Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter · #1 ·
Hi to everyone
I m peeyush
actually my problem is that whenever i boot my windows xp then it stucks on the screen where the windows xp loads i.e the part where the blue bars moves in a black screen with windows written over it for more than 5 min, i tried to change the postion of my hard drive on the board slots and even re-installed the windows but nothing happening, could nybody plz tell me what's happening.:(
Regards
peeyush
 

·
Trusted Advisor
Joined
·
85,517 Posts
Answer these questions:

What's the processor type and speed?

How much RAM is installed?

How large is the hard drive and how much free space is there?

Press Ctrl-Alt-Delete to open Windows Task Manager, then click the "Processes" tab. How many processes are running?

Click Start - Run, type in MSCONFIG and then click OK - "Startup" tab. How many entries are checked?

---------------------------------------------------------------

Do you know how to post a HijackThis log here of your computer?

--------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,517 Posts
Go here and click the green icon to download HijackThis 2.0.2.

Install it in its default location: C:\Program Files\Trend Micro\HijackThis.

Run a scan with it - which will take 30 seconds or less.

Save the resulting log in Notepad.

Return here, then copy-and-paste the entire log here.

----------------------------------------------------------
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #5 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:46 AM, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1582C801-D20D-4203-9676-9E277D35D05E}: NameServer = 202.148.200.3 202.148.202.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{1582C801-D20D-4203-9676-9E277D35D05E}: NameServer = 202.148.200.3 202.148.202.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{1582C801-D20D-4203-9676-9E277D35D05E}: NameServer = 202.148.200.3 202.148.202.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

--
End of file - 5089 bytes

I m really sorry for posting this log too late but i was actually unable to access internet these days
 

·
Trusted Advisor
Joined
·
85,517 Posts
This log entry:

O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe

indicates an infection. Go here and look at the second entry from the bottom of the list.

Your running processes indicates you're using uTorrent, so that may be where the infection came from.

I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance.

Go here and click the green icon to download Malwarebytes Anti-Malware 1.40. Just download it and save it for now. Don't install it or do anything with it yet.

The startup load could use some trimming down, but we can deal with that later.

--------------------------------------------------------------
 

·
Administrator
Joined
·
123,574 Posts
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 

·
Trusted Advisor
Joined
·
85,517 Posts
sharma:

Follow Cookiegal's instructions from here on. After she gets done with you, I'll assist you with trimming down the startup load and with updating your java program.

--------------------------------------------------------------

Cookiegal:

Thanks for the PM from you and Cybertech.

