« previous next »
Pages: [1] 2   Go Down

Author Topic: Trojan_Spy.Win32@mx HELP  (Read 4553 times)

0 Members and 1 Guest are viewing this topic.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Trojan_Spy.Win32@mx HELP
« on: August 25, 2007, 11:57:41 PM »
I have had this problem for a day. Today is the 2nd. I really need help to remove it and would be very happy if someone will help me. I read that i need to include a Hikack This log so here is mine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:47 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ESET\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\apbzrcbx.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\apbzrcbx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [kxufivkx] rundll32.exe "C:\Program Files\kxufivkx\wdevsfyf.dll",Init
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - S-1-5-21-1220945662-1770027372-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: apbzrcbx - C:\WINDOWS\SYSTEM32\apbzrcbx.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8848 bytes
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #1 on: August 26, 2007, 12:38:06 AM »
Hi, Ams.  Welcome to LandzDown Forum.

You have four antivirus software programs installed on on your computer, which can cause severe conflicts.  You have Windows OneCare Live with the firewall, ESET NOD32 as well as Avast and AVG antivirus.  Which ever subscription is paid and up to date, I suggest you keep it and uninstall the others.  If OneCare Live is not up to date and removed, you will need to get a firewall first.

I am guessing that perhaps you installed the extra A/V software due to the problems, as you have quite a bit going on.  After dealing with the extra antivirus software, please do the following:

1. Download this file - combofix.exe (Mirror location:  http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe )
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it is running as that may cause it to stall.

Post the ComboFix log and a fresh HijackThis log and we'll see where things stand then.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #2 on: August 26, 2007, 02:41:02 PM »
ComboFix 07-08-25.2 - "M i c h a e l" 2007-08-26 10:23:14.1 - NTFSx86


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MICHAE~1\STARTM~1\Programs\Outerinfo
C:\Program Files\Common Files\asembl~1
C:\Program Files\curity~1
C:\Program Files\curity~1\??curity\
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\apbzrcbx.dll
C:\WINDOWS\system32\byxvuss.dll
C:\WINDOWS\system32\iifdddb.dll
C:\WINDOWS\system32\ljjghge.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\ssqnlmk.dll
C:\WINDOWS\system32\wingsa32.dll
C:\WINDOWS\system32\wintsvtr32.exe
C:\WINDOWS\system32\wvutstt.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\xxywuvv.dll


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NTMLSVC
-------\NtmlSvc
-------\xpdx


(((((((((((((((((((((((((   Files Created from 2007-07-26 to 2007-08-26  )))))))))))))))))))))))))))))))


