exe
MSConfigStartUp-SNM - D:\Program Files\SpyNoMore\SNM.exe
MSConfigStartUp-Somefox - D:\DOCUME~1\fiya\LOCALS~1\Temp\4.tmp.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 19:34:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seneka]
"imagepath"="\systemroot\system32\drivers\seneka.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7a7ffc0c00adee30]
"ImagePath"="\??\D:\7a7ffc0c00adee30.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d59003ccd31a2533]
"ImagePath"="\??\D:\d59003ccd31a2533.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e4672eb8b53321b1]
"ImagePath"="\??\D:\e4672eb8b53321b1.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\m0_glkP_150908.dll

PROCESS: D:\WINDOWS\explorer.exe
-> D:\WINDOWS\m0_glkP_150908.dll
.
------------------------ Other Running Processes ------------------------
.
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-21 19:40:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 23:39:52

Pre-Run: 11,806,113,792 bytes free
Post-Run: 12,043,988,992 bytes free

208 --- E O F --- 2008-09-21 23:35:38

0

combofix definitely remove quite a bit. I would like you to try to update Malwarebytes, first in normal mode and see if it will update. If not then update in Safe Mode with Networking.
Then run another Full system scan with it again and see if it picks anythng up. If it does, FIX it.
Save the log.
Reboot to normal. Run a New HJT scan, save the log. Post back here with both of those logs.
Judy

0

Malwarebytes' Anti-Malware 1.28
Database version: 1190
Windows 5.1.2600 Service Pack 2

2008-09-22 08:38:34
mbam-log-2008-09-22 (08-38-34).txt

Scan type: Full Scan (D:\|E:\|)
Objects scanned: 158442
Time elapsed: 1 hour(s), 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40, on 2008-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MOTU\Audio\MFWAKeys.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\hjtscan.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: m0_glkP_150908 - D:\WINDOWS\m0_glkP_150908.dll
O20 - Winlogon Notify: xxyyxyWN - xxyyxyWN.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - D:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4470 bytes

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.