The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Massive virus cannot remove

Posted 6/26/2008 3:26 AM
#62978
User avatar

Youse Member

Date Joined Nov 2016
Total Posts: 4
This major virus or trojan has been pissing me off and is exactly the same thing as this forum post: https://www.bullguard.com/forum/8/Anti-virus-sites-blocked-notep_62602.html

HiJack This Log:
https://rapidshare.com/files/124820702/hijackthis.log.html

Sorry, had to upload it on rapidshare because kept on notepad crashes.

Please help.

I have ran S&D and found 69 entries but I think they just keep on coming and coming. Ran avast and detected malware's like 444.471. Ran Malwarebyte's Anti-Malware and found 44 infections straight away. Ran a couple of online virus scanners (Windows Live Safety Scanner, BitDefender and Kaspersky) but they weren't helping that much.

Another thing:
Dunno if its gotta do with the virus but when I try to connect to a wireless network. It detects it on "View Available Wireless Networks" and on mine it says "not connected". I open IE7, cannot go to webpage and says it is not connected. I go to "Network Connections Folder" and I press F5 to refresh then its connected. In IE7 and Firefox, some webpages don't even try to load like in the thread where the link is shown above.
Posted 6/27/2008 5:04 PM
#62987
User avatar

junior Valued member

Date Joined Nov 2016
Total Posts: 12
This this forum is dead already its not like before not even moderators are here anymore.
Posted 6/28/2008 3:05 AM
#62993
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Posted 6/30/2008 1:08 AM
#63044
User avatar

Youse Member

Date Joined Nov 2016
Total Posts: 4
Here is the ComboFix Log report:
ComboFix 08-06-20.4 - yelias12 2008-06-30 10:55:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.378 [GMT 10:00]
Running from: C:\Documents and Settings\yelias12\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM0f52ab3a.xml
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bsm.dll
C:\WINDOWS\system32\ffcaaaff.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\khbbnauj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca

