Member Avatar for lizardc4

Hi! I have the same problem... my taskbar changes and my volume doesn't start if I use another program that has sound (eg. if i listen to winamp, and i decide to go on youtube or a web page with sound it doesn't start. it works vice-versa as well. I used services.msc for the sound reacivation, and it work's but it's a bit annoying doing this over and over again. I already reinstalled windows, changed 3 anti virus programs but none removed this "bug" I am currently using Avira.

I took the HijackThis program and i runed it, after i closed the browser and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:23 AM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andu\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Shortcut to iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{6526CFEA-8F00-4C61-834C-2855AD97371D}: NameServer = 193.19.192.15,193.19.192.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

I would really appreciate a answer! Thank you in advance!

  • 2 Contributors
  • 11 Replies
  • 216 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by MoralTerror

Recommended Answers

All 11 Replies

Member Avatar for MoralTerror

Hi lizardc4

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Member Avatar for lizardc4

Ok! This is my log:

ComboFix 09-04-04.01 - Andu 2009-04-10 13:41:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1605 [GMT 3:00]
Running from: c:\documents and settings\Andu\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated)
FW: Avira Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 02:39 . 2009-04-10 02:46 <DIR> d-------- c:\program files\Boxen Die Championship Simulation
2009-04-06 00:05 . 2009-04-06 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-04-06 00:04 . 2009-04-06 00:04 441,760 --a------ c:\windows\system32\drivers\timntr.sys
2009-04-06 00:04 . 2009-04-06 00:04 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys
2009-04-06 00:04 . 2009-04-06 00:04 132,224 --a------ c:\windows\system32\drivers\snapman.sys
2009-04-06 00:04 . 2009-04-06 00:04 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-04-06 00:01 . 2009-04-06 00:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-05 22:35 . 2009-04-05 22:36 <DIR> d-------- c:\program files\Bonjour
2009-04-05 22:25 . 2009-04-05 22:25 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-04-05 16:46 . 2009-04-05 16:46 <DIR> d-------- c:\documents and settings\Andu\Application Data\Avira
2009-04-02 01:10 . 2009-04-02 01:10 <DIR> d-------- c:\program files\EnRo Dictionary
2009-04-01 00:18 . 2009-04-06 01:00 <DIR> d-------- c:\program files\The KMPlayer
2009-03-31 21:25 . 2009-03-31 21:25 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-31 21:25 . 2009-03-31 21:25 1,409 --a------ c:\windows\QTFont.for
2009-03-31 21:21 . 2009-03-31 21:21 172 --a------ c:\windows\wcx_ftp.ini
2009-03-31 21:12 . 2009-03-31 21:12 <DIR> d-------- C:\totalcmd
2009-03-31 21:12 . 2009-03-31 21:37 769 --a------ c:\windows\wincmd.ini
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-03-30 21:11 . 2009-03-30 21:11 <DIR> d-------- c:\program files\Lavalys
2009-03-30 20:51 . 2009-03-30 21:10 <DIR> d-------- c:\program files\Everest
2009-03-30 17:01 . 2009-03-30 17:01 <DIR> d-------- c:\program files\Logitech
2009-03-30 17:01 . 2009-03-30 17:01 <DIR> d-------- c:\program files\Common Files\Logitech
2009-03-30 17:01 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-30 17:01 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-30 17:01 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\Msvcr71.dll
2009-03-30 17:01 . 2002-01-05 04:38 54,784 --a------ c:\windows\system32\MSVCI70.DLL
2009-03-30 17:01 . 2004-03-03 09:50 37,887 --a------ c:\windows\system32\drivers\LHidUsb.sys
2009-03-30 17:01 . 2004-03-03 09:50 14,095 --a------ c:\windows\system32\drivers\LCcfltr.sys
2009-03-30 17:01 . 2004-03-10 13:42 12,953 --------- c:\windows\system32\drivers\itchfltr.sys
2009-03-30 17:01 . 2009-04-10 12:37 65 --a------ c:\windows\iTouch.ini
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\program files\Yahoo!
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PeerNetworking
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\Andu\Application Data\Yahoo!
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-30 16:11 . 2009-03-30 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-30 16:00 . 2009-03-30 16:00 <DIR> d-------- c:\documents and settings\Andu\Application Data\Realtime Soft
2009-03-30 15:40 . 2009-03-30 15:40 <DIR> d-------- c:\documents and settings\Andu\Application Data\DAEMON Tools
2009-03-30 15:39 . 2009-03-30 16:37 <DIR> d-------- c:\documents and settings\Andu\Application Data\DisplayTune
