|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
|
| Back to top |
|
 |
Cudni
Special Response Team
Joined: Dec 10, 2002
Posts: 3618
Location: Et In Arcadia ego
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
 Posted: Sun May 04, 2008 10:19 pm Post subject: |
|
|
Ok, I have done all as described in the link ya gave me but the pop ups continue. Ad aware and AVG found some stuff but that wasn't it.
Here's my HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:27 PM, on 5/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1 TRAY] "C:\ProgramData\ToolProxyProxy.77csgcg"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c
O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPro520.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://postarca.posta.si
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC50C44C-2FED-4CE7-AAAE-F2CE0F714BBB}: NameServer = 193.189.160.23 193.189.160.13
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6080 bytes
|
|
| Back to top |
|
|
a_cup
Special Response Team
Premium Member
Joined: Mar 15, 2005
Posts: 2357
|
| Posted: Sun May 04, 2008 11:25 pm Post subject: |
|
|
Hi Abomination,
I have flagged your post to be moved to the proper forum...HJT logs can only be posted in the HJT forum and responded to by the HJT staff. The staff in the HJT forum are very busy and will be with you as soon as possible...Please be patient...
So how did I get infected in the first place?
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17155
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
| Posted: Tue May 06, 2008 10:16 pm Post subject: |
|
|
Ok how long do I have to wait before help arrives? 
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17155
|
| Posted: Wed May 07, 2008 4:08 am Post subject: |
|
|
We realize you are stuck but please be patient. Our experts are extremely swamped with requests to have logs viewed, etc. If they do not get with you immediately it only means they are helping someone else. Remember they do this free of charge, and in their spare time, so please be patient. Thanks from the CCSP team!!
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
| Posted: Thu May 08, 2008 7:02 pm Post subject: |
|
|
I understand you guys are busy. I would just like to let you know that it's getting very hard to open web pages like google,myspace and even castlecops.com. Also when I type the comp pauses for a second so its difficult to type and cuz of that some letters are missing. I'm just affraid I wont be able to come to castlecops to get help if this gets worse. I'm truely sorry I bugged again but I had to let you know. Thank you.
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17155
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17155
|
| Posted: Thu May 15, 2008 2:39 pm Post subject: |
|
|
Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).
**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
| Posted: Fri May 16, 2008 10:50 am Post subject: |
|
|
Here's my log. Also I would like to mention these errors bides the ones listed in my posts above)that keep appearing:
1.Error loading: C:\Users\Kri\Appdata\Local\Temp\mIJCUKCa.dll
The specified module could not be found.
2. Buffer overrun detected!
Program:C:\Windows\explorer.exe
A buffer overrun has been detected which has corrupted the programs internal state. The program cannot safely continue execution and must now be terminated.
3. WlloginProxy.exe has stopped working ??
My log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:27 PM, on 5/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1 TRAY] "C:\ProgramData\ToolProxyProxy.77csgcg"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c
O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPro520.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://postarca.posta.si
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC50C44C-2FED-4CE7-AAAE-F2CE0F714BBB}: NameServer = 193.189.160.23 193.189.160.13
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6080 bytes
|
|
| Back to top |
|
|
grsamf
1st Responder
Site Moderator
Joined: Oct 08, 2006
Posts: 1264
|
| Posted: Sat May 17, 2008 2:12 pm Post subject: |
|
|
Welcome to CastleCops, and thank you for your patience. Please remember we are all volunteers here and most of us have work, family and other obligations. I am grsamf, or Gerald if that’s easier, and I will be working with you to solve the problems you are having. As we go along, there are several things to keep in mind: - Reviewing a log can be time-consuming, so please be patient.
- It is important that you understand each instruction that I give you and follow it exactly. If there is something I have not explained clearly, do not guess at what the instruction means. Ask me to clarify.
- Some instructions may involve several steps and often will require closing your browser and/or rebooting. Please read through each of my posts carefully before beginning and then follow the instructions in order.
- If you are unable to complete any step, do not continue to the next step. Post any problems with completing the steps here before proceeding.
- Printing the instructions before beginning might be helpful.
Please download Combofix from one of the following links and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.com
http://sUBs.geekstogo.com/ComboFix.exe
* Double click on combo.exe & follow the prompts.
* When finished, it will produce a logfile located at C:\ComboFix.txt.
* Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
- Make sure you are connected to the Internet.
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Your next post will have the ComboFix log, MBAM log, and a new HJT log.
_________________
How to be wise in two easy steps: 1) Think of something really stupid to say. 2) Don't say it.
The better I get to know my fellow lawyers, the more I love my dog.
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
| Posted: Sat May 17, 2008 10:20 pm Post subject: |
|
|
Hi, Gerald! Thank you for the asistance. Here's my ComboFix log and new HJT log.
