Jump to content

High_Ordinator

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Ory-Gun
  1. High_Ordinator
    All finished thank you for your help it is very much appreciated
  2. High_Ordinator
    Havent Had any more redirects so far it looks clear, below is the log thakns for you help so far. DDS (Ver_10-03-17.01) - NTFSx86 Run by High Ordinator at 12:49:37.70 on Sat 05/15/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2942 [GMT -7:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\High Ordinator\Desktop\Fixing Time\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-23 108289] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-23 56816] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-7-26 38656] S3 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-23 185089] =============== Created Last 30 ================ 2010-05-14 17:59:29 0 d-----w- c:\program files\ESET 2010-05-14 02:14:07 0 ----a-w- c:\documents and settings\high ordinator\defogger_reenable 2010-05-14 02:06:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-14 01:00:11 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-05-13 21:34:11 0 d-----w- c:\windows\system32\wbem\Repository 2010-05-13 01:05:42 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-25 18:04:23 0 d-----w- C:\591e941d2c516e5a4553 ==================== Find3M ==================== 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 22:58:12 256512 ----a-w- c:\windows\PEV.exe 2010-04-17 06:00:24 90112 ----a-w- c:\windows\DUMP3ad6.tmp 2010-03-09 21:49:43 152904 ----a-w- c:\windows\system32\vghd.scr 2009-07-27 07:58:15 32768 ----a-w- c:\windows\inf\UpdateUSB.exe 2009-12-19 21:33:42 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-12-22 23:59:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122220091223\index.dat ============= FINISH: 12:49:46.87 ===============
  3. High_Ordinator
    Mbams log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4101 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/14/2010 10:57:25 AM mbam-log-2010-05-14 (10-57-25).txt Scan type: Quick scan Objects scanned: 112395 Time elapsed: 2 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And ESET's log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=4e0a23c4cc63bb499ec5d3a0b0f7af77 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-14 06:47:09 # local_time=2010-05-14 11:47:09 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 22724221 22724221 0 0 # compatibility_mode=1024 16777215 100 0 4139693 4139693 0 0 # compatibility_mode=1797 16775142 100 100 0 48634789 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=35589 # found=5 # cleaned=5 # scan_time=2203 C:\Documents and Settings\High Ordinator\Application Data\Sun\Java\Deployment\cache\6.0\20\70fd5b14-121dc98b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\High Ordinator\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-71a40fcb multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\High Ordinator\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5bef12e1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dmload.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C
  4. High_Ordinator
    Combofix ran and the Log posted below thanks alot for your help. Also an FYI after combofix ran a new Internet explorer Icon showed up on my desktop, and its not a short cut. ComboFix 10-05-13.04 - High Ordinator 05/14/2010 9:42.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3018 [GMT -7:00] Running from: c:\documents and settings\High Ordinator\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\dmload.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 ))))))))))))))))))))))))))))))) . 2010-05-14 02:06 . 2010-05-14 02:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-14 01:00 . 2010-05-14 01:00 -------- d-----w- c:\program files\Java 2010-05-13 21:34 . 2010-05-13 21:34 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-13 01:05 . 2010-05-13 01:05 -------- d-----w- c:\program files\Common Files\Java 2010-05-13 01:05 . 2010-05-13 01:05 61440 ----a-w- c:\documents and settings\High Ordinator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60cfbaa4-n\decora-sse.dll 2010-05-13 01:05 . 2010-05-13 01:05 503808 ----a-w- c:\documents and settings\High Ordinator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-23ec7bc5-n\msvcp71.dll 2010-05-13 01:05 . 2010-05-13 01:05 499712 ----a-w- c:\documents and settings\High Ordinator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-23ec7bc5-n\jmc.dll 2010-05-13 01:05 . 2010-05-13 01:05 348160 ----a-w- c:\documents and settings\High Ordinator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-23ec7bc5-n\msvcr71.dll 2010-05-13 01:05 . 2010-05-13 01:05 12800 ----a-w- c:\documents and settings\High Ordinator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-60cfbaa4-n\decora-d3d.dll 2010-05-13 01:05 . 2010-05-14 01:00 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 09:41 . 2010-05-01 09:41 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Identities 2010-04-25 18:04 . 2010-04-25 18:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-25 18:04 . 2010-04-25 18:04 -------- d-----w- C:\591e941d2c516e5a4553 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-13 21:25 . 2009-07-27 06:07 25712 ----a-w- c:\documents and settings\High Ordinator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-02 20:56 . 2010-01-29 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 22:39 . 2010-01-29 23:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2010-01-29 23:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-22 17:38 . 2010-04-08 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-17 06:00 . 2009-07-26 17:32 90112 ----a-w- c:\windows\DUMP3ad6.tmp 2010-04-10 05:16 . 2010-03-19 18:19 -------- d-----w- c:\program files\World of Warcraft 2010-04-08 03:54 . 2010-04-08 03:54 -------- d-----w- c:\program files\Microsoft Works 2010-04-08 03:54 . 2010-04-08 03:54 -------- d-----w- c:\program files\Microsoft.NET 2010-03-26 20:15 . 2010-03-26 20:15 -------- d-----w- c:\program files\AVG 2010-03-26 20:12 . 