--------------------------------------------------------------
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #9 ·
This is the Combo-Fix Report
===========================
ComboFix 09-09-09.04 - Home 06/13/2009 8:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1283 [GMT 5.5:30]
Running from: c:\documents and settings\Home\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090909-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 01:09 . 2009-06-13 01:09 -------- d-----w- c:\documents and settings\Home\Application Data\SystemRequirementsLab
2009-06-13 01:05 . 2009-06-13 01:05 -------- d-----w- c:\windows\Sun
2009-06-12 19:05 . 2009-06-12 19:05 -------- d-----w- c:\program files\Trend Micro
2009-06-12 18:08 . 2009-06-12 18:08 -------- d-----w- c:\program files\Real
2009-06-12 15:54 . 2009-06-12 15:54 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo
2009-06-12 15:52 . 2009-06-12 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-12 15:49 . 2009-06-12 15:49 -------- d-----w- c:\program files\Yahoo!
2009-06-12 15:14 . 2009-06-12 15:14 -------- d-----w- c:\program files\CBS Software
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-11 13:52 . 2009-06-11 13:52 -------- d-----w- c:\program files\Total Video Converter
2009-06-11 13:51 . 2009-06-11 13:51 -------- d-----w- C:\Temp
2009-06-11 10:26 . 2009-06-11 10:26 -------- d-s---w- c:\documents and settings\Home\UserData
2009-06-10 14:13 . 2009-06-10 14:13 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Help
2009-06-10 13:46 . 2004-08-03 17:38 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-10 13:46 . 2004-08-03 17:38 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-10 10:48 . 2009-06-10 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-06-10 10:48 . 2009-06-10 10:48 -------- d-----w- c:\program files\RapidSolution
2009-06-07 22:14 . 2009-06-07 22:14 -------- d-----w- c:\program files\Foxit Software
2009-06-07 22:14 . 2009-06-07 22:14 -------- d-----w- c:\documents and settings\Home\Application Data\Foxit
2009-06-07 12:13 . 2009-06-10 09:56 -------- d-----w- c:\windows\APW_DATA
2009-06-07 12:13 . 2009-06-07 12:13 -------- d-----w- c:\documents and settings\Home\WINDOWS
2009-06-07 09:46 . 2009-06-07 09:46 -------- d-----w- c:\documents and settings\Home\Application Data\Apple Computer
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\program files\QuickTime
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Apple
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\program files\Apple Software Update
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-07 09:44 . 2009-06-07 09:44 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Apple Computer
2009-06-07 09:44 . 2009-06-07 09:44 -------- d-----w- c:\program files\Xilisoft
2009-06-07 09:03 . 2009-06-07 09:03 -------- d-----w- c:\program files\SoftLogica
2009-06-06 13:33 . 2009-06-06 13:33 -------- d-----w- c:\documents and settings\Home\Application Data\MAGIX
2009-06-06 13:33 . 2001-05-16 12:24 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-06-06 13:33 . 2001-05-11 07:48 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-06-06 13:31 . 2009-06-10 10:51 -------- d-----w- c:\program files\MAGIX
2009-06-06 13:31 . 2007-04-27 04:13 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-06-06 13:31 . 2009-06-06 13:34 -------- d-----w- c:\windows\system32\MAGIX
2009-06-06 13:31 . 2008-04-15 09:44 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-06-06 13:16 . 2009-06-10 10:52 -------- d-----w- c:\program files\Sketch Master
2009-06-06 03:52 . 2009-06-06 03:52 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Macromedia
2009-06-06 03:46 . 2009-06-06 03:52 -------- d-----w- c:\program files\ModernDesktop
2009-06-05 14:21 . 2009-06-05 14:21 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-05 13:06 . 2009-06-05 13:06 -------- d-----w- c:\program files\DivX
2009-06-05 13:06 . 2009-06-05 13:06 -------- d-----w- c:\windows\system32\custom matrices
2009-06-05 13:06 . 2009-06-05 13:06 -------- d-----w- c:\windows\system32\C2MP
2009-06-04 08:27 . 2009-06-04 08:27 -------- d-----w- c:\program files\Team6 game studios
2009-06-04 08:21 . 2009-06-04 08:22 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-04 08:21 . 2009-06-04 08:22 -------- d-----w- c:\program files\Macromedia