2007-08-26 10:13   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-08-26 10:12   262,144   --a------   C:\WINDOWS\system32\config\SYSTEM~1\NtUser.dat
2007-08-26 10:10   <DIR>   d--------   C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-08-25 19:10   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2007-08-25 19:10   <DIR>   d--------   C:\Program Files\Alwil Software
2007-08-25 19:09   <DIR>   d--------   C:\kav
2007-08-25 19:08   <DIR>   d--------   C:\Program Files\Trend Micro
2007-08-24 18:45   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-08-24 18:45   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2007-08-24 13:17   499,712   --a------   C:\WINDOWS\system32\msvcp71.dll
2007-08-24 13:09   <DIR>   d--------   C:\Program Files\Lavasoft
2007-08-24 13:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-24 13:01   81,024   --a------   C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-08-24 13:01   105,856   --a------   C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-08-24 13:00   67,784   --a------   C:\WINDOWS\system32\drivers\MpFilter.sys
2007-08-23 18:59   92,672   --a------   C:\WINDOWS\system32\drvsog.dll
2007-08-23 18:59   15,360   --a------   C:\WINDOWS\system32\drvsogr.dll
2007-08-23 18:59   <DIR>   d--------   C:\Program Files\kxufivkx
2007-08-22 17:21   206,056,412   --a------   C:\temp\AVSEQ05.DAT
2007-08-22 17:21   121,730,156   --a------   C:\temp\AVSEQ01.DAT
2007-08-22 17:21   103,535,084   --a------   C:\temp\AVSEQ02.DAT
2007-08-20 13:03   <DIR>   d--------   C:\Program Files\Common Files\Macromedia Shared
2007-08-20 12:29   <DIR>   d--------   C:\WINDOWS\system32\QuickTime
2007-08-20 12:18   <DIR>   d--------   C:\Program Files\PowerISO
2007-08-19 21:43   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\InstallShield
2007-08-19 21:29   25,600   --a------   C:\WINDOWS\system32\drivers\usbser.sys
2007-08-19 21:29   <DIR>   d--------   C:\Program Files\Avanquest update
2007-08-19 21:28   24,192   --a------   C:\DOCUME~1\MICHAE~1\usbsermptxp.sys
2007-08-19 21:28   22,768   --a------   C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-08-19 21:28   22,768   --a------   C:\DOCUME~1\MICHAE~1\usbsermpt.sys
2007-08-19 21:28   <DIR>   d--------   C:\Program Files\Motorola Phone Tools
2007-08-19 21:23   <DIR>   d--------   C:\Program Files\MagicISO
2007-08-17 12:29   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-08-15 09:27   <DIR>   d--------   C:\Program Files\ElcomSoft
2007-08-11 12:42   <DIR>   d--------   C:\Program Files\Activision
2007-08-10 21:29   <DIR>   d--------   C:\Program Files\MTV Networks
2007-08-10 14:21   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-10 14:20   36,864   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2007-08-10 14:20   <DIR>   d--------   C:\Program Files\DIFX
2007-08-10 14:20   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Atari
2007-08-10 14:14   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Leadertech
2007-08-10 14:13   197,120   --a------   C:\WINDOWS\patchw32.dll
2007-08-10 14:13   <DIR>   d--------   C:\Program Files\Common Files\PocketSoft
2007-08-10 14:11   <DIR>   d--------   C:\Program Files\Atari
2007-08-10 11:18   <DIR>   d--------   C:\Program Files\Guitar Pro 5
2007-08-10 11:08   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2007-08-08 12:46   <DIR>   d--------   C:\MP_ROOT
2007-08-08 00:21   <DIR>   d--------   C:\WINDOWS\system32\PreInstall
2007-08-07 10:41   <DIR>   d--------   C:\WINDOWS\system32\SoftwareDistribution
2007-08-07 00:40   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Apple Computer
2007-08-06 22:24   <DIR>   d--------   C:\Program Files\QuickTime
2007-08-06 22:24   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-06 20:15   33,052   --a------   C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-03 20:45   285   --a------   C:\WINDOWS\EReg072.dat
2007-08-03 20:44   63,488   --a------   C:\WINDOWS\system32\unam4ie.exe
2007-08-03 20:44   4,608   --a------   C:\WINDOWS\system32\w95inf32.dll
2007-08-03 20:44   38,160   --a------   C:\WINDOWS\system32\LMRTREND.dll
2007-08-03 20:44   2,272   --a------   C:\WINDOWS\system32\w95inf16.dll
2007-08-03 20:44   194,320   --a------   C:\WINDOWS\system32\qcut.dll
2007-08-03 20:44   182,032   --a------   C:\WINDOWS\system32\dxtmsft3.dll
2007-08-03 20:44   10,240   --a------   C:\WINDOWS\system32\vidx16.dll
2007-08-03 20:44   <DIR>   d--------   C:\Sshock2
2007-08-03 20:04   <DIR>   d--------   C:\WINDOWS\NV21202124.TMP
2007-08-02 19:12   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\fltk.org
2007-08-02 17:34   86,016   --a------   C:\WINDOWS\unvise32.exe
2007-08-02 17:34   <DIR>   d--------   C:\Program Files\Parallel Port Joystick