2009-03-30 15:37 . 2009-03-30 15:37 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-30 15:37 . 2009-03-30 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-30 15:36 . 2009-03-30 15:39 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-30 15:36 . 2009-03-30 19:11 <DIR> d-------- c:\documents and settings\Andu\Application Data\DAEMON Tools Lite
2009-03-30 15:33 . 2004-08-04 01:56 1,392,671 --a------ c:\windows\msvbvm60.dll
2009-03-30 15:33 . 2002-01-05 04:40 487,424 --a------ c:\windows\msvcp70.dll
2009-03-30 15:33 . 2002-01-05 04:37 344,064 --a------ c:\windows\msvcr70.dll
2009-03-30 15:27 . 2006-11-10 08:25 319,456 --a------ c:\windows\system32\difxapi.dll
2009-03-30 15:27 . 2007-09-05 17:13 170,520 --a------ c:\windows\system32\igfxzoom.exe
2009-03-30 15:27 . 2007-08-24 11:29 147,456 --a------ c:\windows\system32\igfxCoIn_v4864.dll
2009-03-30 15:26 . 2009-04-06 00:37 <DIR> d-------- c:\windows\RaidTool
2009-03-30 15:26 . 2009-03-30 15:26 <DIR> d-------- C:\RaidTool
2009-03-30 15:26 . 2007-11-19 11:28 1,966,080 --a------ c:\windows\system32\xRaidSetup.exe
2009-03-30 15:26 . 2008-03-19 10:54 151,552 --a------ c:\windows\system32\xRaidAPI.dll
2009-03-30 15:26 . 2008-10-01 14:32 82,272 --a------ c:\windows\system32\drivers\jraid.sys
2009-03-30 15:20 . 2009-03-30 16:51 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-30 15:20 . 2009-03-30 21:24 <DIR> d-------- c:\program files\Intel
2009-03-30 15:20 . 2009-03-30 15:20 <DIR> d-------- C:\Intel
2009-03-30 15:20 . 2007-07-26 16:15 53,248 --a------ c:\windows\system32\CSVer.dll
2009-03-30 15:19 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-03-30 15:19 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-03-30 15:19 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe
2009-03-30 15:19 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-03-30 15:19 . 2009-02-09 14:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-03-30 15:18 . 2009-03-23 11:13 <DIR> d-------- c:\program files\HD_Audio
2009-03-30 14:55 . 2009-03-30 14:55 1,148 --a------ c:\windows\mozver.dat
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\windows\Sun
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\documents and settings\Andu\Application Data\SystemRequirementsLab
2009-03-30 14:41 . 2009-03-30 14:41 <DIR> d-------- c:\program files\Java
2009-03-30 14:41 . 2009-03-30 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-30 14:41 . 2009-03-30 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-26 11:54 . 2009-04-09 11:39 <DIR> d-------- c:\program files\oDC
2009-03-26 01:31 . 2009-03-26 01:31 <DIR> d-------- c:\documents and settings\Andu\Application Data\vlc
2009-03-26 01:22 . 2009-03-26 01:22 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-26 01:22 . 2009-03-26 01:22 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-26 01:19 . 2009-03-26 01:19 <DIR> d-------- c:\program files\Realtek
2009-03-26 01:19 . 2009-04-08 22:19 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-26 01:19 . 2009-03-30 17:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-26 01:19 . 2009-02-17 15:50 17,508,864 --a------ c:\windows\RTHDCPL.EXE
2009-03-26 01:19 . 2008-06-19 16:27 9,715,200 --a------ c:\windows\RTLCPL.EXE
2009-03-26 01:19 . 2009-02-17 16:55 5,026,816 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2009-03-26 01:19 . 2008-06-19 16:42 2,808,832 --a------ c:\windows\ALCWZRD.EXE
2009-03-26 01:19 . 2008-09-30 16:38 2,168,320 --a------ c:\windows\MicCal.exe
2009-03-26 01:19 . 2007-11-20 18:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-03-26 01:19 . 2009-01-21 15:54 1,206,816 --a------ c:\windows\RtlUpd.exe
2009-03-26 01:19 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-26 01:19 . 2008-06-19 16:24 278,528 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-03-26 01:19 . 2008-03-13 14:52 266,240 --a------ c:\windows\system32\RTSndMgr.CPL
2009-03-26 01:19 . 2008-08-19 13:26 77,824 --a------ c:\windows\SOUNDMAN.EXE
2009-03-26 01:19 . 2008-06-19 16:20 57,344 --a------ c:\windows\ALCMTR.EXE
2009-03-26 01:18 . 2009-03-26 01:18 <DIR> d-------- c:\documents and settings\Andu\Application Data\InstallShield
2009-03-26 00:48 . 2009-03-26 00:48 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\program files\Real
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\program files\QuickTime
2009-03-26 00:47 . 2009-03-26 00:48 <DIR> d-------- c:\program files\Common Files\Real
2009-03-26 00:47 . 1999-11-10 10:35 86,016 --a------ c:\windows\unvise32qt.exe
2009-03-26 00:46 . 2009-03-26 00:46 <DIR> d-------- c:\program files\VideoLAN
2009-03-26 00:46 . 2009-03-26 00:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2009-03-26 00:43 . 2009-03-26 00:43 <DIR> d-------- c:\program files\uTorrent
