I have a virus...HELP!!! here is my HiJackThis & ComboFix log.

O

ogom

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:49 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Security Service (KLMA) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5800 bytes
 
ComboFix 08-01-30.1 - user 2008-02-02 14:21:03.1 - NTFSx86
Running from: I:\virus\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 36 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lswmv.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\Documents and Settings\user\Application Data\FNTS~1
C:\Documents and Settings\user\My Documents\CURITY~1
C:\lswmv.ini
C:\Program Files\Common Files\{0CA71~1
C:\Program Files\Common Files\{3CA71~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\crosof~1
C:\Program Files\icroso~1.net
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Program Files\wintouch\WinTouch.exe
C:\Program Files\wintouch\WTUninstaller.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\bundles
C:\WINDOWS\bundles\adv0ltc0m.exe
C:\WINDOWS\bundles\ast_5_adsav.exe
C:\WINDOWS\bundles\Beryllium.exe
C:\WINDOWS\bundles\bs5-tsrkqn.exe
C:\WINDOWS\bundles\Century.exe
C:\WINDOWS\bundles\CSV7P070.exe
C:\WINDOWS\bundles\cxt_big.exe
C:\WINDOWS\bundles\Decade.exe
C:\WINDOWS\bundles\desktrf-162813.exe
C:\WINDOWS\bundles\icmedia2_56.exe
C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
C:\WINDOWS\bundles\InvestorIntelligenceInstallWeb.exe
C:\WINDOWS\bundles\optimizejames.exe
C:\WINDOWS\bundles\runsearch.exe
C:\WINDOWS\bundles\setup_silent_26221.exe
C:\WINDOWS\bundles\snackman.exe
C:\WINDOWS\bundles\stlb2_seed.exe
C:\WINDOWS\bundles\TrafficSpec8.exe
C:\WINDOWS\bundles\vl_ezstub.exe
C:\WINDOWS\bundles\winversion.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\update32.exe
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\wintit.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wscmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 14:32 . 2008-02-02 14:32 <DIR> d--hs---- C:\found.000
2008-02-02 14:16 . 2008-02-02 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 01:49 . 2008-01-28 01:49 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp
2008-01-28 01:41 . 2008-01-28 01:41 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp
2008-01-28 01:40 . 2008-01-28 01:40 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-01-27 22:58 . 2008-01-27 23:45 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-01-27 22:29 . 2008-01-27 23:46 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-01-27 22:29 . 2008-01-27 23:45 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-01-27 22:28 . 2008-01-27 23:28 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-01-27 22:27 . 2008-01-28 01:03 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-01-27 22:26 . 2008-01-27 22:26 <DIR> d-------- C:\WINDOWS\system32\svcd
2008-01-27 22:26 . 2008-01-27 22:26 87,552 --a------ C:\WINDOWS\system32\TmpX.exe
2008-01-27 22:26 . 2008-01-27 22:28 114 --a------ C:\WINDOWS\system32\url3
2008-01-27 22:26 . 2008-01-27 22:28 102 --a------ C:\WINDOWS\system32\url2
2008-01-27 22:26 . 2008-01-27 22:28 102 --a------ C:\WINDOWS\system32\url1
2008-01-27 22:26 . 2008-01-27 22:28 8 --a------ C:\WINDOWS\system32\CID
2008-01-27 22:26 . 2008-01-28 01:41 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-26 19:58 . 2008-01-26 19:58 <DIR> d-------- C:\Documents and Settings\user\Application Data\DisplayTune
2008-01-26 19:45 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2008-01-26 19:45 . 2007-06-12 11:27 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Portrait Displays
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2008-01-04 23:04 . 2008-01-27 22:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 23:04 . 2008-01-04 23:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 23:35 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-01-28 05:43 --------- d-----w C:\Program Files\Holdem Indicator
2008-01-27 05:04 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-27 00:58 --------- d-----w C:\Program Files\Sportsbook Poker
2008-01-27 00:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 19:31 --------- d-----w C:\Program Files\MySpace
2008-01-01 19:05 --------- d-----w C:\Documents and Settings\user\Application Data\MySpace
2007-12-28 02:59 --------- d-----w C:\Program Files\PokerStars
2004-10-05 01:45 56 --sh--r C:\WINDOWS\system32\56F9480A24.sys
2004-10-05 01:45 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 18:38 1957888]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-05-25 15:07 1463296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16 5058560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 02:36 36975]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 12:38 286720]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-13 19:28 104080]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 16:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 18:49 125632]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 17:56 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 22:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^yhyyii.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yhyyii.exe
backup=C:\WINDOWS\pss\yhyyii.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
C:\Program Files\Admilli Service\AdmilliServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajflid]
c:\windows\system32\ajflid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCPC]
c:\Program Files\Bcpc\bcpc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Breg]
c:\Program Files\Common Files\Java\bcre.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\elitelvj32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
C:\WINDOWS\conscorr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DI2]
C:\DOCUME~1\user\LOCALS~1\Temp\27.exe\27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etbrun]
c:\windows\system32\elitenfz32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeCPY]
c:\Program Files\Common Files\Java\fecpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gunnwziftxfj]
C:\WINDOWS\system32\ajflid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krvndu]
C:\WINDOWS\system32\ajflid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\system32\msedpb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Narrator]
C:\WINDOWS\system32\ywyycc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psrQ36P]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpcjmnev]
C:\WINDOWS\qpcjmnev.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\system32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
c:\windows\system32\saie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SESync]
C:\Program Files\SED\SED.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sys29]
c:\windows\system32\winvba32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB controller]
C:\DOCUME~1\user\LOCALS~1\Temp\svcmm32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
C:\Program Files\VBouncer\BundleOuter.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vvlvlk]
C:\Program Files\Quzwea\Wkmh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdgh]
C:\WINDOWS\system32\oknhbyx\wdgh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xrxdzdtteadit]
C:\WINDOWS\system32\ajflid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YB04RWj3g]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zveqfvcitwqg]
C:\WINDOWS\system32\ajflid.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\283e7cfb-b9df-430c-80af-43277c872602]
C:\WINDOWS\system32\phppaa.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 06:09:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 14:37:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
.
**************************************************************************
.
Completion time: 2008-02-02 14:44:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 19:44:35
.
2008-01-11 00:27:45 --- E O F ---
 