2007-08-02 15:38   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\GetRightToGo
2007-08-02 14:04   <DIR>   d--------   C:\Program Files\Common Files\Motorola Shared
2007-08-02 14:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-08-02 10:42   36,864   --a------   C:\WINDOWS\system32\wbsys.dll
2007-08-02 10:42   <DIR>   d--------   C:\Program Files\Common Files\Stardock
2007-08-02 10:42   <DIR>   d--------   C:\Program Files\AlienGUIse
2007-07-30 20:40   <DIR>   d--------   C:\WINDOWS\NV17483060.TMP
2007-07-30 20:14   43,528   ---------   C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-30 20:14   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-07-30 20:14   120,056   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-07-30 20:14   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-07-30 20:14   <DIR>   d--------   C:\Program Files\DivX
2007-07-30 20:14   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\DivX
2007-07-28 21:12   <DIR>   d--------   C:\WINDOWS\NV25722568.TMP
2007-07-28 21:02   <DIR>   d--------   C:\WINDOWS\NV36282556.TMP
2007-07-28 20:40   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-28 20:40   <DIR>   d--------   C:\Fraps
2007-07-28 20:31   87,608   --a------   C:\DOCUME~1\MICHAE~1\APPLIC~1\inst.exe
2007-07-28 20:31   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-28 20:31   47,360   --a------   C:\DOCUME~1\MICHAE~1\APPLIC~1\pcouffin.sys
2007-07-28 20:31   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2007-07-28 20:31   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2007-07-28 20:31   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2007-07-28 20:31   <DIR>   d--------   C:\Program Files\VSO
2007-07-28 20:31   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Vso
2007-07-28 17:13   <DIR>   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Google
2007-07-28 17:12   <DIR>   d--------   C:\Program Files\Google
2007-07-28 15:57   <DIR>   d--------   C:\Program Files\Dolphin
2007-07-28 15:56   <DIR>   d--------   C:\Program Files\DVD Decrypter
2007-07-26 19:06   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06   144,704   --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 10:30   ---------   d--------   C:\Program Files\Steam
2007-08-26 10:30   ---------   d--------   C:\Program Files\Microsoft Windows OneCare Live
2007-08-26 10:13   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 19:46   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\uTorrent
2007-08-24 19:46   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\uTorrent
2007-08-24 17:07   ---------   d--------   C:\Program Files\DAEMON Tools
2007-08-24 13:09   ---------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-08-22 19:39   ---------   d--------   C:\Program Files\MediaMonkey
2007-08-22 10:23   ---------   d--------   C:\Program Files\LimeWire
2007-08-21 22:34   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\LimeWire
2007-08-21 22:34   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\LimeWire
2007-08-21 14:09   ---------   d--------   C:\Program Files\Acoustica Shared Effects
2007-08-21 14:09   ---------   d--------   C:\Program Files\Acoustica Mixcraft
2007-08-20 13:12   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-08-13 19:02   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-13 19:02   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-08-11 21:49   11973   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-10 21:01   ---------   d--------   C:\Program Files\Windows Media Connect 2
2007-08-09 15:53   ---------   d--------   C:\Program Files\Project64 1.6
2007-08-09 01:08   ---------   d--------   C:\Program Files\Messenger
2007-08-02 13:02   ---------   d--------   C:\Program Files\FlashGet
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-25 12:56   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Ahead
2007-07-25 12:56   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\Ahead
2007-07-24 10:11   ---------   d--------   C:\Program Files\Half-Life 2
2007-07-22 15:12   ---------   d--------   C:\Program Files\iolo
2007-07-22 15:08   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-07-22 14:44   ---------   d--------   C:\Program Files\Logitech
2007-07-22 13:27   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\fretsonfire
2007-07-22 13:27   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\fretsonfire
2007-07-21 10:53   ---------   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2007-07-21 10:53   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-07-21 10:28   ---------   d--------   C:\Program Files\KXploit Tool
2007-07-20 22:59   ---------   d--------   C:\Program Files\Common Files\Authentium
2007-07-20 22:58   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\iolo
