HiJack log to be analyzed...

Kweezinarts · Nov 30, 2009

when i click on a link, like say in a yahoo search, it will take me to a random website. and sometimes another tab will open and go to a random site.

also i have a "$Recycle.bin" folder (apparently empty) in C:\ and another hd partition L:\ , when i try to delete it User Account Control window pops up and a file tries to run called 3AD05575-8857-4850-9277-11B85BDB8E09 ,ya know, so i choose not to delete or else the file will execute.

should i run spybot to? for a total of 5 anti-* software heh

Osiris · Nov 30, 2009

You are welcome to run whatever you like.

Lets try this

run ccleaner and cleanup!

Reboot

Then post a new hijackthis log and I will have you remove the yahoo entries

CCleaner - Home

www.stevengould.org - CleanUp! Home

Kweezinarts · Nov 30, 2009

here she is after ccleanup and reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:11 PM, on 11/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FKMonitor\fkmon.exe
C:\Windows\ehome\ehmsas.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
L:\Downloads\Computer Security\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Skytel] "C:\Windows\Skytel.exe"
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cctray] "L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [fkmon.exe] C:\Program Files\FKMonitor\fkmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: RtHDVCpl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000D95-8922-4248-AEAE-9955802C7847}: NameServer = 209.18.47.61,209.18.47.62
O23 - Service: CaCCProvSP - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PPCtlPriv - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6205 bytes

Kweezinarts · Nov 30, 2009

oh i see entry @ 017 has returned, arg!

Osiris · Nov 30, 2009

It might be legit. Go to start run type cmd and press enter. Then type in ipconfig /all and see if that IP matches yours.

Remove these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

Then uninstall Viewpoint media and remove these entries as well

O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Kweezinarts · Nov 30, 2009

ok *deep breath*...

without even lookin i know those ip's to be my new DNS's i removed the 3 first entries and unintalled viewpoint then when i rescanned the viewpoint entry wasnt logged in Hijackthis as u can see. im sure you see as well there is spybot s&d logged but when i ran it it found 2 more things to get rid of.

right now i havent had the link redirection happen to me in a little while we'll see if it stays gone...

heres new Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:48 PM, on 11/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FKMonitor\fkmon.exe
C:\Windows\ehome\ehmsas.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
L:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
L:\Downloads\Computer Security\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Skytel] "C:\Windows\Skytel.exe"
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cctray] "L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [fkmon.exe] C:\Program Files\FKMonitor\fkmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: RtHDVCpl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000D95-8922-4248-AEAE-9955802C7847}: NameServer = 209.18.47.61,209.18.47.62
O23 - Service: CaCCProvSP - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PPCtlPriv - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - L:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 6128 bytes

Osiris...u da man!

what about 02 google toolbar notifier BHO? i dont use anything google...

Osiris · Nov 30, 2009

Uninstall Anything Google from Add/Remove
Uninstall Spybot search and destroy

Remove these as well

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll

O4 - HKCU\..\Run: [SpybotSD TeaTimer] L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Then post a new log

Kweezinarts · Nov 30, 2009

after uninstalling google updater and spybot all 3 of those entries were gone...
$Recycle.bin is still around though

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:45 PM, on 11/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FKMonitor\fkmon.exe
C:\Windows\ehome\ehmsas.exe
L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
L:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\Downloads\Computer Security\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Skytel] "C:\Windows\Skytel.exe"
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cctray] "L:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [fkmon.exe] C:\Program Files\FKMonitor\fkmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: RtHDVCpl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000D95-8922-4248-AEAE-9955802C7847}: NameServer = 209.18.47.61,209.18.47.62
O23 - Service: CaCCProvSP - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PPCtlPriv - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - L:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5609 bytes

Osiris · Nov 30, 2009

Looking better :thumbsup:

Now I need you to run Combofix again and post its log

Kweezinarts · Nov 30, 2009

as you wish:

ComboFix 09-11-30.02 - KA 11/30/2009 23:42.3.2 - x86
MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6000.0.1252.1.1033.18.3070.2280 [GMT -5:00]
Running from: l:\downloads\Computer Security\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *disabled* (Outdated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 04:49 . 2009-12-01 04:49 -------- d-----w- c:\users\KA\AppData\Local\temp
2009-12-01 04:49 . 2009-12-01 04:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-01 04:49 . 2009-12-01 04:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-30 22:32 . 2009-12-01 02:34 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-30 01:35 . 2009-11-29 23:33 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-11-30 00:45 . 2009-11-30 00:45 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-30 00:45 . 2009-11-30 00:45 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-11-30 00:45 . 2009-11-30 00:45 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-11-30 00:45 . 2009-11-30 00:45 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-30 00:42 . 2009-11-30 00:42 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-30 00:42 . 2009-11-30 00:42 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-30 00:42 . 2009-11-30 00:42 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-30 00:40 . 2009-11-30 00:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-11-30 00:40 . 2009-11-30 00:40 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-11-30 00:40 . 2009-11-30 00:40 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-11-30 00:37 . 2009-11-30 00:37 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-11-30 00:37 . 2009-11-30 00:37 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-30 00:37 . 2009-11-30 00:37 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-11-30 00:37 . 2009-11-30 00:37 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-11-30 00:37 . 2009-11-30 00:37 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-11-30 00:37 . 2009-11-30 00:37 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-11-30 00:35 . 2009-11-30 00:35 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-11-30 00:35 . 2009-11-30 00:35 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-11-30 00:34 . 2009-11-30 00:34 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-30 00:34 . 2009-11-30 00:34 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-30 00:34 . 2009-11-30 00:34 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-30 00:34 . 2009-11-30 00:34 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-30 00:34 . 2009-11-30 00:34 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-30 00:34 . 2009-11-30 00:34 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-11-30 00:32 . 2009-11-30 00:32 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-30 00:32 . 2009-11-30 00:32 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-30 00:32 . 2009-11-30 00:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-30 00:32 . 2009-11-30 00:32 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 00:30 . 2009-11-30 00:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-30 00:30 . 2009-11-30 00:30 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-30 00:30 . 2009-11-30 00:30 24064 ----a-w- c:\windows\system32\lpk.dll
2009-11-30 00:30 . 2009-11-30 00:30 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-11-30 00:30 . 2009-11-30 00:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-30 00:30 . 2009-11-30 00:30 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-30 00:29 . 2009-11-30 00:29 7680 ----a-w- c:\windows\system32\lsass.exe
2009-11-30 00:29 . 2009-11-30 00:29 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-30 00:29 . 2009-11-30 00:29 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-11-30 00:29 . 2009-11-30 00:29 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-30 00:29 . 2009-11-30 00:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-30 00:29 . 2009-11-30 00:29 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-30 00:27 . 2009-11-30 00:27 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-30 00:27 . 2009-11-30 00:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-11-30 00:26 . 2009-11-30 00:26 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-30 00:26 . 2009-11-30 00:26 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-30 00:26 . 2009-11-30 00:26 2855424 ----a-w- c:\windows\system32\mf.dll
2009-11-30 00:26 . 2009-11-30 00:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-30 00:26 . 2009-11-30 00:26 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-30 00:24 . 2009-11-30 00:24 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 00:19 . 2009-11-30 00:19 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-11-30 00:15 . 2009-11-30 00:15 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-30 00:13 . 2009-11-30 00:13 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-11-30 00:12 . 2009-11-30 00:12 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-11-30 00:12 . 2009-11-30 00:12 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-11-30 00:10 . 2009-11-30 00:10 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-30 00:10 . 2009-11-30 00:10 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-30 00:09 . 2009-11-30 00:09 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-11-30 00:08 . 2009-11-30 00:08 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-11-30 00:08 . 2009-11-30 00:08 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-11-30 00:07 . 2009-11-30 00:07 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-30 00:05 . 2009-11-30 00:05 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-30 00:05 . 2009-11-30 00:05 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-11-30 00:05 . 2009-11-30 00:05 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-11-30 00:04 . 2009-11-30 00:04 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-11-30 00:02 . 2009-11-30 00:02 414208 ----a-w- c:\windows\system32\msscp.dll