2010-03-26 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2010-03-19 23:39 . 2010-03-19 23:35 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Ventrilo 2010-03-19 19:16 . 2010-03-19 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard 2010-03-19 18:19 . 2010-03-19 18:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-03-19 18:14 . 2009-08-04 01:54 -------- d-----w- c:\program files\OpenOffice.org 3 2010-03-19 17:58 . 2010-03-19 17:58 -------- d-----w- c:\program files\Ventrilo 2010-03-19 17:57 . 2009-07-27 07:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-13 00:09 . 2010-03-13 00:09 10134 ----a-r- c:\documents and settings\High Ordinator\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe 2010-03-13 00:08 . 2010-03-13 00:08 10134 ----a-r- c:\documents and settings\High Ordinator\Application Data\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe 2010-03-09 21:56 . 2010-03-09 21:50 3 ----a-w- c:\windows\sbacknt.bin 2010-03-09 21:49 . 2010-03-09 21:49 152904 ----a-w- c:\windows\system32\vghd.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984] "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-12 692224] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2009 10:57 AM 108289] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/26/2009 11:27 PM 38656] S0 rlqyyyp;rlqyyyp; [x] S2 gdbsgzk;gdbsgzk;c:\windows\system32\drivers\fxhrrigh.sys --> c:\windows\system32\drivers\fxhrrigh.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-notepad - c:\docume~1\LOCALS~1\ntload.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-14 09:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-05-14 09:46:45 ComboFix-quarantined-files.txt 2010-05-14 16:46 Pre-Run: 47,782,285,312 bytes free Post-Run: 47,841,107,968 bytes free - - End Of File - - DAB23CC7BA5612052974EC1F92B052C1
  5. High_Ordinator
    Having similar issues as others with google search redirecting to random pages. De-fogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:14 on 13/05/2010 (High Ordinator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- DDS log DDS (Ver_10-03-17.01) - NTFSx86 Run by High Ordinator at 19:14:32.64 on Thu 05/13/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2718 [GMT -7:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\High Ordinator\Desktop\Fixing Time\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [notepad] rundll32.exe c:\docume~1\locals~1\ntload.dll,_IWMPEvents@0 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab AppInit_DLLs: rokewezi.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-23 108289] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-23 56816] R3 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-23 185089] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-7-26 38656] S0 rlqyyyp;rlqyyyp; [x] S2 gdbsgzk;gdbsgzk;c:\windows\system32\drivers\fxhrrigh.sys --> c:\windows\system32\drivers\fxhrrigh.sys [?] =============== Created Last 30 ================ 2010-05-14 02:14:07 0 ----a-w- c:\documents and settings\high ordinator\defogger_reenable 2010-05-14 02:06:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-14 01:00:11 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-05-13 21:34:11 0 d-----w- c:\windows\system32\wbem\Repository 2010-05-13 01:05:42 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-25 18:04:23 0 d-----w- C:\591e941d2c516e5a4553 ==================== Find3M ==================== 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-17 06:00:24 90112 ----a-w- c:\windows\DUMP3ad6.tmp 2010-03-09 21:49:43 152904 ----a-w- c:\windows\system32\vghd.scr 2009-07-27 07:58:15 32768 ----a-w- c:\windows\inf\UpdateUSB.exe 2009-12-19 21:33:42 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-12-22 23:59:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122220091223\index.dat ============= FINISH: 19:15:12.65 =============== And a Hijackthis log for good measure... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:44:08 PM, on 5/13/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab O20 - AppInit_DLLs: rokewezi.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4870 bytes If I missed anything let me know and I will get on it. Attach.zip mbam_log_2010_05_13__19_13_34_.txt
  6. High_Ordinator
    Here is the log from combo fix. ComboFix 09-09-03.02 - High Ordinator 09/03/2009 12:39.1.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2978 [GMT -7:00] Running from: c:\documents and settings\High Ordinator\Desktop\AV\yoyo.bat.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Shared c:\program files\Shared\lib.sig c:\windows\system32\Data c:\windows\system32\drivers\UACiqxjcfqpxu.sys c:\windows\system32\UACdpmqxxtarg.dll c:\windows\system32\UACgrcrltoblu.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACmycixgkgwy.dll c:\windows\system32\UACnridibqhky.db c:\windows\system32\UACwvjnvrewem.dll c:\windows\system32\UACxsaftlwowx.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 ))))))))))))))))))))))))))))))) . 2009-08-23 17:57 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-23 17:57 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-23 17:57 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-23 17:57 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\program files\Avira 2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\program files\Trend Micro 2009-08-22 21:40 . 2009-08-22 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-08-13 18:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 23:44 . 2009-08-12 23:44 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Mozilla 2009-08-09 17:26 . 2009-08-09 17:26 -------- d-----w- c:\windows\Sun 2009-08-08 05:13 . 2009-08-08 05:13 0 ----a-w- c:\windows\nsreg.dat 2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Flock 2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Flock 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 23:49 . 2009-07-27 06:41 -------- d-----w- c:\program files\Creative 2009-08-22 21:56 . 