----- BITS: Possible infected sites -----

hxxp://10.12.2.19
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 16:41 . 2008-06-29 16:41 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-29 16:41 . 2008-06-29 16:41 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-27 13:27 . 2008-06-27 13:27 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Samsung
2008-06-27 13:19 . 2008-06-27 13:19 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-27 13:19 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-27 13:19 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-06-27 13:19 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-06-27 13:19 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-06-27 13:19 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-27 13:19 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-27 13:18 . 2008-06-27 13:18 <DIR> d-------- C:\Program Files\Samsung
2008-06-26 17:48 . 2008-06-26 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:47 . 2008-06-26 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-26 14:48 . 2008-06-26 14:48 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-26 11:26 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-26 11:26 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-26 11:26 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 11:26 . 2008-04-14 00:15 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-25 22:39 . 2008-06-25 22:39 <DIR> d-------- C:\Program Files\thriXXX
2008-06-25 20:38 . 2008-06-29 15:48 <DIR> d-------- C:\WINDOWS\system32\7238
2008-06-25 20:14 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\GRETECH
2008-06-25 20:14 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-25 20:12 . 2008-06-25 20:12 <DIR> d-------- C:\Program Files\GRETECH
2008-06-25 19:59 . 2008-06-27 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 19:59 . 2008-06-27 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Malwarebytes
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 16:36 . 2008-06-25 16:36 <DIR> d-------- C:\VundoFix Backups
2008-06-25 16:30 . 2008-06-25 16:30 113,169 --------- C:\WINDOWS\system32\8231fb55df18ae44c4cc99d846c4c139.TMP
2008-06-25 16:30 . 2008-06-25 16:30 113,169 --------- C:\WINDOWS\system32\0f26634258daef1fb106127a60dccc47.TMP
2008-06-25 12:35 . 2008-06-25 12:35 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-25 10:41 . 2008-06-25 10:41 112,128 --a------ C:\WINDOWS\system32\qxytfati.exe
2008-06-25 10:38 . 2008-06-25 10:38 66,952 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-25 10:35 . 2008-06-25 10:36 <DIR> d-------- C:\Program Files\Safari
2008-06-25 10:21 . 2008-06-25 10:21 113,169 --------- C:\WINDOWS\system32\c847ffaecc4b63d817e3b51aa633bab5.TMP
2008-06-25 10:21 . 2008-06-25 10:21 113,169 --------- C:\WINDOWS\system32\5de78138d555ea6abf4f0110e669c861.TMP
2008-06-25 10:13 . 2008-06-25 10:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-25 10:11 . 2008-06-25 10:14 <DIR> d-------- C:\Documents and Settings\yelias12\.housecall6.6
2008-06-24 22:18 . 2008-06-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-24 22:15 . 2008-06-24 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\TuneUp Software
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-24 22:01 . 2008-06-24 22:01 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-24 22:01 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-24 22:00 . 2008-06-24 22:01 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-24 18:24 . 2008-06-24 18:40 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-24 12:32 . 2008-06-26 16:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 11:31 . 2008-06-24 11:31 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Ace
2008-06-24 11:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-24 10:53 . 2005-08-03 16:00 232,192 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
2008-06-23 21:22 . 2008-06-23 21:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-23 21:04 . 2008-06-24 19:55 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\AVGTOOLBAR
2008-06-23 19:11 . 2008-06-23 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-23 18:08 . 2008-06-23 20:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Orbit
2008-06-23 18:07 . 2008-06-23 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-23 17:47 . 2008-06-23 17:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Orbit
2008-06-23 17:41 . 2008-06-23 17:41 <DIR> d-------- C:\temp\itmp4
2008-06-23 17:40 . 2008-06-23 17:40 <DIR> d-------- C:\Program Files\Red Kawa
2008-06-23 17:40 . 2008-06-23 21:05 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-23 17:40 . 2008-06-23 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\GrabPro
2008-06-23 17:40 . 2008-06-23 17:40 106,496 --a------ C:\Documents and Settings\All Users\Application Data\ngzqfsjs.dll
2008-06-23 13:07 . 2008-06-23 13:07 <DIR> d-------- C:\Program Files\HP
2008-06-23 13:06 . 2004-03-11 14:14 16,062 --------- C:\WINDOWS\hpiins01.dat
2008-06-23 13:06 . 2004-02-12 14:20 0 --------- C:\WINDOWS\hpimdl01.dat
2008-06-22 21:15 . 2008-05-06 16:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-06-22 21:15 . 2008-05-06 16:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-21 23:45 . 2008-06-21 23:45 <DIR> d-------- C:\temp\nvidia
2008-06-21 23:45 . 2008-06-23 17:41 <DIR> d-------- C:\temp
2008-06-21 22:16 . 2008-06-21 22:16 <DIR> d-------- C:\WINDOWS\Sun
2008-06-21 22:15 . 2008-06-21 22:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 20:37 . 2008-06-21 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-21 19:37 . 2008-06-24 11:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-21 16:19 . 2008-04-14 05:42 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-06-21 16:19 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-21 16:19 . 2008-04-14 05:40 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-06-21 16:19 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-06-21 16:19 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-21 16:17 . 2008-04-14 05:42 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-06-21 16:17 . 2008-04-14 05:42 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-06-21 16:17 . 2008-04-14 05:42 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-06-21 16:17 . 2008-04-14 05:42 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-06-21 16:17 . 2008-04-14 05:42 32,866 --------- C:\WINDOWS\slrundll.exe
2008-06-21 16:17 . 2008-04-14 05:42 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-06-21 16:11 . 2008-06-21 16:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-21 16:04 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003113_.tmp
2008-06-21 15:23 . 2008-06-21 15:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-21 15:23 . 2008-06-21 15:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-06-21 15:01 . 2008-06-21 15:01 2,645 --a------ C:\WINDOWS\system32\NMMediaServer.cfg
2008-06-20 22:06 . 2008-06-26 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-20 21:52 . 2008-06-20 21:52 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-06-20 21:50 . 2008-06-20 21:50 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Nero
2008-06-20 21:08 . 2008-06-26 20:02 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-06-20 21:08 . 2008-06-24 11:30 <DIR> d-------- C:\downloads
2008-06-20 21:08 . 2008-06-30 10:57 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Orbit
2008-06-20 21:08 . 2008-06-20 21:12 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\GrabPro
2008-06-20 20:33 . 2008-06-20 20:33 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-20 20:07 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-20 20:07 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-06-20 19:12 . 2008-06-27 19:51 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\LimeWire
2008-06-20 19:06 . 2008-06-20 19:06 <DIR> d-------- C:\Program Files\Avanquest update
2008-06-20 19:05 . 2008-06-20 19:06 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-06-20 19:05 . 2008-06-20 19:05 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-20 19:05 . 2008-06-20 19:05 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\InstallShield
2008-06-20 19:05 . 2008-06-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-19 16:54 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-19 16:33 . 2008-06-19 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-18 10:21 . 2008-06-18 10:21 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-06-18 09:58 . 2008-06-20 21:45 <DIR> d-------- C:\Program Files\Nero
2008-06-18 09:58 . 2008-06-20 21:48 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-18 09:58 . 2008-06-20 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-17 21:48 . 2008-06-17 21:49 <DIR> d-------- C:\Program Files\LimeWire
2008-06-17 21:11 . 2008-06-17 21:11 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\InterVideo
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\iPod
2008-06-17 19:18 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\iTunes
2008-06-17 19:18 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\Bonjour
2008-06-17 19:17 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 00:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-27 03:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 00:33 --------- d-----w C:\Program Files\Apple Software Update
2008-06-24 12:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 08:20 --------- d-----w C:\Program Files\Microsoft Works
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-04-13 19:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-13 19:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 19:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-13 19:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-13 19:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-13 19:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 19:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-13 19:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-13 19:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-13 19:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-13 19:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= C:\Program Files\Orbitdownloader\GrabPro.dll [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 23:32 65536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 22:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 22:00 455168]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 16:36 30208]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 13:25 7340032]
"nwiz"="nwiz.exe" [2005-12-16 13:25 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2005-12-16 13:25 49152]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-02-28 23:43 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 03:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFncKy"="TFncKy.exe" []
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 11:00 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-12-20 13:39 86016]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 13:56 86016]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-28 19:11 155648]
"ThpSrv"="thpsrv" []
"TFNF5"="TFNF5.exe" [2005-12-26 09:56 581632 C:\WINDOWS\system32\TFNF5.exe]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 11:33 344144]
"TPSMain"="TPSMain.exe" [2005-12-15 13:28 315392 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-12-15 13:28 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 05:29 88203 C:\WINDOWS\agrsmmsg.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 15:13 122880]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 10:42 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 11:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 04:29 125632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\IT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 12:12:44 AM 113664]

