Jump to content


Photo

Constant Pop-ups


  • This topic is locked This topic is locked
10 replies to this topic

#1 TLS Cole

TLS Cole

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 December 2009 - 11:22 AM

I am getting constant pop-ups on my computer. I keep running Ccleaner and Spybot Search and Destroy but nothing seems to help.

I ran HijackThis and this is the logfile that it produced. Are you able to help?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:51, on 04/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\vsnpstd3.exe
D:\Program Files\McAfee\Common Framework\udaterui.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
D:\Program Files\Logitech\Logitech Vid\vid.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\PROGRA~1\Citrix\icaweb32\Wfcrun32.exe
D:\PROGRA~1\Citrix\icaweb32\WFICA32.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LESS CITY AMEN SETUP] D:\Documents and Settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3556] command /c del "D:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8342] cmd /c del "D:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Debugbleh] D:\DOCUME~1\Paul\APPLIC~1\TrayMode\Tons Program.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB2206] command /c del "D:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8146] cmd /c del "D:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1221303722358
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12937 bytes

#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 06 December 2009 - 02:53 AM

Hello TLS Cole. Welcome to SWI.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download TFC.exe - Temp File Cleaner by OldTimer:
  • Save it to your Desktop.
  • Close any open windows, save your work,
  • Double click the TFC icon to run the program,
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish it's job,
  • Once it's finished, click OK to reboot.
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Please include the D:\ComboFix.txt, Security check report, MBAM log, and a fresh HijackThis log in your next reply for further review.

Note: Whenever my instructions direct you to C:\drive, please change it to D:\drive.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#3 TLS Cole

TLS Cole

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 December 2009 - 07:41 AM

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

McAfee VirusScan Enterprise
McAfee AntiSpyware Enterprise Module
McAfee Agent
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
McAfee AntiSpyware Enterprise Module
SpywareBlaster 4.2
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 11
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:

[color]nslookup.exe missing![/color]
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

#4 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 06 December 2009 - 08:38 AM

Hello TLS Cole

Please use the Add/Reply button so my post is not posted back to me.

Thank You.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#5 TLS Cole

TLS Cole

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 December 2009 - 11:48 AM

Hi Rocket Grannie - sorry about clicking the wrong button!! Hope I've done it right now.

I have followed all your instructions. Please see below the log files you requested.

Thanks







Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

06/12/2009 14:43:36
mbam-log-2009-12-06 (14-43-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 273151
Time elapsed: 1 hour(s), 51 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a_m_p_net (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\All Users.WINDOWS\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\anti-malware-application.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.