2009-11-29 23:59 . 2009-11-29 23:59 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-11-29 23:55 . 2009-11-29 23:55 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-11-29 23:55 . 2009-11-29 23:55 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-11-29 23:55 . 2009-11-29 23:55 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-11-29 23:55 . 2009-11-29 23:55 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-11-29 23:55 . 2009-11-29 23:55 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-11-29 23:55 . 2009-11-29 23:55 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-11-29 23:55 . 2009-11-29 23:55 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-11-29 23:55 . 2009-11-29 23:55 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-11-29 23:55 . 2009-11-29 23:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-11-29 23:51 . 2009-11-29 23:51 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-11-29 23:51 . 2009-11-29 23:51 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-11-29 23:51 . 2009-11-29 23:51 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-29 23:47 . 2009-11-29 23:47 696832 ----a-w- c:\windows\system32\localspl.dll
2009-11-29 23:46 . 2009-11-29 23:46 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-11-29 23:46 . 2009-11-29 23:46 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-11-29 23:46 . 2009-11-29 23:46 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-11-29 23:46 . 2009-11-29 23:46 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-29 23:46 . 2009-11-29 23:46 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-11-29 23:46 . 2009-11-29 23:46 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-11-29 23:44 . 2009-11-29 23:44 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-29 23:44 . 2009-11-29 23:44 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-11-29 23:44 . 2009-11-29 23:44 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-11-29 23:44 . 2009-11-29 23:44 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2009-11-29 23:44 . 2009-11-29 23:44 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-11-29 23:44 . 2009-11-29 23:44 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-11-29 23:43 . 2009-11-29 23:43 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2009-11-29 23:42 . 2009-11-29 23:42 2923520 ----a-w- c:\windows\explorer.exe
2009-11-29 23:41 . 2009-11-29 23:41 25600 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2009-11-29 23:41 . 2009-11-29 23:41 23552 ----a-w- c:\windows\system32\lpremove.exe
2009-11-29 23:41 . 2009-11-29 23:41 166912 ----a-w- c:\windows\system32\lpksetup.exe
2009-11-29 23:41 . 2009-11-29 23:41 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2009-11-29 23:40 . 2009-11-29 23:40 8704 ----a-w- c:\windows\system32\hcrstco.dll
2009-11-29 23:40 . 2009-11-29 23:40 8704 ----a-w- c:\windows\system32\hccoin.dll
2009-11-29 23:40 . 2009-11-29 23:40 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2009-11-29 23:40 . 2009-11-29 23:40 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-11-29 23:40 . 2009-11-29 23:40 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-11-29 23:40 . 2009-11-29 23:40 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-11-29 23:40 . 2009-11-29 23:40 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-11-29 23:39 . 2009-11-29 23:39 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-11-29 23:32 . 2009-11-29 23:32 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-11-29 23:32 . 2009-11-29 23:32 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-11-29 23:32 . 2009-11-29 23:32 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-29 23:32 . 2009-11-29 23:32 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-11-29 23:32 . 2009-11-29 23:32 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-11-29 23:32 . 2009-11-29 23:32 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-11-29 23:32 . 2009-11-29 23:32 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-11-29 23:32 . 2009-11-29 23:32 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-11-29 23:32 . 2009-11-29 23:32 53248 ----a-w- c:\windows\system32\iasads.dll
2009-11-29 23:32 . 2009-11-29 23:32 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-11-29 23:32 . 2009-11-29 23:32 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-11-29 23:23 . 2009-11-29 23:23 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-11-29 23:23 . 2009-11-29 23:23 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-11-29 23:23 . 2009-11-29 23:23 2048 ----a-w- c:\windows\system32\asferror.dll
2009-11-29 23:21 . 2009-11-29 23:21 25600 ----a-w- c:\windows\system32\amxread.dll
2009-11-29 23:21 . 2009-11-29 23:21 14848 ----a-w- c:\windows\system32\apilogen.dll

see next post...

HiJack log to be analyzed...

Kweezinarts

Solid State Member

Osiris

Golden Master

Kweezinarts

Solid State Member

Kweezinarts

Solid State Member

Osiris

Golden Master

Kweezinarts

Solid State Member

Osiris

Golden Master

Kweezinarts

Solid State Member

Osiris

Golden Master

Kweezinarts

Solid State Member

Similar threads