2009-06-04 08:21 . 2009-06-04 08:21 -------- d-----w- c:\windows\Downloaded Installations
2009-06-03 04:11 . 2009-06-05 13:09 -------- d-----w- c:\documents and settings\Home\Application Data\dvdcss
2009-06-02 03:47 . 2009-06-02 03:48 -------- d-----w- c:\program files\Kasparov Chessmate
2009-06-02 03:46 . 2009-06-02 03:46 -------- d-----w- c:\program files\ReflexiveArcade
2009-06-01 11:29 . 2009-06-01 11:29 -------- d-----w- C:\Valve
2009-06-01 10:48 . 2009-06-01 10:48 -------- d-----w- c:\program files\EA Sports
2009-06-01 10:46 . 2009-06-01 10:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-01 10:46 . 2009-06-01 14:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-01 10:45 . 2009-06-01 10:45 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-01 10:45 . 2009-06-01 10:45 -------- d-----w- c:\documents and settings\Home\Application Data\DAEMON Tools
2009-06-01 05:47 . 2009-06-12 06:13 -------- d-----w- c:\documents and settings\Home\Application Data\vlc
2009-06-01 04:34 . 2009-06-01 04:34 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2009-06-01 03:49 . 2009-06-01 03:49 -------- d-----w- c:\program files\uTorrent
2009-06-01 03:49 . 2009-06-13 02:11 -------- d-----w- c:\documents and settings\Home\Application Data\uTorrent
2009-06-01 02:27 . 2009-06-13 02:43 -------- d-----w- c:\documents and settings\Home\Application Data\DMCache
2009-06-01 02:27 . 2009-06-02 17:46 -------- d-----w- c:\documents and settings\Home\Application Data\IDM
2009-06-01 02:27 . 2009-06-10 08:56 -------- d-----w- c:\program files\Internet Download Manager
2009-06-01 02:27 . 2009-06-01 02:27 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 02:27 . 2009-06-01 02:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Mozilla
2009-06-01 02:26 . 2009-06-01 02:26 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2009-06-01 02:26 . 2009-06-01 02:26 -------- d-----w- c:\program files\Google
2009-06-01 02:21 . 2006-11-10 08:46 18704 ----a-r- c:\windows\system32\drivers\se31nd5.sys
2009-06-01 02:21 . 2006-11-10 08:46 90800 ----a-r- c:\windows\system32\drivers\se31unic.sys
2009-06-01 02:21 . 2006-11-10 08:45 4128 ----a-r- c:\windows\system32\drivers\se31cr.sys
2009-06-01 02:21 . 2006-11-10 08:45 88688 ----a-r- c:\windows\system32\drivers\SE31mgmt.sys
2009-06-01 02:21 . 2006-11-10 08:46 86560 ----a-r- c:\windows\system32\drivers\SE31obex.sys
2009-06-01 02:20 . 2006-11-10 08:45 97184 ----a-r- c:\windows\system32\drivers\SE31mdm.sys
2009-06-01 02:20 . 2006-11-10 08:45 9360 ----a-r- c:\windows\system32\drivers\SE31mdfl.sys
2009-06-01 02:20 . 2006-11-10 08:45 6240 ----a-r- c:\windows\system32\drivers\SE31cmnt.sys
2009-06-01 02:20 . 2006-11-10 08:45 6240 ----a-r- c:\windows\system32\drivers\SE31cm.sys
2009-06-01 02:20 . 2006-11-10 08:46 5872 ----a-r- c:\windows\system32\drivers\SE31whnt.sys
2009-06-01 02:20 . 2006-11-10 08:46 5872 ----a-r- c:\windows\system32\drivers\se31wh.sys
2009-06-01 02:20 . 2006-11-10 08:45 61600 ----a-r- c:\windows\system32\drivers\SE31bus.sys
2009-06-01 01:28 . 2004-08-04 00:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-31 16:16 . 2004-08-03 17:38 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-31 16:16 . 2004-08-03 17:38 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-31 16:15 . 2009-06-12 13:38 84528 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 16:15 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-05-31 16:13 . 2009-05-31 16:13 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 16:13 . 2009-05-31 16:13 -------- d-----w- c:\program files\MSBuild
2009-05-31 16:11 . 2009-05-31 16:11 -------- d-----w- c:\windows\SHELLNEW
2009-05-31 16:11 . 2009-05-31 16:11 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Microsoft Help
2009-05-31 16:11 . 2009-05-31 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 16:10 . 2009-05-31 16:10 -------- d-----r- C:\MSOCache
2009-05-31 16:09 . 2009-05-31 16:09 -------- d-----w- c:\program files\Java
2009-05-31 16:09 . 2009-05-31 16:09 -------- d-----w- c:\program files\Common Files\Java
2009-05-31 16:08 . 2009-06-07 09:43 737280 ----a-w- c:\windows\iun6002.exe
2009-05-31 16:08 . 2009-06-07 09:43 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-05-31 16:08 . 2009-05-31 16:08 -------- d-----w- c:\program files\Real Alternative