2009-03-26 00:43 . 2009-04-10 02:49 <DIR> d-------- c:\documents and settings\Andu\Application Data\uTorrent
2009-03-26 00:38 . 2009-03-26 00:38 <DIR> d-------- c:\program files\Avira
2009-03-26 00:38 . 2009-03-26 00:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-26 00:38 . 2008-03-06 10:45 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-03-26 00:38 . 2008-02-07 08:30 66,176 --a------ c:\windows\system32\drivers\avfwot.sys
2009-03-26 00:33 . 2009-04-09 22:53 116 --a------ c:\windows\NeroDigital.ini
2009-03-26 00:30 . 2009-03-26 00:30 0 --a------ c:\windows\nsreg.dat
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\program files\Nero
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\documents and settings\Andu\Application Data\Ahead
2009-03-26 00:15 . 2001-08-23 15:00 18,944 --a------ c:\windows\system32\simptcp.dll
2009-03-26 00:15 . 2001-08-23 15:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 07:28 --------- d-----w c:\documents and settings\Andu\Application Data\U3
2009-04-08 17:59 --------- d-----w c:\documents and settings\Andu\Application Data\Winamp
2009-04-05 19:35 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 20:50 --------- d-----w c:\program files\Winamp
2009-03-30 12:40 --------- d-----w c:\documents and settings\Andu\Application Data\DAEMON Tools Pro
2009-03-25 22:03 --------- d-----w c:\program files\DAEMON Tools Pro
2009-03-23 19:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-23 18:53 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-23 18:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-23 18:39 --------- d-----w c:\program files\microsoft frontpage
2009-03-23 18:35 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-29 07:12 993,816 ----a-w c:\windows\system32\igxpun.exe
2009-01-21 08:52 155,648 ----a-w c:\windows\system32\igfxCoIn_v5029.dll
2009-01-21 08:44 3,773,440 ----a-w c:\windows\system32\igxpdx32.dll
2009-01-21 08:44 2,686,368 ----a-w c:\windows\system32\igxpdv32.dll
2009-01-21 08:43 57,344 ----a-w c:\windows\system32\igxprd32.dll
2009-01-21 08:43 183,808 ----a-w c:\windows\system32\igxpgd32.dll
2009-01-21 08:32 294,912 ----a-w c:\windows\system32\igldev32.dll
2009-01-21 08:32 2,342,912 ----a-w c:\windows\system32\iglicd32.dll
2009-01-21 08:20 645,632 ----a-w c:\windows\system32\igfxcfg.exe
2009-01-21 08:20 23,552 ----a-w c:\windows\system32\igfxexps.dll
2009-01-21 08:20 166,912 ----a-w c:\windows\system32\hkcmd.exe
2009-01-21 08:20 165,888 ----a-w c:\windows\system32\igfxext.exe
2009-01-21 08:20 134,656 ----a-w c:\windows\system32\igfxtray.exe
2009-01-21 08:18 51,712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-01-21 08:18 243,712 ----a-w c:\windows\system32\igfxsrvc.exe
2009-01-21 08:18 199,168 ----a-w c:\windows\system32\igfxpph.dll
2009-01-21 08:18 134,656 ----a-w c:\windows\system32\igfxpers.exe
2009-01-21 08:18 130,048 ----a-w c:\windows\system32\igfxdo.dll
2009-01-21 08:17 93,696 ----a-w c:\windows\system32\hccutils.dll
2009-01-21 08:17 5,702,656 ----a-w c:\windows\system32\igfxress.dll
2009-01-21 08:17 205,824 ----a-w c:\windows\system32\igfxdev.dll
2009-01-13 22:16 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-02-12 262401]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-26 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Andu\Start Menu\Programs\Startup\
Shortcut to iTouch.lnk - c:\program files\Logitech\iTouch\iTouch.exe [2009-03-30 892928]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-03-26 66176]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-03-26 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-03-26 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-03-26 254209]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-03-26 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-03-26 71464]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2009-03-30 14095]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-30 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b956fb-17da-11de-bd23-db31aced8c58}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b956fc-17da-11de-bd23-db31aced8c58}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\m.exe /s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
TCP: {6526CFEA-8F00-4C61-834C-2855AD97371D} = 193.19.192.15,193.19.192.16
FF - ProfilePath - c:\documents and settings\Andu\Application Data\Mozilla\Firefox\Profiles\udxb6omz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 13:42:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\avsda.dll
.
Completion time: 2009-04-10 13:42:34
ComboFix-quarantined-files.txt 2009-04-10 10:42:33
ComboFix2.txt 2009-04-10 10:37:31