ComboFix 09-12-05.06 - Paul 06/12/2009 15:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1371 [GMT 0:00]
Running from: d:\documents and settings\Paul\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\iTunes\Aswad - Don't Turn Around .mp3
d:\recycler\S-1-5-21-842925246-1682526488-839522115-1003
d:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-04 15:10 . 2009-12-04 15:10 -------- d-----w- d:\program files\Trend Micro
2009-11-20 19:06 . 2009-11-20 17:43 15880 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-20 17:43 . 2009-11-20 17:43 93360 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2009-11-20 17:40 . 2009-11-20 17:40 -------- dc-h--w- d:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-19 16:00 . 2009-11-19 16:00 -------- d-----w- d:\documents and settings\Paul\Application Data\Malwarebytes
2009-11-19 16:00 . 2009-12-03 16:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 16:00 . 2009-12-03 16:13 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-19 16:00 . 2009-11-19 16:00 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-19 16:00 . 2009-12-06 12:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-17 08:18 . 2009-11-17 08:18 -------- d-----w- d:\program files\PC Connectivity Solution
2009-11-17 08:18 . 2009-10-06 11:52 7936 ----a-w- d:\windows\system32\drivers\usbser_lowerflt.sys
2009-11-17 08:18 . 2009-10-06 11:52 22016 ----a-w- d:\windows\system32\drivers\ccdcmbo.sys
2009-11-17 08:18 . 2009-10-06 11:55 1112288 ----a-w- d:\windows\system32\wdfcoinstaller01007.dll
2009-11-17 08:18 . 2009-10-06 11:52 660480 ----a-w- d:\windows\system32\nmwcdcocls.dll
2009-11-17 08:18 . 2009-10-06 11:52 17664 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2009-11-06 18:03 . 2009-11-06 18:03 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\XoftSpySE
2009-11-06 17:53 . 2009-11-06 17:53 -------- d-----w- d:\documents and settings\Paul\Local Settings\Application Data\Threat Expert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 15:53 . 2008-09-13 13:12 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-28 14:32 . 2009-02-25 16:42 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-11-24 15:01 . 2009-08-24 11:41 -------- d-----w- d:\documents and settings\Paul\Application Data\Spotify
2009-11-20 17:04 . 2008-09-13 13:17 -------- d---a-w- d:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-20 17:03 . 2008-02-07 23:23 -------- d-----w- d:\program files\SpywareBlaster
2009-11-17 08:31 . 2008-01-25 21:09 -------- d-----w- d:\program files\Spybot - Search & Destroy
2009-11-17 08:19 . 2008-03-01 14:23 -------- d-----w- d:\program files\Nokia
2009-11-17 08:19 . 2008-03-01 14:23 -------- d-----w- d:\program files\Common Files\Nokia
2009-11-17 08:17 . 2009-03-29 19:45 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-11-06 19:43 . 2008-09-13 15:00 -------- d-----w- d:\documents and settings\Paul\Application Data\Apple Computer
2009-11-05 20:33 . 2009-11-05 20:32 -------- d-----w- d:\documents and settings\Paul\Application Data\TrayMode
2009-11-05 20:32 . 2009-11-05 20:32 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City
2009-11-05 20:32 . 2009-11-05 20:32 -------- d-----w- d:\program files\TrayMode
2009-11-05 20:32 . 2009-11-05 20:32 -------- d-----w- d:\program files\Cicle Developement
2009-11-05 20:32 . 2008-03-28 21:56 -------- d-----w- d:\program files\Messenger Plus! Live
2009-11-03 09:00 . 2008-09-10 19:56 -------- d-----w- d:\program files\iTunes
2009-11-03 09:00 . 2008-09-10 19:56 -------- d-----w- d:\program files\iPod
2009-10-26 22:27 . 2008-10-30 22:32 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Kontiki
2009-10-10 23:14 . 2009-10-10 23:14 65748 ---ha-w- d:\windows\system32\mlfcache.dat
2009-10-06 11:52 . 2008-05-02 10:58 91136 ----a-w- d:\windows\system32\nmwcdcls.dll
2009-09-23 12:55 . 2009-06-21 09:02 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- d:\windows\system32\msv1_0.dll
2008-08-12 07:46 . 2008-08-12 07:46 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-21 18:24 . 2008-01-30 23:53 67696 ----a-w- d:\program files\mozilla firefox\components\jar50.dll
2008-06-21 18:24 . 2008-01-30 23:53 54376 ----a-w- d:\program files\mozilla firefox\components\jsd3250.dll
2008-06-21 18:24 . 2008-01-30 23:53 34952 ----a-w- d:\program files\mozilla firefox\components\myspell.dll
2008-06-21 18:24 . 2008-01-30 23:53 46720 ----a-w- d:\program files\mozilla firefox\components\spellchk.dll
2008-06-21 18:24 . 2008-01-30 23:53 172144 ----a-w- d:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DriverUpdaterPro"="d:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2009-04-30 2682916]
"Logitech Vid"="d:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Debugbleh"="d:\docume~1\Paul\APPLIC~1\TrayMode\Tons Program.exe" [2009-11-05 688128]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"snpstd3"="d:\windows\vsnpstd3.exe" [2006-09-19 827392]
"McAfeeUpdaterUI"="d:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="d:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"StatusClient"="d:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-07-17 40960]
"TomcatStartup"="d:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-07-17 40960]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-20 788880]
"LogitechQuickCamRibbon"="d:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"LESS CITY AMEN SETUP"="d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.exe" [2009-12-06 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Paul\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - d:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-9-23 95232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=d:\program files\Kontiki\KHost.exe -all
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg"=d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"StatusClient 2.6"=d:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe"
"TomcatStartup 2.5"=d:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Kontiki\\KService.exe"=
"d:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Hasbro Interactive\\Trivial Pursuit Millennium Edition\\TP.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [21/06/2009 09:02 64288]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [12/02/2009 21:27 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1184912]
S3 fsssvc;Windows Live Family Safety Service;d:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: network-interlinks.com\ni-intranet
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ad-Aware - d:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Driver Updater Pro - d:\documents and settings\All Users.WINDOWS\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - d:\windows\system32\nvudisp.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 16:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2080)
d:\windows\system32\WININET.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\McAfee\Common Framework\FrameworkService.exe
d:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
d:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\program files\McAfee\Common Framework\naPrdMgr.exe
d:\windows\system32\nvsvc32.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\windows\system32\wbem\unsecapp.exe
d:\windows\SOUNDMAN.EXE
d:\windows\system32\RUNDLL32.EXE
d:\program files\McAfee\Common Framework\McTray.exe
d:\program files\Internet Explorer\IEXPLORE.EXE
d:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\program files\Internet Explorer\IEXPLORE.EXE
d:\program files\iPod\bin\iPodService.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-06 16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 16:09

