Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
I can't see my desktop
bulldozer246:
Everything worked fine, my desktop now doesn't disappear. Here's the log:
ComboFix 07-12-15.5 - Vince s 2007-12-15 14:14:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2600 [GMT -6:00]
Running from: C:\Documents and Settings\Vince s\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\qomklli.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Temp\23404822.exe
C:\WINDOWS\Temp\27526935.exe
C:\WINDOWS\Temp\58461183.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_LDRSVC
-------\LEGACY_SYMAVC32
-------\ldrsvc
-------\symavc32
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.
2007-12-15 13:20 . 2007-12-15 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-14 21:35 . 2007-12-14 21:35 2 --a------ C:\2014302581
2007-12-14 21:34 . 2007-12-14 21:34 142,336 --a------ C:\skaglnck.exe
2007-12-14 21:34 . 2007-12-14 21:34 57,856 --a------ C:\fjls.exe
2007-12-09 18:56 . 2007-12-09 19:01 <DIR> d-------- C:\Program Files\Brunswick Bowling
2007-12-09 18:56 . 1998-01-27 11:31 127,488 --a------ C:\WINDOWS\system32\dsetup.dll
2007-12-09 18:56 . 1997-07-14 17:00 63,056 --a------ C:\WINDOWS\system32\dsetup16.dll
2007-12-09 18:56 . 1998-01-27 11:29 41,984 --a------ C:\WINDOWS\system32\dsetup32.dll
2007-12-09 10:20 . 2007-12-11 21:08 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 10:20 . 2007-12-11 21:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 10:20 . 2007-12-11 21:08 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 10:20 . 2007-12-11 21:08 22,328 --a------ C:\Documents and Settings\Vince s\Application Data\PnkBstrK.sys
2007-12-04 17:33 . 2007-12-04 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-02 12:21 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-02 12:21 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-02 12:21 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-02 12:21 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-02 12:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-01 13:51 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\ajxuxds3.sys
2007-12-01 13:09 . 2007-12-01 13:09 <DIR> d-------- C:\Program Files\Microsoft Reader
2007-12-01 13:09 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2007-11-27 17:33 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\awr7r3ra.sys
2007-11-27 17:27 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-27 17:27 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-27 17:27 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-27 17:27 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-27 17:27 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 21:31 . 2007-11-26 21:31 <DIR> d-------- C:\Program Files\Google
2007-11-26 18:26 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\ai1s0opq.sys
2007-11-24 21:51 . 2007-11-24 21:51 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2007-11-24 21:51 . 2007-11-24 21:51 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-24 21:51 . 2007-11-24 21:54 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-24 21:47 . 2007-11-24 21:49 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-11-24 21:47 . 2007-11-24 21:47 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-11-24 21:47 . 2007-11-24 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-24 20:11 . 2007-11-24 20:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-11-24 18:56 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\atzcw845.sys
2007-11-23 19:34 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\at4yjvb3.sys
2007-11-22 15:11 . 2007-11-22 15:11 <DIR> d-------- C:\Program Files\GKC
2007-11-22 15:07 . 2007-11-22 15:10 <DIR> d-------- C:\Program Files\DirectUpdate v4
2007-11-22 14:54 . 2007-11-22 14:55 <DIR> d-------- C:\wamp
2007-11-22 12:40 . 2007-10-10 17:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 12:40 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 12:40 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 12:40 . 2007-10-10 17:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 12:40 . 2007-10-10 17:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 12:40 . 2007-10-10 17:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 12:40 . 2007-10-10 17:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 12:40 . 2007-10-10 17:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 12:40 . 2007-10-10 04:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-22 00:19 . 2007-11-22 00:19 60,028 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-22 00:17 . 2007-11-22 00:17 <DIR> d-------- C:\Program Files\Safari
2007-11-22 00:16 . 2007-11-22 14:57 <DIR> d-------- C:\Program Files\Bonjour
2007-11-21 11:24 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\a8s3lv27.sys
2007-11-20 16:19 . 2007-11-20 16:19 <DIR> d-------- C:\Program Files\TightVNC
2007-11-19 20:00 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\awkswgh6.sys
2007-11-17 15:12 . 2007-11-17 15:12 <DIR> d-------- C:\Program Files\Hasbro
2007-11-17 10:21 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\auwlddes.sys
2007-11-16 16:04 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\a2wmv5ki.sys
2007-11-15 17:44 . 2004-08-03 15:59 49,536 --a------ C:\WINDOWS\system32\drivers\atddamfi.sys
.