2009-05-31 16:08 . 2009-05-31 16:08 -------- d-----w- c:\program files\Media Player Classic
2009-05-31 16:08 . 2009-05-31 16:08 -------- d-----w- c:\program files\XP Codec Pack
2009-05-31 16:07 . 2009-05-31 16:07 -------- d-----w- c:\program files\VideoLAN
2009-05-31 16:06 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-31 16:06 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-31 16:06 . 2009-05-31 16:06 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-31 15:53 . 2004-08-03 17:38 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 18:08 . 2009-05-30 11:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-06 13:32 . 2009-06-06 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-05-31 15:55 . 2009-05-31 15:55 -------- d-----w- c:\program files\Alwil Software
2009-05-30 11:10 . 2009-05-30 11:07 -------- d-----w- c:\program files\Realtek
2009-05-30 11:10 . 2009-05-30 11:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 11:10 . 2009-05-30 11:10 315392 ----a-w- c:\windows\HideWin.exe
2009-05-30 11:07 . 2009-05-30 11:07 -------- d-----w- c:\documents and settings\Home\Application Data\InstallShield
2009-05-30 11:02 . 2009-05-30 11:02 -------- d-----w- c:\program files\Intel
2009-05-30 11:02 . 2009-05-30 11:02 -------- d-----w- c:\program files\MSXML 4.0
2009-05-30 10:57 . 2009-05-30 10:57 -------- d-----w- c:\program files\microsoft frontpage
2009-05-30 10:54 . 2009-05-30 10:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-02 05:20 . 2009-05-30 11:05 393216 ----a-r- c:\windows\system32\igxpun.exe
2009-05-02 05:20 . 2009-05-30 11:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2009-05-02 05:20 . 2009-05-30 11:07 90880 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2009-05-02 05:20 . 2009-05-30 11:10 86016 ------r- c:\windows\SoundMan.exe
2009-05-02 05:19 . 2009-05-30 11:10 1245184 ------r- c:\windows\SkyTel.exe
2009-05-02 05:18 . 2009-05-30 11:10 1191936 ------r- c:\windows\RtlUpd.exe
2009-05-02 05:18 . 2009-05-30 11:10 9715200 ------r- c:\windows\RTLCPL.exe
2009-05-02 05:18 . 2009-05-30 11:10 4424192 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-05-02 05:18 . 2009-05-30 11:10 16132608 ------r- c:\windows\RTHDCPL.exe
2009-05-02 05:18 . 2009-05-30 11:10 2162688 ------r- c:\windows\MicCal.exe
2009-05-02 05:18 . 2009-05-30 11:10 2808832 ------r- c:\windows\alcwzrd.exe
2009-05-02 05:18 . 2009-05-30 11:10 69632 ------r- c:\windows\Alcmtr.exe
2009-05-02 05:17 . 2009-05-30 11:10 520192 ------r- c:\windows\RtlExUpd.dll
2009-05-02 05:17 . 2009-05-30 11:11 49152 ------r- c:\windows\system32\ChCfg.exe
2009-03-26 15:35 . 2009-03-30 08:51 210352 ----a-w- c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-02 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-02 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-02 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-11 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-05-02 16132608]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-05-02 1245184]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/31/2009 9:25 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2009 9:25 PM 20560]
R3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [6/1/2009 7:50 AM 61600]
R3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [6/1/2009 7:50 AM 9360]
R3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [6/1/2009 7:50 AM 97184]
R3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [6/1/2009 7:51 AM 88688]
R3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [6/1/2009 7:51 AM 86560]
R3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [6/1/2009 7:51 AM 90800]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6/6/2009 7:02 PM 1527900]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [6/1/2009 7:51 AM 18704]
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 09:27]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1582C801-D20D-4203-9676-9E277D35D05E} = 202.148.200.3 202.148.202.4
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\v0mn07yf.default\
FF - component: c:\documents and settings\Home\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 08:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-13 8:14
ComboFix-quarantined-files.txt 2009-06-13 02:44