my computer detected Spyware.IEMonster.b and Adware Zlob.PornAdvertiser.ba and suddenly porn shortcuts start popping up on my desktop, any ideas how to get rid of these?
 
Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site.

Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum in your next reply.

Once done, please do the following:

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\wscmp.dll.tmp
C:\WINDOWS\system32\sex2.ico.tmp
C:\WINDOWS\system32\sex1.ico.tmp
C:\WINDOWS\system32\sex3.ico
C:\WINDOWS\system32\sex5.ico
C:\WINDOWS\system32\sex4.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\TmpX.exe
C:\WINDOWS\system32\url3
C:\WINDOWS\system32\url2
C:\WINDOWS\system32\url1
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\SvcNm

Folder::
C:\WINDOWS\system32\svcd
c:\Program Files\Bcpc
C:\Program Files\AutoUpdate
C:\Program Files\BullsEye Network
C:\Program Files\Internet Optimizer
C:\Program Files\SED
C:\Program Files\VBouncer
C:\Program Files\Quzwea
C:\WINDOWS\system32\oknhbyx

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^yhyyii.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajflid]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCPC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Breg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DI2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etbrun]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeCPY]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gunnwziftxfj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krvndu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Narrator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psrQ36P]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpcjmnev]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SESync]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sys29]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB controller]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vvlvlk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xrxdzdtteadit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YB04RWj3g]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zveqfvcitwqg]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\283e7cfb-b9df-430c-80af-43277c872602]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
[/list]

Please post
  • The SDFix report
  • The ComboFix log
  • A new HijackThis log
 
i cant drag and drop the icons on my desktop. it wont let me pick anything up and move them.



also my start menu and bottom bar isn't there anymore. it seems to be below the window and when i try and pull it and and expand it nothing happens. it wont come up.:confused:
 
ogom said:
i cant drag and drop the icons on my desktop. it wont let me pick anything up and move them.



also my start menu and bottom bar isn't there anymore. it seems to be below the window and when i try and pull it and and expand it nothing happens. it wont come up.:confused:
Click to expand...
Did you run SDfix? If so, post the log..if not, please run it.
 