C:\Documents and Settings\yelias12\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 12:12:44 AM 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [6/20/2008 9:08:54 PM 1690824]
PC Health.lnk - C:\Program Files\TOSHIBA\TOSHIBA Management Console\TOSHealthLocalS.vbs [12/7/2006 2:55:18 PM 3531]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12/7/2006 12:34:24 PM 155648]
SMART Board Tools.lnk - C:\Program Files\SMART Board Software\SMARTBoardTools.exe [9/18/2006 3:53:26 AM 3395584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ngzqfsjs"= {8290f165-137b-486d-89f1-94c7cb225aa5} - C:\Documents and Settings\All Users\Application Data\ngzqfsjs.dll [2008-06-23 17:40 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 16:48 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2334:TCP"= 2334:TCP:RSA Exception
"2967:TCP"= 2967:TCP:10.18.2.8/255.255.255.255:Enabled:SAV2967
"2967:UDP"= 2967:UDP:10.18.2.8/255.255.255.255:Enabled:SAV2967
"38293:TCP"= 38293:TCP:10.18.2.8/255.255.255.255:Enabled:SAV38293
"38293:UDP"= 38293:UDP:10.18.2.8/255.255.255.255:Enabled:SAV38293

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 22:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 11:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 09:20]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 10:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 09:16]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 17:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 16:59]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 16:33]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 14:26]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2005-12-26 16:59]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-24 22:01]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 01:00:06 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-25 00:33:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-06-30 10:59:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSVCS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-30 11:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 01:03:40

Pre-Run: 5,890,551,808 bytes free
Post-Run: 5,936,889,856 bytes free

368
Posted 6/30/2008 5:04 AM
#63048
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Free Version of Superantispyware

[color=#22229c>https://www.superantispyware.com/superantispywarefreevspro.html[/b]



Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

close the program





Please download ATF Cleaner:

https://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only





Download DrWebCureit:

Reboot to Safe mode











Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache


Recycle Bin

NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.









Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the Options->Change settings.



Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename

Click – Apply - OK

Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all



After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.



Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.











Start Superantispyware.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot







Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.







Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?






















[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/30/2008 5:32 AM
#63052
User avatar

Youse Member

Date Joined Nov 2016
Total Posts: 4
Before I do this, just to notify you that I can't access HijackThis because the virus blocks the program for some reason. So I cannot post a Hijack This log.

Thank You.
Posted 6/30/2008 6:01 AM
#63053
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Run the scantools, then see if you can use hijacktis, otherwise just post drweb and superantispyware log files

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, October 1, 2022, 8:12 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
53 Guest(s), 0 Registered Member(s) are currently online.