Pre-Run: 27,752,296,448 bytes free
Post-Run: 27,740,418,048 bytes free

250

Member Avatar for MoralTerror

Hi lizard

Download and run Flash_Disinfector.exe Follow any prompts that may appear.

  • Your desktop will vanish for a while, and then reappear. This is normal.
  • Wait until the program has finished scanning, then please exit the program.
  • Restart your computer

It appears you have run ComboFix more than once. Please click Start > Run and type the following into the run box:

C:\qoobox\ComboFix2.txt

Press enter. Copy/paste the log which opens into your next reply.

Please also provide an update on system behaviour.

Member Avatar for lizardc4

Yes, I did runed combofix twiece, becouse the first time the log was empty. I will make an update on the system behavior in a few hours, I've just come home from some friends... Thank you again for the help :)

ComboFix 09-04-04.01 - Andu 2009-04-10 13:36:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1604 [GMT 3:00]
Running from: c:\documents and settings\Andu\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated)
FW: Avira Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Andu\LOCALS~1\Temp\tmp2.tmp

.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 02:39 . 2009-04-10 02:46 <DIR> d-------- c:\program files\Boxen Die Championship Simulation
2009-04-06 00:05 . 2009-04-06 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-04-06 00:04 . 2009-04-06 00:04 441,760 --a------ c:\windows\system32\drivers\timntr.sys
2009-04-06 00:04 . 2009-04-06 00:04 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys
2009-04-06 00:04 . 2009-04-06 00:04 132,224 --a------ c:\windows\system32\drivers\snapman.sys
2009-04-06 00:04 . 2009-04-06 00:04 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-04-06 00:01 . 2009-04-06 00:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-05 22:35 . 2009-04-05 22:36 <DIR> d-------- c:\program files\Bonjour
2009-04-05 22:25 . 2009-04-05 22:25 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-04-05 16:46 . 2009-04-05 16:46 <DIR> d-------- c:\documents and settings\Andu\Application Data\Avira
2009-04-02 01:10 . 2009-04-02 01:10 <DIR> d-------- c:\program files\EnRo Dictionary
2009-04-01 00:18 . 2009-04-06 01:00 <DIR> d-------- c:\program files\The KMPlayer
2009-03-31 21:25 . 2009-03-31 21:25 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-31 21:25 . 2009-03-31 21:25 1,409 --a------ c:\windows\QTFont.for
2009-03-31 21:21 . 2009-03-31 21:21 172 --a------ c:\windows\wcx_ftp.ini
2009-03-31 21:12 . 2009-03-31 21:12 <DIR> d-------- C:\totalcmd
2009-03-31 21:12 . 2009-03-31 21:37 769 --a------ c:\windows\wincmd.ini
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-03-31 21:12 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-03-30 21:11 . 2009-03-30 21:11 <DIR> d-------- c:\program files\Lavalys
2009-03-30 20:51 . 2009-03-30 21:10 <DIR> d-------- c:\program files\Everest
2009-03-30 17:01 . 2009-03-30 17:01 <DIR> d-------- c:\program files\Logitech
2009-03-30 17:01 . 2009-03-30 17:01 <DIR> d-------- c:\program files\Common Files\Logitech
2009-03-30 17:01 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-30 17:01 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-30 17:01 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\Msvcr71.dll
2009-03-30 17:01 . 2002-01-05 04:38 54,784 --a------ c:\windows\system32\MSVCI70.DLL
2009-03-30 17:01 . 2004-03-03 09:50 37,887 --a------ c:\windows\system32\drivers\LHidUsb.sys
2009-03-30 17:01 . 2004-03-03 09:50 14,095 --a------ c:\windows\system32\drivers\LCcfltr.sys
2009-03-30 17:01 . 2004-03-10 13:42 12,953 --------- c:\windows\system32\drivers\itchfltr.sys
2009-03-30 17:01 . 2009-04-10 12:37 65 --a------ c:\windows\iTouch.ini
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\program files\Yahoo!
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PeerNetworking
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\Andu\Application Data\Yahoo!
2009-03-30 16:11 . 2009-03-30 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-30 16:11 . 2009-03-30 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-30 16:00 . 2009-03-30 16:00 <DIR> d-------- c:\documents and settings\Andu\Application Data\Realtime Soft
2009-03-30 15:40 . 2009-03-30 15:40 <DIR> d-------- c:\documents and settings\Andu\Application Data\DAEMON Tools
2009-03-30 15:39 . 2009-03-30 16:37 <DIR> d-------- c:\documents and settings\Andu\Application Data\DisplayTune