2009-07-27 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\MSBuild 2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\Reference Assemblies 2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\JRE 2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-04 01:54 . 2009-08-04 01:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\Java 2009-08-03 20:36 . 2009-07-27 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-07-27 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-30 05:04 . 2009-07-30 05:04 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-30 05:00 . 2009-07-27 17:57 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\vlc 2009-07-30 03:41 . 2009-07-30 03:41 -------- d-----w- c:\program files\WMV9_VCM 2009-07-27 17:56 . 2009-07-27 17:56 -------- d-----w- c:\program files\vlc-1.0.0 2009-07-27 17:54 . 2009-07-27 17:54 -------- d-----w- c:\program files\AbiSuite2 2009-07-27 17:24 . 2009-07-27 06:42 -------- d--h--w- c:\program files\Creative Installation Information 2009-07-27 08:30 . 2009-07-27 08:30 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Malwarebytes 2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-27 07:44 . 2009-07-27 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-07-27 07:20 . 2009-07-27 06:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\AGEIA Technologies 2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\NVIDIA Corporation 2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-07-27 07:13 . 2009-07-27 07:13 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-27 07:09 . 2009-07-27 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-07-27 07:01 . 2009-07-27 06:07 12328 ----a-w- c:\documents and settings\High Ordinator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-27 06:59 . 2009-07-27 06:59 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Creative 2009-07-27 06:57 . 2009-07-27 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative 2009-07-27 06:46 . 2009-07-27 06:46 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-27 06:29 . 2009-07-27 06:29 -------- d-----w- c:\program files\ASUS 2009-07-27 06:29 . 2009-07-27 06:08 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-27 06:27 . 2009-07-27 06:27 -------- d-----w- c:\program files\Attansic 2009-07-27 06:24 . 2009-07-27 06:24 -------- d-----w- c:\program files\Realtek 2009-07-27 06:24 . 2009-07-27 06:24 315392 ----a-w- c:\windows\HideWin.exe 2009-07-27 06:15 . 2009-07-27 06:15 -------- d-----w- c:\program files\Intel 2009-07-27 06:14 . 2009-07-27 06:14 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Logitech 2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-27 06:13 . 2009-07-27 06:12 -------- d-----w- c:\program files\Common Files\Logitech 2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech 2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\program files\Logitech 2009-07-27 02:05 . 2009-07-27 02:05 -------- d-----w- c:\program files\microsoft frontpage 2009-07-27 02:02 . 2009-07-27 02:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-07-14 18:54 . 2009-07-27 07:16 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-07-27 07:16 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-07-27 07:16 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-07-27 07:16 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-14 18:54 . 2009-07-27 06:10 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2007-08-13 21:14 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2007-08-13 21:14 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2007-08-13 21:14 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2007-08-13 21:14 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-07-14 06:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 14:01 . 2009-07-27 06:09 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-29 16:12 . 2007-07-27 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2007-07-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2007-07-27 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2007-07-27 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2009-07-27 02:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2007-07-27 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2009-07-27 08:14 132096 ----a-w- c:\windows\system32\wkssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984] "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-26 688128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2009 10:57 AM 108289] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/26/2009 11:27 PM 38656] S2 gdbsgzk;gdbsgzk;c:\windows\system32\drivers\fxhrrigh.sys --> c:\windows\system32\drivers\fxhrrigh.sys [?] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-03 12:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2964) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-03 12:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-03 19:44 Pre-Run: 83,131,293,696 bytes free Post-Run: 83,437,473,792 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 213 --- E O F --- 2009-08-13 19:09
  7. High_Ordinator
    I am at work right now, but when I get off tonight I will get that log posted up for you, thanks for your assistance
  8. High_Ordinator
    Uacinit.dll seems to refuse to be deleted even on reboot and it brings more and more problems in after it. Please help me with the removal of it. Thanks in advance! Malwarebytes' Anti-Malware 1.40 Database version: 2710 Windows 5.1.2600 Service Pack 3 8/28/2009 4:02:34 PM mbam-log-2009-08-28 (16-02-34).txt Scan type: Quick Scan Objects scanned: 84371 Time elapsed: 3 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:11:57 PM, on 8/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: ::1 localhost O1 - Hosts: 91.206.201.8 osadwarekill.microsoft.com O1 - Hosts: 91.206.201.8 osadwarekill.com O1 - Hosts: 91.206.201.8 www.osadwarekill.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\lose.bat.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab O18 - Filter hijack: text/html - {0537b63c-7bb5-41d7-b495-955ede66f1c1} - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5254 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.