Free PC Performance Scan

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Operating Systems » Windows XP/2000 » BSOD Problems

Windows XP/2000 - BSOD Problems posted in the Operating Systems forums; Finally, I get a log, took so bloody long trying to get this, Combo was freezing/computer was shutting down as it started and as it was finishing, enver thought i'd ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 3 < 1 2 3 >
  #8  
Old 07-12-2008
Bronze Member
  
Join Date: May 2006
Posts: 30
Arnold - See this Members User comments on their Profile page
Default Re: My Hijack file
Finally, I get a log, took so bloody long trying to get this, Combo was freezing/computer was shutting down as it started and as it was finishing, enver thought i'd get the thing, here ya go, hopefully it's done everythin right with the constant interuptions ^^


ComboFix 08-07-11.1 - Dave 2008-07-12 10:04:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\{DCFCD~1
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\rqstv.bak2

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 10:11 . 2008-07-11 10:11 <DIR> d-------- C:\Deckard
2008-07-10 15:52 . 2008-07-10 15:52 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-10 14:15 . 2008-07-10 14:15 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-06-30 19:37 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-06-30 16:45 . 2008-06-30 16:45 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-06-29 17:18 . 2008-06-29 17:45 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-06-29 17:18 . 2008-06-29 17:45 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-06-29 17:18 . 2008-06-29 17:45 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-06-29 15:20 . 2008-06-29 15:20 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-29 15:20 . 2008-06-29 18:03 18,167 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-29 15:20 . 2008-06-29 15:20 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-29 15:08 . 2008-07-03 16:05 <DIR> d-------- C:\Program Files\Diablo II
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Opera
2008-06-25 09:04 . 2008-06-25 09:04 268 --ah----- C:\sqmdata05.sqm
2008-06-25 09:04 . 2008-06-25 09:04 244 --ah----- C:\sqmnoopt05.sqm
2008-06-22 11:21 . 2008-06-22 11:21 2,320,000 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-06-20 16:40 . 2008-06-20 16:40 <DIR> d-------- C:\Program Files\Lavalys
2008-06-19 18:20 . 2008-06-19 18:20 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-19 18:18 . 2008-06-19 18:20 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-15 08:44 . 2008-06-15 08:45 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 08:44 . 2008-06-15 08:44 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\SystemRequirementsLab
2008-06-15 08:33 . 2008-06-15 08:33 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\SPORE Creature Creator
2008-06-15 08:21 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-15 08:19 . 2008-06-15 08:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-15 08:18 . 2008-06-15 08:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-15 08:13 . 2008-06-15 08:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\Program Files\AutoHotkey
2008-06-12 12:43 . 2008-07-01 18:20 <DIR> d-------- C:\Program Files\Notepad++
2008-06-12 12:43 . 2008-06-12 12:45 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Notepad++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-12 07:49 --------- d-----w C:\Program Files\Winamp
2008-07-12 07:40 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-11 07:07 --------- d-----w C:\Program Files\World of Warcraft
2008-06-30 18:37 --------- d-----w C:\Program Files\Ultra QuickTime Converter
2008-06-29 18:39 --------- d-----w C:\Documents and Settings\Dave\Application Data\FrostWire
2008-06-26 13:28 --------- d-----w C:\Program Files\Motive
2008-06-26 13:03 --------- d-----w C:\Program Files\Creative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 16:36 --------- d-----w C:\Documents and Settings\Dave\Application Data\Azureus
2008-06-19 16:31 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-06-18 19:31 --------- d-----w C:\Documents and Settings\Dave\Application Data\Free Download Manager
2008-06-15 07:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-15 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 09:06 --------- d-----w C:\Program Files\Last.fm
2008-06-04 08:25 --------- d-----w C:\Program Files\Zune
2008-06-04 08:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2008-06-04 08:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
2008-05-30 13:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 13:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 13:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 13:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 13:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 13:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 13:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-25 19:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 18:57 --------- d-----w C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
2008-05-25 18:49 --------- d-----w C:\Documents and Settings\Dave\Application Data\ICQ
2008-05-25 18:47 --------- d-----w C:\Program Files\Audiosurf
2008-05-16 15:13 --------- d-----w C:\Program Files\Steam
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 18:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 18:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 18:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 18:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 18:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 18:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 18:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2007-10-31 18:07 24,096 ----a-w C:\Documents and Settings\Dave\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-20 19:54 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-04 10:31:06 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-02-28 13:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-06-19 18:20]
S3 TunRDriverV32;TunRDriverV32;C:\WINDOWS\system32\dr ivers\TunRDriverV32.sys [2007-07-12 12:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 09:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-15 20:31:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-{DCFCDA4D-07CF-1033-0307-03032603002c} - C:\Program Files\Common Files\{DCFCDA4D-07CF-1033-0307-03032603002c}\Update.exe
Notify-vtsqr - C:\WINDOWS\system32\vtsqr.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 10:09:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-07-12 10:14:15
ComboFix-quarantined-files.txt 2008-07-12 09:13:05