2009-03-30 15:37 . 2009-03-30 15:37 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-30 15:37 . 2009-03-30 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-30 15:36 . 2009-03-30 15:39 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-30 15:36 . 2009-03-30 19:11 <DIR> d-------- c:\documents and settings\Andu\Application Data\DAEMON Tools Lite
2009-03-30 15:33 . 2004-08-04 01:56 1,392,671 --a------ c:\windows\msvbvm60.dll
2009-03-30 15:33 . 2002-01-05 04:40 487,424 --a------ c:\windows\msvcp70.dll
2009-03-30 15:33 . 2002-01-05 04:37 344,064 --a------ c:\windows\msvcr70.dll
2009-03-30 15:27 . 2006-11-10 08:25 319,456 --a------ c:\windows\system32\difxapi.dll
2009-03-30 15:27 . 2007-09-05 17:13 170,520 --a------ c:\windows\system32\igfxzoom.exe
2009-03-30 15:27 . 2007-08-24 11:29 147,456 --a------ c:\windows\system32\igfxCoIn_v4864.dll
2009-03-30 15:26 . 2009-04-06 00:37 <DIR> d-------- c:\windows\RaidTool
2009-03-30 15:26 . 2009-03-30 15:26 <DIR> d-------- C:\RaidTool
2009-03-30 15:26 . 2007-11-19 11:28 1,966,080 --a------ c:\windows\system32\xRaidSetup.exe
2009-03-30 15:26 . 2008-03-19 10:54 151,552 --a------ c:\windows\system32\xRaidAPI.dll
2009-03-30 15:26 . 2008-10-01 14:32 82,272 --a------ c:\windows\system32\drivers\jraid.sys
2009-03-30 15:20 . 2009-03-30 16:51 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-30 15:20 . 2009-03-30 21:24 <DIR> d-------- c:\program files\Intel
2009-03-30 15:20 . 2009-03-30 15:20 <DIR> d-------- C:\Intel
2009-03-30 15:20 . 2007-07-26 16:15 53,248 --a------ c:\windows\system32\CSVer.dll
2009-03-30 15:19 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-03-30 15:19 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-03-30 15:19 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe
2009-03-30 15:19 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-03-30 15:19 . 2009-02-09 14:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-03-30 15:18 . 2009-03-23 11:13 <DIR> d-------- c:\program files\HD_Audio
2009-03-30 14:55 . 2009-03-30 14:55 1,148 --a------ c:\windows\mozver.dat
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\windows\Sun
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-30 14:43 . 2009-03-30 14:43 <DIR> d-------- c:\documents and settings\Andu\Application Data\SystemRequirementsLab
2009-03-30 14:41 . 2009-03-30 14:41 <DIR> d-------- c:\program files\Java
2009-03-30 14:41 . 2009-03-30 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-30 14:41 . 2009-03-30 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-26 11:54 . 2009-04-09 11:39 <DIR> d-------- c:\program files\oDC
2009-03-26 01:31 . 2009-03-26 01:31 <DIR> d-------- c:\documents and settings\Andu\Application Data\vlc
2009-03-26 01:22 . 2009-03-26 01:22 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-03-26 01:22 . 2009-03-26 01:22 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-03-26 01:19 . 2009-03-26 01:19 <DIR> d-------- c:\program files\Realtek
2009-03-26 01:19 . 2009-04-08 22:19 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-26 01:19 . 2009-03-30 17:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-26 01:19 . 2009-02-17 15:50 17,508,864 --a------ c:\windows\RTHDCPL.EXE
2009-03-26 01:19 . 2008-06-19 16:27 9,715,200 --a------ c:\windows\RTLCPL.EXE
2009-03-26 01:19 . 2009-02-17 16:55 5,026,816 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2009-03-26 01:19 . 2008-06-19 16:42 2,808,832 --a------ c:\windows\ALCWZRD.EXE
2009-03-26 01:19 . 2008-09-30 16:38 2,168,320 --a------ c:\windows\MicCal.exe
2009-03-26 01:19 . 2007-11-20 18:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-03-26 01:19 . 2009-01-21 15:54 1,206,816 --a------ c:\windows\RtlUpd.exe
2009-03-26 01:19 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-03-26 01:19 . 2008-06-19 16:24 278,528 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-03-26 01:19 . 2008-03-13 14:52 266,240 --a------ c:\windows\system32\RTSndMgr.CPL
2009-03-26 01:19 . 2008-08-19 13:26 77,824 --a------ c:\windows\SOUNDMAN.EXE
2009-03-26 01:19 . 2008-06-19 16:20 57,344 --a------ c:\windows\ALCMTR.EXE
2009-03-26 01:18 . 2009-03-26 01:18 <DIR> d-------- c:\documents and settings\Andu\Application Data\InstallShield
2009-03-26 00:48 . 2009-03-26 00:48 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\program files\Real
2009-03-26 00:47 . 2009-03-26 00:47 <DIR> d-------- c:\program files\QuickTime
2009-03-26 00:47 . 2009-03-26 00:48 <DIR> d-------- c:\program files\Common Files\Real
2009-03-26 00:47 . 1999-11-10 10:35 86,016 --a------ c:\windows\unvise32qt.exe
2009-03-26 00:46 . 2009-03-26 00:46 <DIR> d-------- c:\program files\VideoLAN
2009-03-26 00:46 . 2009-03-26 00:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2009-03-26 00:43 . 2009-03-26 00:43 <DIR> d-------- c:\program files\uTorrent