Pre-Run: 3,870,674,944 bytes free
Post-Run: 3,937,431,552 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
212

==================================================

This is the HijackThis Report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:33 AM, on 9/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1582C801-D20D-4203-9676-9E277D35D05E}: NameServer = 202.148.200.3 202.148.202.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{1582C801-D20D-4203-9676-9E277D35D05E}: NameServer = 202.148.200.3 202.148.202.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

--
End of file - 4957 bytes
====================================================
Can't it be any kind of Hardware Problem
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #13 ·
Hello Cookiegal
==================================
Now I have installed Micorsoft recovery console and I am posting the new log.

========================================
ComboFix 09-09-09.04 - Home 09/19/2009 8:07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1621 [GMT 5.5:30]
Running from: c:\documents and settings\Home\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090918-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Images
c:\images\3da.jpg
c:\images\ts_back2.gif

.
((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-18 06:26 . 2009-09-18 11:45 -------- d-----w- c:\program files\Common Files\System-G
2009-09-17 10:52 . 2009-09-17 10:52 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Opera
2009-09-17 10:52 . 2009-09-17 10:52 -------- d-----w- c:\program files\Opera
2009-09-16 09:20 . 2004-12-12 13:43 208896 ----a-w- C:\3DAnalyze.exe
2009-09-16 09:20 . 2004-12-10 16:14 52736 ----a-w- C:\ForceDLL.dll
2009-09-16 09:20 . 2004-12-10 16:14 90112 ----a-w- C:\hook_3DA.dll
2009-09-16 06:39 . 2009-09-16 09:48 -------- d-----w- C:\EA SPORTS(TM) IPL Cricket 08
2009-09-15 07:42 . 2009-09-18 12:39 3532 ----a-w- C:\drmHeader.bin
2009-09-15 02:20 . 2009-09-15 02:20 -------- d-----w- c:\program files\FLV Player
2009-09-15 00:58 . 2008-03-21 08:27 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-09-14 16:07 . 2009-09-14 16:07 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-09-14 16:07 . 2009-09-14 16:07 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-09-14 16:07 . 2009-09-14 16:07 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-09-14 16:07 . 2009-09-14 16:07 -------- d-----w- c:\program files\Sony Ericsson
2009-09-14 15:28 . 2009-09-14 15:28 -------- d-----w- c:\program files\CBS Software
2009-09-13 15:50 . 2009-09-13 15:50 -------- d-----w- c:\documents and settings\Home\Application Data\Ahead
2009-09-13 15:50 . 2009-09-13 15:50 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Ahead
2009-09-13 15:49 . 2009-09-13 15:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-13 15:49 . 2009-09-13 15:49 -------- d-----w- c:\program files\Nero
2009-09-13 15:30 . 2009-09-16 06:49 -------- d-----w- c:\program files\SoftLogica
2009-09-12 03:21 . 2009-09-12 03:21 -------- d-----w- c:\program files\RapidLeecher
2009-09-10 18:36 . 2009-09-10 18:36 4096 ----a-w- c:\windows\d3dx.dat
2009-09-10 18:36 . 2009-09-11 02:01 -------- d-----w- c:\program files\AirXonix
2009-09-10 12:22 . 2009-09-10 12:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-10 12:22 . 2009-09-10 12:22 -------- d-----w- c:\program files\Real
2009-09-10 02:52 . 2009-09-10 12:22 -------- d-----w- C:\RECYCLER(2)
2009-09-10 02:52 . 2009-09-10 12:22 -------- d-----w- C:\Combo-Fix(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 02:37 . 2009-06-01 02:27 -------- d-----w- c:\documents and settings\Home\Application Data\DMCache
2009-09-18 22:59 . 2009-06-01 02:27 -------- d-----w- c:\documents and settings\Home\Application Data\IDM
2009-09-18 17:37 . 2009-06-01 03:49 -------- d-----w- c:\documents and settings\Home\Application Data\uTorrent