ComboFix 08-07-11.1 - Dave 2008-07-12 10:04:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\{DCFCD~1
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\rqstv.bak2

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 10:11 . 2008-07-11 10:11 <DIR> d-------- C:\Deckard
2008-07-10 15:52 . 2008-07-10 15:52 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-10 14:15 . 2008-07-10 14:15 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-06-30 19:37 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-06-30 16:45 . 2008-06-30 16:45 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-06-29 17:18 . 2008-06-29 17:45 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-06-29 17:18 . 2008-06-29 17:45 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-06-29 17:18 . 2008-06-29 17:45 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-06-29 15:20 . 2008-06-29 15:20 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-29 15:20 . 2008-06-29 18:03 18,167 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-29 15:20 . 2008-06-29 15:20 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-29 15:08 . 2008-07-03 16:05 <DIR> d-------- C:\Program Files\Diablo II
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Opera
2008-06-25 09:04 . 2008-06-25 09:04 268 --ah----- C:\sqmdata05.sqm
2008-06-25 09:04 . 2008-06-25 09:04 244 --ah----- C:\sqmnoopt05.sqm
2008-06-22 11:21 . 2008-06-22 11:21 2,320,000 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-06-20 16:40 . 2008-06-20 16:40 <DIR> d-------- C:\Program Files\Lavalys
2008-06-19 18:20 . 2008-06-19 18:20 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-19 18:18 . 2008-06-19 18:20 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-15 08:44 . 2008-06-15 08:45 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 08:44 . 2008-06-15 08:44 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\SystemRequirementsLab
2008-06-15 08:33 . 2008-06-15 08:33 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\SPORE Creature Creator
2008-06-15 08:21 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-15 08:19 . 2008-06-15 08:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-15 08:18 . 2008-06-15 08:18 <DIR> d-------- C:\WINDOWS\Logs
2008-06-15 08:13 . 2008-06-15 08:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\Program Files\AutoHotkey
2008-06-12 12:43 . 2008-07-01 18:20 <DIR> d-------- C:\Program Files\Notepad++
2008-06-12 12:43 . 2008-06-12 12:45 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Notepad++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-12 07:49 --------- d-----w C:\Program Files\Winamp
2008-07-12 07:40 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-11 07:07 --------- d-----w C:\Program Files\World of Warcraft
2008-06-30 18:37 --------- d-----w C:\Program Files\Ultra QuickTime Converter
2008-06-29 18:39 --------- d-----w C:\Documents and Settings\Dave\Application Data\FrostWire
2008-06-26 13:28 --------- d-----w C:\Program Files\Motive
2008-06-26 13:03 --------- d-----w C:\Program Files\Creative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 16:36 --------- d-----w C:\Documents and Settings\Dave\Application Data\Azureus
2008-06-19 16:31 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-06-18 19:31 --------- d-----w C:\Documents and Settings\Dave\Application Data\Free Download Manager
2008-06-15 07:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-15 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 09:06 --------- d-----w C:\Program Files\Last.fm
2008-06-04 08:25 --------- d-----w C:\Program Files\Zune
2008-06-04 08:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2008-06-04 08:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
2008-05-30 13:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 13:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 13:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 13:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 13:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 13:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 13:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-25 19:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 18:57 --------- d-----w C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
2008-05-25 18:49 --------- d-----w C:\Documents and Settings\Dave\Application Data\ICQ
2008-05-25 18:47 --------- d-----w C:\Program Files\Audiosurf
2008-05-16 15:13 --------- d-----w C:\Program Files\Steam
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 18:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 18:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 18:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 18:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 18:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 18:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 18:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2007-10-31 18:07 24,096 ----a-w C:\Documents and Settings\Dave\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-20 19:54 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-04 10:31:06 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-02-28 13:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-06-19 18:20]
S3 TunRDriverV32;TunRDriverV32;C:\WINDOWS\system32\dr ivers\TunRDriverV32.sys [2007-07-12 12:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 09:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-15 20:31:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-{DCFCDA4D-07CF-1033-0307-03032603002c} - C:\Program Files\Common Files\{DCFCDA4D-07CF-1033-0307-03032603002c}\Update.exe
Notify-vtsqr - C:\WINDOWS\system32\vtsqr.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 10:09:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-07-12 10:14:15
ComboFix-quarantined-files.txt 2008-07-12 09:13:05
Attached Files
File Type: txt ComboFix.txt (12.5 KB, 1 views)
File Type: log hijackthis.log (8.6 KB, 1 views)