ComboFix 08-05-15.3 - Kris 2008-05-17 23:48:30.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1287 [GMT 2:00]
Running from: C:\Users\Kris\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-14 22:04 . 2008-05-14 22:17 <DIR> d-------- C:\Program Files\Spyware Process Detector
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\ProgramData\Ubisoft
2008-05-14 10:16 . 2008-05-14 10:16 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-05-14 10:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-14 10:15 . 2008-05-14 10:15 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-14 10:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-14 10:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-14 10:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-14 10:15 . 2008-05-14 10:15 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-05-14 10:15 . 2008-05-14 10:15 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-05-14 10:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-09 20:19 . 2008-05-09 20:19 200,920,181 --a------ C:\Windows\MEMORY.DMP
2008-05-04 22:30 . 2008-05-04 22:30 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-04 22:27 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-04 21:52 . 2008-05-04 21:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:29 . 2008-04-30 16:29 <DIR> d-------- C:\Users\Kris\AppData\Roaming\ArcSoft
2008-04-30 16:23 . 2008-04-30 16:23 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-30 16:23 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-30 16:22 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\DIFX
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Windows\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Common Files\SPC520NC
2008-04-30 16:21 . 2003-03-19 06:20 1,060,864 --a------ C:\Windows\MFC71.dll
2008-04-30 16:21 . 2007-10-01 14:38 483,328 --a------ C:\Windows\System32\drivers\SPC520.sys
2008-04-30 16:21 . 2003-02-21 13:42 348,160 --a------ C:\Windows\msvcr71.dll
2008-04-30 16:21 . 2007-09-28 16:05 307,200 --a------ C:\Windows\System32\stvspc.ax
2008-04-30 16:21 . 2007-04-06 12:42 73,728 --a------ C:\Windows\VPro520.exe
2008-04-30 16:21 . 2007-10-01 14:38 7,680 --a------ C:\Windows\System32\drivers\SPC520m.sys
2008-04-30 00:35 . 2008-05-14 08:51 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Xfire
2008-04-30 00:35 . 2008-05-14 06:41 <DIR> d-------- C:\Users\All Users\Xfire
2008-04-30 00:35 . 2008-05-14 06:41 <DIR> d-------- C:\ProgramData\Xfire
2008-04-30 00:35 . 2008-04-30 00:35 <DIR> d-------- C:\Program Files\Xfire
2008-04-28 23:43 . 2008-04-28 23:43 <DIR> d-------- C:\Program Files\4Musics WAV Bitrate Changer
2008-04-28 23:43 . 2002-07-17 15:20 84,832 --a------ C:\Windows\System32\drivers\ASPI32.SYS
2008-04-28 23:43 . 2002-07-17 15:23 45,056 --a------ C:\Windows\System32\WNASPI32.DLL
2008-04-23 00:28 . 2008-04-23 00:28 41,296 --a------ C:\Windows\System32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 20:56 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-14 08:16 22,328 ----a-w C:\Users\Kris\AppData\Roaming\PnkBstrK.sys
2008-05-14 07:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 18:08 6,334,023 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-05-11 10:08 2,322,944 ----a-w C:\Windows\Internet Logs\xDBE87A.tmp
2008-05-05 14:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-04 08:37 --------- d-----w C:\ProgramData\Lavasoft
2008-05-04 08:36 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-04 07:37 --------- d-----w C:\Program Files\Common Files\DAZ
2008-04-18 15:28 2,871,808 ----a-w C:\Windows\Internet Logs\xDBCDAA.tmp
2008-04-09 19:23 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 02:26 --------- d-----w C:\Users\Kris\AppData\Roaming\IMVU
2008-03-22 18:17 2,869,248 ----a-w C:\Windows\Internet Logs\xDBCBC6.tmp
2008-03-22 18:17 1,818,624 ----a-w C:\Windows\Internet Logs\xDBCEA4.tmp
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-25 23:59 118,784 ----a-w C:\Windows\Internet Logs\xDBC59F.tmp
2008-02-24 05:39 2,973,696 ----a-w C:\Windows\Internet Logs\xDBD2F7.tmp
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-17 11:02 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 11:00 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 11:00 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:59 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:59 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:59 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:58 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:58 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-08-30 10:13 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-11 22:03 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]
"1 TRAY"="C:\ProgramData\ToolProxyProxy.77csgcg" [2008-04-14 10:48 61456]