SDFix: Version 1.133

Run by user on Sat 02/02/2008 at 04:40 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\svcd\svchost.exe - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\TmpX.exe - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
C:\WINDOWS\system32\wscmp.dll.tmp - Deleted



Folder C:\WINDOWS\system32\svcd - Removed


Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 17:07:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,3b,78,35,5f,5f,48,30,b4,06,08,d6,14,31,91,bd,19,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf42]
"khjeh"=hex:20,02,00,00,66,66,35,5f,00,d6,8c,6c,a3,05,fe,e8,9a,7d,b3,57,65,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf43]
"khjeh"=hex:20,02,00,00,80,64,35,5f,3e,23,a0,db,c9,8a,81,ef,78,26,43,6d,bb,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"DisplayName"="DAEMON Tools"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 4 Oct 2004 56 ..SHR --- "C:\WINDOWS\system32\56F9480A24.sys"
Mon 4 Oct 2004 11,270 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 9 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 9 Jan 2005 4,348 ...H. --- "C:\Documents and Settings\user\My Documents\My Music\License Backup\drmv1key.bak"
Wed 31 May 2006 20 A..H. --- "C:\Documents and Settings\user\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 9 Jan 2005 400 A.SH. --- "C:\Documents and Settings\user\My Documents\My Music\License Backup\drmv2key.bak"

Finished!
 
still though the icons on my desktop are like frozen. i can't move them around or drag at all.


plus i can't pull up the start menu and the long taskbar at the bottom. its like they are lower than the screen, but even when i pull the side up from the bottomw it doesn't respond and move at all.

what is causing this do your think? i did just install a new HP monitor to this computer, which is a Dell. could that be causing a problem with these things?

thanks for all the help!
 
Try this:

Please run Notepad and copy the contents of the codebox below into a new Notepad document. Please do not include the word Code:
Code: 
regsvr32 /s Comctl32.dll
regsvr32 /s Shlwapi.dll
regsvr32 /s User32.dll
regsvr32 /s User.dll
regsvr32 /s Olepro32.dll
regsvr32 /s Ole2.dll
regsvr32 /s Ole2conv.dll
regsvr32 /s Ole2disp.dll
regsvr32 /s Ole2nls.dll
regsvr32 /s Ole32.dll
regsvr32 /s Olecli32.dll
regsvr32 /s Olecnv32.dll
regsvr32 /s Olesvr.dll
regsvr32 /s Olesvr32.dll
regsvr32 /s Olethk32.dll
regsvr32 /s Oleacc.dll
regsvr32 /s Setupwbv.dll
regsvr32 /s Softpub.dll
regsvr32 /s Wininet.dll
regsvr32 /s Wintrust.dll
regsvr32 /s shell32.dll
Save the file to your Desktop as fix.bat and make sure the Save as type field says All files. Double click on fix.bat. See if that fixes your drag and drop problem. If it does, please run the CFScript fix as in my previous post.
 
that didn't do anything.

the command prompt ran with all those commands, but when it finished i still couldn't move anything. so i then restart the computer and tried again and still nothing.
 
OK, let's clean some of the remaining infected files, and then work more on these problems.

Please run Notepad and paste the contents of the codebox into a new file. Please do not include the word Code:
Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^yhyyii.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajflid]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCPC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Breg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DI2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etbrun]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeCPY]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gunnwziftxfj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krvndu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Narrator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psrQ36P]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpcjmnev]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saie]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SESync]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sys29]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB controller]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vvlvlk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xrxdzdtteadit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YB04RWj3g]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zveqfvcitwqg]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\283e7cfb-b9df-430c-80af-43277c872602]
[HKEY_CURRENT_USER\Control Panel\Desktop]
"DragHeight"="4"
"DragWidth"="4"

Save the file to the desktop as fix.reg and make sure the Save as Type field says All Files. Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Please reboot your PC.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\WINDOWS\system32\sex2.ico.tmp
C:\WINDOWS\system32\sex1.ico.tmp
C:\WINDOWS\system32\sex3.ico
C:\WINDOWS\system32\sex5.ico
C:\WINDOWS\system32\sex4.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex1.ico
c:\Program Files\Bcpc
C:\Program Files\AutoUpdate
C:\Program Files\BullsEye Network
C:\Program Files\Internet Optimizer
C:\Program Files\SED
C:\Program Files\VBouncer
C:\Program Files\Quzwea
C:\WINDOWS\system32\oknhbyx
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to be Moved window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please run ComboFix again and post the log it generates, along with a new HijackThis log.

Please post
  • The OTMoveIt2 report
  • The ComboFix log
  • A new HijackThis log
 
File/Folder not found.
C:\WINDOWS\system32\sex2.ico.tmp moved successfully.
C:\WINDOWS\system32\sex1.ico.tmp moved successfully.
C:\WINDOWS\system32\sex3.ico moved successfully.
C:\WINDOWS\system32\sex5.ico moved successfully.
C:\WINDOWS\system32\sex4.ico moved successfully.
C:\WINDOWS\system32\sex2.ico moved successfully.
C:\WINDOWS\system32\sex1.ico moved successfully.
File/Folder c:\Program Files\Bcpc not found.
File/Folder C:\Program Files\AutoUpdate not found.
File/Folder C:\Program Files\BullsEye Network not found.
File/Folder C:\Program Files\Internet Optimizer not found.
File/Folder C:\Program Files\SED not found.
File/Folder C:\Program Files\VBouncer not found.
File/Folder C:\Program Files\Quzwea not found.
C:\WINDOWS\system32\oknhbyx moved successfully.