Pre-Run: 161,050,062,848 bytes free
Post-Run: 161,023,586,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 85E595C978D9091FF4F77B7BDACA246E




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:52, on 06/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\McAfee\Common Framework\udaterui.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Logitech\Logitech Vid\vid.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LESS CITY AMEN SETUP] D:\Documents and Settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Debugbleh] D:\DOCUME~1\Paul\APPLIC~1\TrayMode\Tons Program.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1221303722358
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11904 bytes

#6 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 07 December 2009 - 06:03 AM

Hello TLS Cole

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

That looks a lot better, but more to do yet.

Now, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop.
Do NOT run it yet.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open Notepad:- Click Start->All Programs->Accessories click Notepad
Do NOT use any other text editor than Notepad or the script will fail.
Copy/paste the text in the quote box below into Notepad:

KILLALL::

Folder::
d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LESS CITY AMEN SETUP"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), it will produce a log for you. Post that log in your next reply please.

Please reboot the computer (if ComboFix did not ask for a reboot)

Please Open HijackThis.
Click Do a system scan only button, then place a check against each of the following:

O4 - HKLM\..\Run: [LESS CITY AMEN SETUP] D:\Documents and Settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.exe

Then, close all other open windows, leaving only HijackThis open, and select Fix checked.
Close HijackThis.

Please reboot the computer.

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post:

ComboFix log.
BitDefender report.
A fresh HJT log.
And let me know what problems remain.


Rocket Grannie.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#7 TLS Cole

TLS Cole

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 16 December 2009 - 02:16 AM

Hi

Sorry it's taken me a while to reply. I followed all of your instructions and the problem appears to have been resolved. Thank you so much.