2007-07-20 22:58   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\iolo
2007-07-19 22:06   ---------   d--------   C:\Program Files\Microsoft.NET
2007-07-19 22:06   ---------   d--------   C:\Program Files\Common Files\L&H
2007-07-19 22:05   ---------   d--------   C:\Program Files\Microsoft Works
2007-07-19 22:05   ---------   d--------   C:\Program Files\Microsoft ActiveSync
2007-07-19 21:54   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\WinRAR
2007-07-19 21:54   ---------   d--------   C:\DOCUME~1\MICHAE~1\APPLIC~1\WinRAR
2007-07-19 21:10   ---------   d--------   C:\Program Files\PQDVD
2007-07-19 20:13   682232   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-07-19 19:55   ---------   d--------   C:\Program Files\EA GAMES
2007-07-19 17:25   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-19 10:40   ---------   d--------   C:\Program Files\uTorrent
2007-07-19 10:14   ---------   d--------   C:\Program Files\MSN Messenger
2007-07-17 08:44   ---------   d--------   C:\Program Files\CyberLink
2007-07-17 08:43   ---------   d--------   C:\Program Files\Common Files\InstallShield
2007-07-17 08:14   ---------   d--------   C:\Program Files\MSXML 4.0
2007-07-17 08:14   ---------   d--------   C:\Program Files\GameSpy Arcade
2007-07-17 08:12   ---------   d--------   C:\Program Files\Microsoft Games
2007-07-17 08:10   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-07-17 07:27   ---------   d--------   C:\Program Files\Common Files\LightScribe
2007-07-17 07:27   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-07-17 07:24   ---------   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-07-17 07:22   ---------   d--------   C:\Program Files\Nero
2007-07-17 07:22   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-17 07:13   ---------   d--------   C:\Program Files\Analog Devices
2007-07-17 07:07   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-17 07:06   ---------   d--------   C:\Program Files\802.11 Wireless LAN
2007-07-17 06:46   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-17 06:46   ---------   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-17 06:35   0   -rahs----   C:\MSDOS.SYS
2007-07-17 06:35   0   -rahs----   C:\IO.SYS
2007-07-17 06:35   0   --a------   C:\CONFIG.SYS
2007-07-17 06:35   0   --a------   C:\AUTOEXEC.BAT
2007-07-17 06:35   ---------   d--------   C:\Program Files\microsoft frontpage
2007-07-17 06:33   ---------   d--h-----   C:\Program Files\WindowsUpdate
2007-07-17 06:33   ---------   d--------   C:\Program Files\Online Services
2007-07-17 06:33   ---------   d--------   C:\Program Files\MSN Gaming Zone
2007-07-17 06:33   ---------   d--------   C:\Program Files\Common Files\MSSoap
2007-07-16 23:28   ---------   d--------   C:\Program Files\Common Files\SpeechEngines
2007-07-16 23:28   ---------   d--------   C:\Program Files\Common Files\ODBC
2007-07-16 18:09   3316   --a------   C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-16 18:08   8972   --a------   C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-16 18:07   ---------   d--------   C:\Program Files\Movie Maker
2007-07-16 18:06   ---------   d--------   C:\Program Files\Windows NT
2007-06-29 00:43   8466432   --a------   C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43   81920   --a------   C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43   81920   --a------   C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43   753664   --a------   C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43   6807328   --a------   C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43   6729728   --a------   C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43   6234112   --a------   C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43   5690624   --a------   C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43   5455872   --a------   C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43   466944   --a------   C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43   458752   --a------   C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43   45056   --a------   C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43   442368   --a------   C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43   425984   --a------   C:\WINDOWS\system32\keystone.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 18:40]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 22:07]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 20:05]
"kxufivkx"="C:\Program Files\kxufivkx\wdevsfyf.dll" [2007-08-23 18:59]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-02 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 21:05]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-07-23 20:17]