2009-03-26 00:43 . 2009-04-10 02:49 <DIR> d-------- c:\documents and settings\Andu\Application Data\uTorrent
2009-03-26 00:38 . 2009-03-26 00:38 <DIR> d-------- c:\program files\Avira
2009-03-26 00:38 . 2009-03-26 00:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-26 00:38 . 2008-03-06 10:45 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-03-26 00:38 . 2008-02-07 08:30 66,176 --a------ c:\windows\system32\drivers\avfwot.sys
2009-03-26 00:33 . 2009-04-09 22:53 116 --a------ c:\windows\NeroDigital.ini
2009-03-26 00:30 . 2009-03-26 00:30 0 --a------ c:\windows\nsreg.dat
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\program files\Nero
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-26 00:25 . 2009-03-26 00:25 <DIR> d-------- c:\documents and settings\Andu\Application Data\Ahead
2009-03-26 00:15 . 2001-08-23 15:00 18,944 --a------ c:\windows\system32\simptcp.dll
2009-03-26 00:15 . 2001-08-23 15:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 07:28 --------- d-----w c:\documents and settings\Andu\Application Data\U3
2009-04-08 17:59 --------- d-----w c:\documents and settings\Andu\Application Data\Winamp
2009-04-05 19:35 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 20:50 --------- d-----w c:\program files\Winamp
2009-03-30 12:40 --------- d-----w c:\documents and settings\Andu\Application Data\DAEMON Tools Pro
2009-03-25 22:03 --------- d-----w c:\program files\DAEMON Tools Pro
2009-03-23 19:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-23 18:53 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-23 18:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-23 18:39 --------- d-----w c:\program files\microsoft frontpage
2009-03-23 18:35 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-29 07:12 993,816 ----a-w c:\windows\system32\igxpun.exe
2009-01-21 08:52 155,648 ----a-w c:\windows\system32\igfxCoIn_v5029.dll
2009-01-21 08:44 3,773,440 ----a-w c:\windows\system32\igxpdx32.dll
2009-01-21 08:44 2,686,368 ----a-w c:\windows\system32\igxpdv32.dll
2009-01-21 08:43 57,344 ----a-w c:\windows\system32\igxprd32.dll
2009-01-21 08:43 183,808 ----a-w c:\windows\system32\igxpgd32.dll
2009-01-21 08:32 294,912 ----a-w c:\windows\system32\igldev32.dll
2009-01-21 08:32 2,342,912 ----a-w c:\windows\system32\iglicd32.dll
2009-01-21 08:20 645,632 ----a-w c:\windows\system32\igfxcfg.exe
2009-01-21 08:20 23,552 ----a-w c:\windows\system32\igfxexps.dll
2009-01-21 08:20 166,912 ----a-w c:\windows\system32\hkcmd.exe
2009-01-21 08:20 165,888 ----a-w c:\windows\system32\igfxext.exe
2009-01-21 08:20 134,656 ----a-w c:\windows\system32\igfxtray.exe
2009-01-21 08:18 51,712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-01-21 08:18 243,712 ----a-w c:\windows\system32\igfxsrvc.exe
2009-01-21 08:18 199,168 ----a-w c:\windows\system32\igfxpph.dll
2009-01-21 08:18 134,656 ----a-w c:\windows\system32\igfxpers.exe
2009-01-21 08:18 130,048 ----a-w c:\windows\system32\igfxdo.dll
2009-01-21 08:17 93,696 ----a-w c:\windows\system32\hccutils.dll
2009-01-21 08:17 5,702,656 ----a-w c:\windows\system32\igfxress.dll
2009-01-21 08:17 205,824 ----a-w c:\windows\system32\igfxdev.dll
2009-01-13 22:16 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-02-12 262401]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-26 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Andu\Start Menu\Programs\Startup\
Shortcut to iTouch.lnk - c:\program files\Logitech\iTouch\iTouch.exe [2009-03-30 892928]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-03-26 66176]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-03-26 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-03-26 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-03-26 254209]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-03-26 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-03-26 71464]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2009-03-30 14095]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-30 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b956fb-17da-11de-bd23-db31aced8c58}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b956fc-17da-11de-bd23-db31aced8c58}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\m.exe /s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
TCP: {6526CFEA-8F00-4C61-834C-2855AD97371D} = 193.19.192.15,193.19.192.16
FF - ProfilePath - c:\documents and settings\Andu\Application Data\Mozilla\Firefox\Profiles\udxb6omz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 13:37:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\avsda.dll
.
Completion time: 2009-04-10 13:37:31
ComboFix-quarantined-files.txt 2009-04-10 10:37:29