ComboFix 09-12-07.09 - Paul 08/12/2009 17:26.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1249 [GMT 0:00]
Running from: d:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Paul\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City
d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.dat
d:\documents and settings\All Users.WINDOWS\Application Data\Tool Eggs Less City\FLAW TWO.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-04 15:10 . 2009-12-04 15:10 -------- d-----w- d:\program files\Trend Micro
2009-11-20 19:06 . 2009-11-20 17:43 15880 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-20 17:43 . 2009-11-20 17:43 93360 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2009-11-20 17:40 . 2009-11-20 17:40 -------- dc-h--w- d:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-19 16:00 . 2009-11-19 16:00 -------- d-----w- d:\documents and settings\Paul\Application Data\Malwarebytes
2009-11-19 16:00 . 2009-12-03 16:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 16:00 . 2009-12-03 16:13 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-19 16:00 . 2009-11-19 16:00 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-19 16:00 . 2009-12-06 12:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-17 08:18 . 2009-11-17 08:18 -------- d-----w- d:\program files\PC Connectivity Solution
2009-11-17 08:18 . 2009-10-06 11:52 7936 ----a-w- d:\windows\system32\drivers\usbser_lowerflt.sys
2009-11-17 08:18 . 2009-10-06 11:52 22016 ----a-w- d:\windows\system32\drivers\ccdcmbo.sys
2009-11-17 08:18 . 2009-10-06 11:55 1112288 ----a-w- d:\windows\system32\wdfcoinstaller01007.dll
2009-11-17 08:18 . 2009-10-06 11:52 660480 ----a-w- d:\windows\system32\nmwcdcocls.dll
2009-11-17 08:18 . 2009-10-06 11:52 17664 ----a-w- d:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 07:07 . 2008-09-13 13:12 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-28 14:32 . 2009-02-25 16:42 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-11-24 15:01 . 2009-08-24 11:41 -------- d-----w- d:\documents and settings\Paul\Application Data\Spotify
2009-11-20 17:04 . 2008-09-13 13:17 -------- d---a-w- d:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-20 17:03 . 2008-02-07 23:23 -------- d-----w- d:\program files\SpywareBlaster
2009-11-17 08:31 . 2008-01-25 21:09 -------- d-----w- d:\program files\Spybot - Search & Destroy
2009-11-17 08:19 . 2008-03-01 14:23 -------- d-----w- d:\program files\Nokia
2009-11-17 08:19 . 2008-03-01 14:23 -------- d-----w- d:\program files\Common Files\Nokia
2009-11-17 08:17 . 2009-03-29 19:45 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-11-06 19:43 . 2008-09-13 15:00 -------- d-----w- d:\documents and settings\Paul\Application Data\Apple Computer
2009-11-06 18:03 . 2009-11-06 18:03 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\XoftSpySE
2009-11-05 20:33 . 2009-11-05 20:32 -------- d-----w- d:\documents and settings\Paul\Application Data\TrayMode
2009-11-05 20:32 . 2009-11-05 20:32 -------- d-----w- d:\program files\TrayMode
2009-11-05 20:32 . 2009-11-05 20:32 -------- d-----w- d:\program files\Cicle Developement
2009-11-05 20:32 . 2008-03-28 21:56 -------- d-----w- d:\program files\Messenger Plus! Live
2009-11-03 09:00 . 2008-09-10 19:56 -------- d-----w- d:\program files\iTunes
2009-11-03 09:00 . 2008-09-10 19:56 -------- d-----w- d:\program files\iPod
2009-10-26 22:27 . 2008-10-30 22:32 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Kontiki
2009-10-10 23:14 . 2009-10-10 23:14 65748 ---ha-w- d:\windows\system32\mlfcache.dat
2009-10-06 11:52 . 2008-05-02 10:58 91136 ----a-w- d:\windows\system32\nmwcdcls.dll
2009-09-23 12:55 . 2009-06-21 09:02 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- d:\windows\system32\msv1_0.dll
2008-08-12 07:46 . 2008-08-12 07:46 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-21 18:24 . 2008-01-30 23:53 67696 ----a-w- d:\program files\mozilla firefox\components\jar50.dll
2008-06-21 18:24 . 2008-01-30 23:53 54376 ----a-w- d:\program files\mozilla firefox\components\jsd3250.dll
2008-06-21 18:24 . 2008-01-30 23:53 34952 ----a-w- d:\program files\mozilla firefox\components\myspell.dll
2008-06-21 18:24 . 2008-01-30 23:53 46720 ----a-w- d:\program files\mozilla firefox\components\spellchk.dll
2008-06-21 18:24 . 2008-01-30 23:53 172144 ----a-w- d:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_16.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-08 17:34 . 2009-12-08 17:34 16384 d:\windows\temp\Perflib_Perfdata_79c.dat
+ 2009-12-08 17:34 . 2009-04-30 15:01 109080 d:\windows\temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DriverUpdaterPro"="d:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2009-04-30 2682916]
"Logitech Vid"="d:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Debugbleh"="d:\docume~1\Paul\APPLIC~1\TrayMode\Tons Program.exe" [2009-11-05 688128]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"snpstd3"="d:\windows\vsnpstd3.exe" [2006-09-19 827392]
"McAfeeUpdaterUI"="d:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="d:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"StatusClient"="d:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-07-17 40960]
"TomcatStartup"="d:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-07-17 40960]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-20 788880]
"LogitechQuickCamRibbon"="d:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Paul\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - d:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-9-23 95232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=d:\program files\Kontiki\KHost.exe -all
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg"=d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"StatusClient 2.6"=d:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe"
"TomcatStartup 2.5"=d:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Kontiki\\KService.exe"=
"d:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Hasbro Interactive\\Trivial Pursuit Millennium Edition\\TP.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [21/06/2009 09:02 64288]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [12/02/2009 21:27 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1184912]
S3 fsssvc;Windows Live Family Safety Service;d:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: network-interlinks.com\ni-intranet
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Trivial Pursuit Millennium Edition - d:\windows\IsUninst.exe -fd:\program files\Hasbro Interactive\Trivial Pursuit Millennium Edition\TPuninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 17:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4088)
d:\windows\system32\WININET.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\McAfee\Common Framework\FrameworkService.exe
d:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
d:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\windows\system32\nvsvc32.exe
d:\program files\McAfee\Common Framework\naPrdMgr.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\windows\system32\wbem\unsecapp.exe
d:\windows\SOUNDMAN.EXE
d:\windows\system32\RUNDLL32.EXE
d:\program files\McAfee\Common Framework\McTray.exe
d:\program files\Internet Explorer\IEXPLORE.EXE
d:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-08 17:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 17:40
ComboFix2.txt 2009-12-06 16:09