C:\DOCUME~1\MICHAE~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e22515c7-3414-11dc-9a65-806d6172696f}]
AutoRun\command- D:\AUTORUN.EXE


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 10:29:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 10:31:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 10:31

   --- E O F ---


And now here is my hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:47 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ESET\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\apbzrcbx.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\apbzrcbx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [kxufivkx] rundll32.exe "C:\Program Files\kxufivkx\wdevsfyf.dll",Init
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - S-1-5-21-1220945662-1770027372-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: apbzrcbx - C:\WINDOWS\SYSTEM32\apbzrcbx.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8848 bytes
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #3 on: August 26, 2007, 03:30:54 PM »
Hi, Ams.  We need to see a new HijackThis log.  The log you posted is the same as the one prior to running ComboFix. 

Thanks.

Quote
I have had this problem for a day. Today is the 2nd. I really need help to remove it and would be very happy if someone will help me. I read that i need to include a Hikack This log so here is mine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:47 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal



Quote
And now here is my hijack this file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:47 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #4 on: August 26, 2007, 03:45:04 PM »
woops sorry

well here is the recent one.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:09 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [kxufivkx] rundll32.exe "C:\Program Files\kxufivkx\wdevsfyf.dll",Init
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-1220945662-1770027372-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7571 bytes
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #5 on: August 26, 2007, 04:34:53 PM »
That's a major improvement but certainly not completed yet.  I see you have now installed Kaspersky Antivirus software as well as SUPERAntiSpyware, neither of which were on your computer yesterday.  Have you done a full system scan with either of those software programs?  If so, please post the logs. 

Note that although the service is no longer running for NOD32, the software is still on your computer.  You also have Windows OneCare Live antivirus and firewall so why did you install Kaspersky Anti-Virus?

If you wish me to continue helping, I need you to wait for my instructions so I am not "spinning my wheels".

Please advise what you have done and provide any logs. If you have scanned and removed anything with Kaspersky and/or SUPERAntiSpyware since posting your last HijackThis log, please provide another fresh HJT log.

Thank you.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #6 on: August 26, 2007, 05:17:05 PM »
i would still like your help to guarantee all my problems are gone. i will post fresh logs of everyuthing as soon as they are all done. Thank you for all your help so far.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #7 on: August 26, 2007, 05:25:47 PM »
Ok, I'll be around.  Please do not install anything else on your computer.  I need to see where things stand when reviewing your logs because the last log posted showed there is a worm still on that computer that could allow remote access. 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #8 on: August 26, 2007, 06:48:06 PM »
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2007 at 02:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type       : Complete Scan
Total Scan Time : 03:09:28

Memory items scanned      : 435
Memory threats detected   : 0
Registry items scanned    : 6025
Registry threats detected : 0
File items scanned        : 216395
File threats detected     : 23

Adware.Tracking Cookie
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@cgi-bin[3].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@windowsmedia[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@ad.zanox[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@adcentriconline[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@msnportal.112.2o7[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@2o7[2].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@xiti[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@gametracker[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@atdmt[1].txt
   C:\Documents and Settings\M i c h a e l\Cookies\m i c h a e l@atwola[1].txt

Unclassified.Unknown Origin
   C:\DOCUMENTS AND SETTINGS\M I C H A E L\MY DOCUMENTS\DOWNLOADS\ROLLER COASTER TYCOON 3 INCL SOAKED! & WILD!, KEYGEN, &D NOCD PATCH\KEYGEN\KEYGEN.NFO

Trojan.Unknown Origin
   C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINTSVTR32.EXE.VIR
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057914.EXE

Trojan.Downloader-Gen/HitItQuitIt
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP103\A0050055.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP103\A0050722.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP104\A0050757.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP104\A0051424.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057916.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057917.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057918.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057919.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057920.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BBEA76F7-0DA6-4AA0-ABE8-50C07DB69426}\RP112\A0057921.DLL


and here is an updated hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:19 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1220945662-1770027372-839522115-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-1220945662-1770027372-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7780 bytes
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #9 on: August 26, 2007, 08:11:32 PM »
It looks as though SUPERAntiSpyware did quite a cleanup.  I'll be away from my keyboard for a while and will analyze your new HijackThis log later.  In the meantime, which antivirus software are you keeping?  Only one, remember?  Either Kaspersky or Windows OneCare Live has to go and, don't forget, OneCare includes a firewall!