Last edited by Pancake; 07-12-2008 at 10:33 AM. Reason: copy and pasted for better viewing
  #9  
Old 07-12-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,063
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: My Hijack file
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKCU\..\Policies\Explorer\Run: [{DCFCDA4D-07CF-1033-0307-03032603002c}] "C:\Program Files\Common Files\{DCFCDA4D-07CF-1033-0307-03032603002c}\Update.exe" mc-110-12-0000272
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




File::
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


=======================================


Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.20

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #10  
Old 07-12-2008
Bronze Member
  
Join Date: May 2006
Posts: 30
Arnold - See this Members User comments on their Profile page
Default Re: My Hijack file
I've Deleted those things from Hijack this, created the CFScript txt and dragged it onto Combofix, now this is where things get annoying, for the past 2 hours i've dragged the txt file to Combofix but as soon as the file is dragged and a back up is made my PC either restarts itself or I get blue screened =/ So I downloaded the malaware program, and amazingly it ran without problems, I did a Full Scan and a Quick Scan and nothing at all came up, it detected nothing.

I'll keep trying the combofix, but I haven't got any hopes of it working anytime soon, is there anything else I can do to get this thing working?

this is my Malwarebyte log as well just in case it is needed

Malwarebytes' Anti-Malware 1.20
Database version: 941
Windows 5.1.2600 Service Pack 2

12:55:05 2008-07-12
mbam-log-7-12-2008 (12-55-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155281
Time elapsed: 32 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

====
and an updated HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58, on 2008-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8407 bytes


Last edited by Arnold; 07-12-2008 at 01:58 PM.
  #11  
Old 07-13-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,063
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: My Hijack file
Thats all fine.It just needed that cleanup.You are all done.


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.


ComboFix /u


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #12  
Old 07-13-2008
Bronze Member
  
Join Date: May 2006
Posts: 30
Arnold - See this Members User comments on their Profile page
Default Re: My Hijack file
Thanks for all the help, but I am still having Problems, BSOD keeps popping up, I did do a search for the IRQL error thing and a lot of sites did mention Bad RAM, so I think that might be my problem, i'm not sure though.
  #13  
Old 07-13-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,063
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page