OTMoveIt2 v1.0.18 log created on 02062008_231744
 
ComboFix 08-01-30.1 - user 2008-02-06 23:20:10.2 - NTFSx86
Running from: I:\virus\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-02 17:36 . 2008-02-02 17:36 <DIR> d-------- C:\Documents and Settings\user\DoctorWeb
2008-02-02 16:33 . 2008-02-02 16:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-02 14:32 . 2008-02-02 14:32 <DIR> d--hs---- C:\found.000
2008-02-02 14:16 . 2008-02-02 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 19:58 . 2008-01-26 19:58 <DIR> d-------- C:\Documents and Settings\user\Application Data\DisplayTune
2008-01-26 19:45 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2008-01-26 19:45 . 2007-06-12 11:27 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Portrait Displays
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 23:35 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-01-28 05:43 --------- d-----w C:\Program Files\Holdem Indicator
2008-01-27 05:04 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-27 00:58 --------- d-----w C:\Program Files\Sportsbook Poker
2008-01-27 00:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 19:31 --------- d-----w C:\Program Files\MySpace
2008-01-01 19:05 --------- d-----w C:\Documents and Settings\user\Application Data\MySpace
2007-12-28 02:59 --------- d-----w C:\Program Files\PokerStars
2004-10-05 01:45 56 --sh--r C:\WINDOWS\system32\56F9480A24.sys
2004-10-05 01:45 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 18:38 1957888]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-05-25 15:07 1463296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16 5058560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 02:36 36975]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 12:38 286720]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-13 19:28 104080]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 16:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 18:49 125632]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 17:56 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 22:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
C:\Program Files\Admilli Service\AdmilliServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 06:09:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 23:24:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 23:25:28
ComboFix-quarantined-files.txt 2008-02-07 04:24:52
ComboFix2.txt 2008-02-02 19:44:38
.
2008-01-11 00:27:45 --- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:49 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-484763869-1547161642-1801674531-1004\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User '?')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Security Service (KLMA) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5423 bytes
 
Great, that's gotten rid of just about everything. One more entry to remove:

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entry:
  • O23 - Service: Security Service (KLMA) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
Please close all open windows except for HijackThis and choose Fix checked

Please click on Start -> Run. Type the following command and click OK:
sc delete KLMA

Please reboot and post a new HijackThis log.

Can you give me a little more information about your problems - are you able to drag and drop files in locations other than the Desktop? What happens when you try to move an icon - does the icon move with the mouse, and just not stay in it's new position? Does the icon not move with the mouse at all? Do you receive an error message?

With regards to the taskbar, it is possible that the height setting on the monitor is too large, resulting in the taskbar being below the bottom of the screen. You can try adjusting that setting on the monitor's menu. You will not be able to move the taskbar unless you unlock it first - to do so, right click on the taskbar and untick Lock the taskbar. See if you are able to move it after doing that.
 
ok well i did this much...

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entry:

* O23 - Service: Security Service (KLMA) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

Please close all open windows except for HijackThis and choose Fix checked


but i can't see the start menu to get to run to delete KLMA.


as far as that goes, the toolbar isn't locked. i see a very small bar at the bottom that allows me to grab it but will not let it expand. looks to be a very thin bar, like the top of the taskbar that is suppose to be down there, only i cant see any more of it. not sure which monitor setting i would mess with to see if that is the problem, but i would think i could still expand the bar even if monitor setting were off. what monitor settings would you suggest i try to mess with to see if that will fix it?

with the icons on the desktop, i am having the same problem in other folders too when i try to move things. i put my mouse on the file and it gets focus, but when i try to drag it nothing happens - no error msg it just stays put and wont budge.
 
OK, give this a shot:

Press the Windows Key + R on your keyboard. This will bring up the Run dialog box, the same as if you'd clicked Start -> Run. Type the following command and click OK
sfc /scannow

This will check for any system file corruption. You will be prompted to insert your Windows CD as part of this process, please do so.
 
You must log in or register to reply here.
Back
Top