By the way, how is your computer now? 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #10 on: August 26, 2007, 08:48:25 PM »
I am going to stick with windows live care because my mom bought it. I havent plugged in my internet card in my computer yet but without internet it is running well. Thank you for all your help.
Logged

Offline Ams

  • Newbie
  • *
  • Posts: 17
Re: Trojan_Spy.Win32@mx HELP
« Reply #11 on: August 26, 2007, 11:29:49 PM »
well now i put my internet card in and now my computer seems 2 be running very slow. what should my next step be?
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan_Spy.Win32@mx HELP
« Reply #12 on: August 27, 2007, 12:13:32 AM »
Well, Ams, you barely scraped through that one without toasting that machine.  The next time you want to try a new game, pay for it instead of downloading a crac.  You're lucky it didn't contain a rootkit.  You most likely would have had to wipe the machine in that case.

Unclassified.Unknown Origin
   C:\DOCUMENTS AND SETTINGS\M I C H A E L\MY DOCUMENTS\DOWNLOADS\ROLLER COASTER TYCOON 3 INCL SOAKED! & WILD!, KEYGEN, &D NOCD PATCH\KEYGEN\KEYGEN.NFO

You are still running IE6.  How long has it been since that machine was updated?  IE7 was released almost a year ago.  I suggest you go to http://windowsupdate.microsoft.com/ .  In addition, To check if your system is missing other security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications
Edit:  I was about to post a reply and saw your comment about the computer running slow.  Have you uninstalled Kaspersky?   

Please download CCleaner - Slim from http://www.ccleaner.com/download/builds.aspx  . 
Instructions for using CCleaner:
  • Close all open programs, including Internet Explorer, Fire Fox and any instances of Windows Explorer.
  • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • To protect logon cookies that you wish to retain, under Options > Cookies.  Select and using the arrow move those cookies to the "Cookies to keep" column.
  • Then select the following items
    • In the Windows Tab:
      • Clean all entries in the "Internet Explorer" section.
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section except Windows Log Files.
    • In the Applications Tab:
      • Clean all in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Please UNcheck "Utilities" (i.e., Ad-Aware, and other security program logs.)
    • Click the "Run Cleaner" button and it will scan and clean your system.
    • Click exit. 
    • Shutdown/restart the computer.

    Please post a startuplist:
    • Launch HijackThis and press the Config Button
    • Click Misc Tools
    • Check both boxes next to the Generate StartupList log
    • Click the generate startuplist log button.
    • Paste the contents into your next reply along with a fresh HijackThis log
    Since I'll be at work, it most likely will be tomorrow evening before I can look at the log.
    Logged
    ,  

    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

    Offline Ams

    • Newbie
    • *
    • Posts: 17
    Re: Trojan_Spy.Win32@mx HELP
    « Reply #13 on: August 27, 2007, 12:23:59 AM »
    Thank you i will supply you with the logs 2morrow. Thank you for all your help i really appreciate it. The reason i havent updated ie is because i sue mozilla firefox.
    Logged

    Offline Corrine

    • The Mystical Rose
    • Administrator
    • Hero Member
    • *****
    • Posts: 11530
    • "Stronger than the past, united in our goal."
      • Security Garden
    Re: Trojan_Spy.Win32@mx HELP
    « Reply #14 on: August 27, 2007, 12:44:40 AM »
    Sorry, no excuse.  :)   I use Mozilla Firefox also, but you can be absolutely certain that I updated to IE7 as soon as I could.  Have you blocked the install?  What about other Microsoft updates? 
    Logged
    ,  

    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.
    Pages: [1] 2   Go Up
    « previous next »