Pre-Run: 27,322,925,056 bytes free
Post-Run: 27,730,276,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

261

Member Avatar for lizardc4

For the moment it runs well.. no sound stops no taskbar color change.. But it might be just luck... Only if you know that is because something you made :) I'll make another post if something shows up!

Member Avatar for MoralTerror

Hi lizard

A few more things to do. Please update your anti-virus program and make sure both the anti-virus and firewall are enabled.

P2P - I see you have P2P software <uTorrent>) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Member Avatar for lizardc4

Ok! I didn't run kaspersky on the web, because it blocked after a few minutes so i downloaded a trial from a site and i fully updated the antivirus, and after that i fully scaned my computer. It took a while, but all the bad for the good :). A day ago, my sound disappeared, and i had to manualy start it with run services.msc windows audio start..Here is my log, and i want to tell you again i appreciate your effort!
.


Quick Scan: completed 4/13/2009 10:27:07 PM (events: 33, objects: , time: 00:00:00)
4/13/2009 10:27:07 PM Task completed
4/13/2009 10:25:46 PM Task started
Quick Scan: completed 4/13/2009 10:27:07 PM (events: 33, objects: , time: 00:00:00)
4/13/2009 11:01:10 PM Task started
4/13/2009 11:01:13 PM Detected: http://www.viruslist.com/en/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe
4/13/2009 11:01:17 PM Detected: http://www.viruslist.com/en/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe
4/13/2009 11:01:21 PM Detected: http://www.viruslist.com/en/advisories/33901 C:\Program Files\adobe\reader 9.0\reader\acrord32.exe
4/13/2009 11:01:24 PM Detected: http://www.viruslist.com/en/advisories/33632 C:\Program Files\quicktime\quicktimeplayer.exe
4/13/2009 11:01:24 PM Detected: http://www.viruslist.com/en/advisories/27620 C:\Program Files\real\realplayer\realplay.exe
4/13/2009 11:04:49 PM Task stopped
4/14/2009 2:18:32 AM Task started
4/14/2009 2:21:48 AM Detected: Packed.Win32.Black.d D:\System Volume Information\_restore{01E1345A-81E1-4A91-A58D-26573F54FFD6}\RP157\A0069611.exe/PE_Patch/ASProtect
4/14/2009 2:21:48 AM Untreated: Packed.Win32.Black.d D:\System Volume Information\_restore{01E1345A-81E1-4A91-A58D-26573F54FFD6}\RP157\A0069611.exe/PE_Patch/ASProtect Postponed
4/14/2009 2:26:11 AM Detected: HackTool.Win32.Kiser.i C:\Documents and Settings\Andu\Desktop\Resetter_v1.8.rar/Resetter_v1.8\Resetter.exe
4/14/2009 2:26:11 AM Untreated: HackTool.Win32.Kiser.i C:\Documents and Settings\Andu\Desktop\Resetter_v1.8.rar/Resetter_v1.8\Resetter.exe Postponed
4/14/2009 2:28:17 AM Detected: http://www.viruslist.com/en/advisories/33901 C:\Program Files\adobe\reader 9.0\reader\acrord32.exe
4/14/2009 2:28:34 AM Detected: http://www.viruslist.com/en/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe
4/14/2009 2:31:03 AM Detected: http://www.viruslist.com/en/advisories/34012 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll
4/14/2009 2:31:05 AM Detected: http://www.viruslist.com/en/advisories/34012 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
4/14/2009 2:32:09 AM Detected: http://www.viruslist.com/en/advisories/33632 C:\Program Files\quicktime\quicktimeplayer.exe
4/14/2009 2:32:10 AM Detected: http://www.viruslist.com/en/advisories/27620 C:\Program Files\real\realplayer\realplay.exe
4/14/2009 2:33:57 AM Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\system32\msxml4.dll
4/14/2009 2:34:47 AM Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9849.0_x-ww_1c078e1b\msxml4.dll
4/14/2009 9:42:01 AM Detected: http://www.viruslist.com/en/advisories/34012 D:\Program Files\Adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
4/14/2009 11:05:44 AM Detected: http://www.viruslist.com/en/advisories/34471 E:\back up\Mozilla Firefox\firefox.exe
4/14/2009 11:09:26 AM Detected: not-a-virus:AdWare.Win32.Dap.c E:\DIVERSE\etc\Miscelaneous\Download Accelerator Plus\Download Accelerator Plus 7.0.1.0.exe/WISE0021.BIN/dapiebar.dll
4/14/2009 11:09:27 AM Untreated: not-a-virus:AdWare.Win32.Dap.c E:\DIVERSE\etc\Miscelaneous\Download Accelerator Plus\Download Accelerator Plus 7.0.1.0.exe/WISE0021.BIN/dapiebar.dll Postponed
4/14/2009 11:10:32 AM Detected: http://www.viruslist.com/en/advisories/34471 E:\DIVERSE\Mozilla Firefox\firefox.exe
4/14/2009 11:22:55 AM Detected: Packed.Win32.Black.d D:\System Volume Information\_restore{01E1345A-81E1-4A91-A58D-26573F54FFD6}\RP157\A0069611.exe/PE_Patch/ASProtect
4/14/2009 11:23:04 AM Detected: not-a-virus:AdWare.Win32.Dap.c E:\DIVERSE\etc\Miscelaneous\Download Accelerator Plus\Download Accelerator Plus 7.0.1.0.exe/WISE0021.BIN/dapiebar.dll
4/14/2009 11:23:04 AM Untreated: not-a-virus:AdWare.Win32.Dap.c E:\DIVERSE\etc\Miscelaneous\Download Accelerator Plus\Download Accelerator Plus 7.0.1.0.exe/WISE0021.BIN/dapiebar.dll Skipped by user
4/14/2009 11:23:05 AM Detected: HackTool.Win32.Kiser.i C:\Documents and Settings\Andu\Desktop\Resetter_v1.8.rar/Resetter_v1.8\Resetter.exe
4/14/2009 11:23:05 AM Untreated: HackTool.Win32.Kiser.i C:\Documents and Settings\Andu\Desktop\Resetter_v1.8.rar/Resetter_v1.8\Resetter.exe Skipped by user
4/14/2009 11:23:05 AM Task completed