Pre-Run: 161,054,027,776 bytes free
Post-Run: 161,007,939,584 bytes free

- - End Of File - - 752026626A2A40894BB385B828987585

#8 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 16 December 2009 - 03:20 AM

Hello TLS Cole

I'm glad to hear things appear to be okay, but there is more to do yet.
At the moment, I don't have enough information to tell if the computer is clean or not.

Please use the Posted Image button to reply.
So my post is not posted back to me.

Please post:

BitDefender report.
A fresh HJT log.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#9 TLS Cole

TLS Cole

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 December 2009 - 05:23 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:29, on 16/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\vsnpstd3.exe
D:\Program Files\McAfee\Common Framework\udaterui.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
D:\Program Files\Logitech\Logitech Vid\vid.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [StatusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] D:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Debugbleh] D:\DOCUME~1\Paul\APPLIC~1\TrayMode\Tons Program.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1221303722358
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12440 bytes

I thought I had already replied but now I can't see my reply. Sorry if you get this twice.

I ran the BitDefender scan but when I tried to post the report on here, the computer crashed and now I can't find it. Shall I run it again? It said that it had detected a virus called "Exploit.PDF-JS.Gen".

The pop-ups are back big-time all of a sudden so you were right that the computer is not clean.

Thanks


Tone

#10 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 17 December 2009 - 08:24 PM

Hello TLS Cole

Okay, looks like we start all over again.
Let's find out why BitDefender crashed, and why the pop ups are back.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Please locate, then double-click Malwarebytes click Update tab>>>Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has finished updating please select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Next, please run a GMER Rootkit scan:

Download GMER from here

Unzip it to the Desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.
http://www.gmer.net/files.php

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan is finished click Copy (2) and paste the results (if any) into this thread

In Internet Explorer, please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.
To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.
    NOTE: Before scanning, make sure all other running programs are closed
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.
If you have any problems running these programs, STOP and let me know.

Click Add Reply then post:

MBAM log.
Gmer log.

Click Add Reply.

Then Click Add Reply again and post:

Kaspersky report
DDS log

Finally, click Add Reply again.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,734 posts

Posted 26 December 2009 - 07:52 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button