bulldozer246:
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 20:03 --------- d-----w C:\Program Files\StormII
2007-12-15 19:45 --------- d-----w C:\Program Files\WeBot
2007-12-15 19:45 --------- d-----w C:\Program Files\uTorrent
2007-12-15 03:36 --------- d-----w C:\Program Files\Trillian
2007-12-15 03:36 --------- d-----w C:\Documents and Settings\Vince s\Application Data\uTorrent
2007-12-14 22:15 --------- d-----w C:\Documents and Settings\Vince s\Application Data\Skype
2007-12-09 01:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 23:33 --------- d-----w C:\Documents and Settings\Vince s\Application Data\ATI
2007-12-04 23:29 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 00:31 --------- d-----w C:\Program Files\Activision
2007-11-27 23:34 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-26 03:20 --------- d-----w C:\Program Files\Winamp
2007-11-22 06:17 --------- d-----w C:\Documents and Settings\Vince s\Application Data\Apple Computer
2007-11-16 03:13 --------- d-----w C:\Documents and Settings\Vince s\Application Data\U3
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 18:44 --------- d-----w C:\Program Files\iTunes
2007-11-10 18:44 --------- d-----w C:\Program Files\iPod
2007-11-10 18:42 --------- d-----w C:\Program Files\QuickTime
2007-11-04 02:33 --------- d-----w C:\Program Files\Atari
2007-11-04 02:32 --------- d-----w C:\Documents and Settings\Vince s\Application Data\Atari
2007-11-04 02:31 --------- d-----w C:\Program Files\EA GAMES
2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-02 03:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 00:42 --------- d-----w C:\Program Files\TI Education
2007-11-02 00:42 --------- d-----w C:\Program Files\Common Files\TI Shared
2007-11-02 00:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 00:29 --------- d-----w C:\Program Files\TiLP
2007-10-31 20:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 22:00 --------- d-----w C:\Program Files\touchFree
2007-10-28 14:41 --------- d-----w C:\Program Files\Logitech
2007-10-28 14:41 --------- d-----w C:\Program Files\Common Files\Logitech
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 19:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 19:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 19:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 19:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 19:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 19:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 19:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 19:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 18:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-05-28 16:58 47,360 ----a-w C:\Documents and Settings\Vince s\Application Data\pcouffin.sys
2007-01-28 22:28 65 ----a-w C:\Program Files\Common Files\appop.log
2007-02-27 23:37 61 --sh--w C:\WINDOWS\cnerolf.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 06:06]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 16:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 00:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-02 16:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2007-05-07 19:28]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
bulldozer246:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"EA Core"=C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe
"SaiSmart"=C:\Program Files\Saitek\Software\SaiSmart.exe
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
"MindSoft FreeRAM"=C:\Program Files\Summitsoft\SystemTech XP\FreeRAM.exe
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"NWEReboot"=
"Run StartupMonitor"=StartupMonitor.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R2 GKCDTDNS;GKC Dynamic DNS Updater;C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
R2 MSiSCSI;Microsoft iSCSI Initiator Service;C:\WINDOWS\System32\iscsiexe.exe
R2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 iScsiPrt;iScsiPort Driver;C:\WINDOWS\system32\DRIVERS\msiscsi.sys
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 CTL518;Video Blaster WebCam (WDM);C:\WINDOWS\system32\DRIVERS\wcvid.sys
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 TiglUsb;TiglUsb.sys TI-GRAPH / DIRECT LINK USB driver;C:\WINDOWS\system32\Drivers\TiglUsb.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 03:53:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 20:25:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:24:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-15 14:26:46 - machine was rebooted
.
2007-12-13 21:53:31 --- E O F ---
And By the way, thanks for the help, it is greatly appreciated!
essexboy:
Nearly done just a few more bits to remove ;D
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\2014302581
C:\skaglnck.exe
C:\fjls.exe
C:\WINDOWS\system32\drivers\ajxuxds3.sys
C:\WINDOWS\system32\drivers\awr7r3ra.sys
C:\WINDOWS\system32\drivers\ai1s0opq.sys
C:\WINDOWS\system32\drivers\a8s3lv27.sys
C:\WINDOWS\system32\drivers\awkswgh6.sys
C:\WINDOWS\system32\drivers\auwlddes.sys
C:\WINDOWS\system32\drivers\a2wmv5ki.sys
C:\WINDOWS\system32\drivers\atddamfi.sys
C:\WINDOWS\system32\drivers\atzcw845.sys
C:\WINDOWS\system32\drivers\at4yjvb3.sys
C:\WINDOWS\cnerolf.dat
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If you could follow that up with a final Hijackthis log
bulldozer246:
I have done so and here is the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:00 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Vince s\Desktop\ServInfo\ServInfo.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GKC Dynamic DNS Updater (GKCDTDNS) - Unknown owner - C:\PROGRA~1\GKC\GKCDTDNS\GKCDTDNSNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9415 bytes
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version