"spyprodetector"="C:\Program Files\Spyware Process Detector\spydetector.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-11 20:41 1006264]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 21:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 21:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 21:00 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPro520.lnk - C:\Windows\VPro520.exe [2008-04-30 16:21:07 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9281512B-641A-4B9D-AE41-E4D4DFD223BD}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0A197A8B-409A-457F-A87C-26A330CFA33C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A1A0E5EC-D107-494B-91C2-1BE078B7B1A6}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D49CCFFE-A706-4C82-8C66-D1B2B8A16052}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4E784D70-38B0-4144-B415-39C77980BA86}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C4AC0E30-D148-470D-81DF-6884A0DE8A28}"= UDP:D:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7CA38990-784F-4B0A-96A0-4408C8C21579}"= TCP:D:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9265599E-23AE-4AC6-830B-1B822391E7F9}"= UDP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{7AC41EA7-147E-4ADE-8AB2-C05FA2D888B5}"= TCP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{0638D6FC-9A4B-41C8-B8FF-A256044A7F2C}"= UDP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{6F49026F-B3E2-413F-9F0F-5F5F0C9124A5}"= TCP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 15:20]
S3 SPC520;Philips SPC520NC PC Camera;C:\Windows\system32\drivers\SPC520.sys [2007-10-01 14:38]
S3 SPC520m;Philips SPC520NC PC Cameram;C:\Windows\system32\drivers\SPC520m.sys [2007-10-01 14:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98266f07-6101-11dc-954b-0018f3093e46}]
\shell\AutoRun\command - J:\autorun.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 20:59:21 C:\Windows\Tasks\User_Feed_Synchronization-{9CDFD5C3-918A-412A-A03C-BA9EB8457E05}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 23:50:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 23:50:58
ComboFix-quarantined-files.txt 2008-05-17 21:50:42
Pre-Run: 54,604,742,656 bytes free
Post-Run: 54,506,393,600 bytes free
179 --- E O F --- 2008-04-20 09:07:24
New HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:27 PM, on 5/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1 TRAY] "C:\ProgramData\ToolProxyProxy.77csgcg"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c
O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPro520.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://postarca.posta.si
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC50C44C-2FED-4CE7-AAAE-F2CE0F714BBB}: NameServer = 193.189.160.23 193.189.160.13
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6080 bytes
|
|
| Back to top |
|
|
Abomination
Trooper
Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
|
| Posted: Sat May 17, 2008 10:49 pm Post subject: |
|
|
I think we fixed it! I did everything as you told me to do, however I was not prompted to reboot. Anyway here are all 3 logs after running a Malwarebytes Anti-Malware.
ComboFix 08-05-15.3 - Kris 2008-05-18 0:15:02.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1295 [GMT 2:00]
Running from: C:\Users\Kris\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-18 00:07 . 2008-05-18 00:07 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 00:06 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 00:06 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-14 22:04 . 2008-05-14 22:17 <DIR> d-------- C:\Program Files\Spyware Process Detector
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\ProgramData\Ubisoft
2008-05-14 10:16 . 2008-05-14 10:16 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-05-14 10:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-14 10:15 . 2008-05-14 10:15 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-14 10:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-14 10:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-14 10:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-14 10:15 . 2008-05-14 10:15 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-05-14 10:15 . 2008-05-14 10:15 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-05-14 10:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-09 20:19 . 2008-05-09 20:19 200,920,181 --a------ C:\Windows\MEMORY.DMP
2008-05-04 22:30 . 2008-05-04 22:30 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-04 22:27 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-04 21:52 . 2008-05-04 21:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:29 . 2008-04-30 16:29 <DIR> d-------- C:\Users\Kris\AppData\Roaming\ArcSoft
2008-04-30 16:23 . 2008-04-30 16:23 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-30 16:23 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-30 16:22 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\DIFX
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Windows\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Common Files\SPC520NC
2008-04-30 16:21 . 2003-03-19 06:20 1,060,864 --a------ C:\Windows\MFC71.dll
2008-04-30 16:21 . 2007-10-01 14:38 483,328 --a------ C:\Windows\System32\drivers\SPC520.sys
2008-04-30 16:21 . 2003-02-21 13:42 348,160 --a------ C:\Windows\msvcr71.dll
2008-04-30 16:21 . 2007-09-28 16:05 307,200 --a------ C:\Windows\System32\stvspc.ax
2008-04-30 16:21 . 2007-04-06 12:42 73,728 --a------ C:\Windows\VPro520.exe
2008-04-30 16:21 . 2007-10-01 14:38 7,6 | | |
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
. I don't know what was it I clicked to allow the poping up but I do know I WANT to get rid of that pest. Can someone PLEASE help me out? 
sorry. Also I forgot to mention that ever since these pop ups started my comp is acting like it's runing some unknown program or some process(which I can't locate of corpse) cuz the light at Resest button keeps constantly blinking. 