2009-09-18 12:46 . 2009-06-01 05:47 -------- d-----w- c:\documents and settings\Home\Application Data\vlc
2009-09-16 09:50 . 2009-06-07 09:45 -------- d-----w- c:\program files\QuickTime
2009-09-16 06:49 . 2009-06-11 13:52 -------- d-----w- c:\program files\Total Video Converter
2009-09-16 06:48 . 2009-06-06 13:31 -------- d-----w- c:\program files\MAGIX
2009-09-16 06:47 . 2009-06-04 08:21 -------- d-----w- c:\program files\Macromedia
2009-09-16 06:45 . 2009-06-04 08:21 -------- d-----w- c:\program files\Common Files\Macromedia
2009-09-15 23:35 . 2009-06-01 03:49 -------- d-----w- c:\program files\uTorrent
2009-09-15 00:58 . 2009-09-15 00:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-09-15 00:58 . 2009-09-15 00:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-10 12:00 . 2009-05-30 11:09 -------- d-----w- c:\program files\Common Files\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-01 2790832]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-02 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-02 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-02 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-11 132496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-05-02 16132608]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-05-02 1245184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/31/2009 9:25 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2009 9:25 PM 20560]
R3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [6/1/2009 7:50 AM 61600]
R3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [6/1/2009 7:50 AM 9360]
R3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [6/1/2009 7:50 AM 97184]
R3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [6/1/2009 7:51 AM 88688]
R3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [6/1/2009 7:51 AM 86560]
R3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [6/1/2009 7:51 AM 90800]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/14/2009 9:37 PM 13224]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [6/1/2009 7:51 AM 18704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\eyt.exe
\Shell\open\Command - I:\eyt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f079b7fe-55c2-11de-bbfc-001cc048dba7}]
\sHELl\AUtoplay\COmmAND - L:\qkkjye.exe
\sHELl\AutoRun\command - L:\qkkjye.exe
\sHELl\EXploRe\cOMmAnd - L:\qkkjye.exe
\sHELl\opEn\command - L:\qkkjye.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f079b7ff-55c2-11de-bbfc-001cc048dba7}]
\ShElL\AUtOpLay\coMmand - M:\myjqxx.exe
\ShElL\AutoRun\command - M:\myjqxx.exe
\ShElL\ExPLoRE\COMmANd - M:\myjqxx.exe
\ShElL\oPeN\COmmAnD - M:\myjqxx.exe
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1582C801-D20D-4203-9676-9E277D35D05E} = 202.148.200.3 202.148.202.4
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\v0mn07yf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - component: c:\documents and settings\Home\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 08:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e4,04,6e,de,bf,b6,04,c5,d5,dc,d2,8f,1b,94,41,4f,91,7f,c1,ae,58,
42,6a,ee,fc,28,d6,d4,f3,e1,67,0f,50,82,8a,8f,7d,da,0e,36,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b84626c7-5f69-4ab7-b195-7f96da28219a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fd
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,ee,0a,25,58,f1,18,48,12,96,50,9b,06,24,e9,\
.
Completion time: 2009-09-19 8:08
ComboFix-quarantined-files.txt 2009-09-19 02:38
ComboFix2.txt 2009-06-13 02:44

Pre-Run: 6,120,034,304 bytes free
Post-Run: 6,093,189,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
174
 

·
Administrator
Joined
·
123,574 Posts
Now you're version of ComboFix is too old.

Please remove it by dragging it to the recycle bin and then grab the latest version and post a new log.

Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top