Member Avatar for lizardc4

I also observed that, sometimes my Keyboard fastkeys (i have a Logitech wireless kit) sometimes interfere with YahooMessenger; what happens is my shortcut keys are blocked, not functioning properly, and after i exit ym they are back on.

Member Avatar for MoralTerror
I also observed that, sometimes my Keyboard fastkeys (i have a Logitech wireless kit) sometimes interfere with YahooMessenger; what happens is my shortcut keys are blocked, not functioning properly, and after i exit ym they are back on.


Have you always had interference with your wireless kit in yahoo messenger?

--------------------

To avoid any conflicts with your Avira AntiVirus program please uninstall the trial version of Kaspersky.
--------------------

The following programs have had vulnerabilities detected. Please make sure you update all of these programs to the latest versions available.
Mozilla Firefox
Apple Bonjour for Windows
Adobe Reader
Adobe Air
Quick Time
Real Player

Please also install Microsoft Security Update KB954430 along with any other Security Updates available from the Windows Updates page.

------------


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:




Folder::
C:\Documents and Settings\Andu\Desktop\Resetter_v1.8.rar


Save this asCFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you atC:\ComboFix.txt which I will require in your next reply.

---------------

From Control Panel > System click on the Hardware tab then click Device Manager. Do you have any yellow exclamations next to any of the hardware?

CFScriptB-4.gif 12.76 KB
Member Avatar for lizardc4

Ok. So i updated all the programs above, and the security patch for windows. Avira antivirus was uninstaled, when i instaled kaspersky, so now i have only Kasp. on my computer. My devices are fully instaled, no question marks in device manager. In the Keyboard tab, my pc recognizes my keyboard. I didn't have any problems with YM before . The file you reuqested to be scaned with comboFix was downloaded 2 days ago, so it's fresher than my problem. I saw that it was a threat for my Pc so i deleted it. It is no longer on my computer. In the last day the task bar didn't changed the color.. and i didn't had problem with the sound. It might be solved but i am not sure yet. Thanks for your time!

Member Avatar for MoralTerror

Your very welcome. I'm not sure what's happening with your keyboard but it may be you need to install updated drivers for it, if there are any available you will find them on the manufacturer's website.


Your logs appear clean. Kindly follow these simple steps in order to keep your computer clean and secure:


  2. UNINSTALL COMBOFIX
    This process will also perform some final cleanup steps
    Click Start > Run and type ComboFix /u


  3. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  4. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.


  5. Microsoft Windows Update
    Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  6. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


  7. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  • Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  • Google Toolbar - Get the free google toolbar to help stop pop up windows.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

If there are no more issues please mark this thread as resolved.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.