Karl`s PC Help Forums

Hijack This Logfile
abbs2002 - 17-11-2008 at 21:47

Hi

Please check this Logfile for Viruses, My PC keeps Rebooting it self.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:47, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgam.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSVM_STI.EXE
C:WINDOWSDit.exe
C:WINDOWSDitExp.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesLexmark 3400 Seriesezprint.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesMacrogamingSweetIMSweetIM.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:WINDOWSsystem32lxcycoms.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,First Home Page = C:Program FilesAOL Toolbarwelcome.html
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.java.com/getjava
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM..Run: [Dit] Dit.exe
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [msdll] C:WINDOWSsystem32mnumrusysnetddmss.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [lxcymon.exe] "C:Program FilesLexmark 3400 Serieslxcymon.exe"
O4 - HKLM..Run: [EzPrint] "C:Program FilesLexmark 3400 Seriesezprint.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesLexmark Fax Solutionsfm3032.exe" /s
O4 - HKLM..Run: [My Web Search Bar Search Scope Monitor] "C:PROGRA~1MYWEBS~1bar1.binm3SrchMn.exe" /m=0
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [LXCYCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncWcescomm.exe"
O4 - HKCU..Run: [SweetIM] C:Program FilesMacrogamingSweetIMSweetIM.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Messenger (Yahoo!)] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZNxmk696LDGB
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169883102515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182443360703
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL,avgrsstx.dll
O23 - Service: McAfee Application Installer Cleanup (0285811216845566) (0285811216845566mcinstcleanup) - Unknown owner - C:WINDOWSTEMP28581~1.EXE (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: lxcy_device - - C:WINDOWSsystem32lxcycoms.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

--
End of file - 11872 bytes

Thank you...:D


Pancake - 18-11-2008 at 05:24

Let see what we can find.

Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

[bad img]http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif[/bad img]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[bad img]http://i254.photobucket.com/albums/hh103/velta911/whatnext.png[/bad img]


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


abbs2002 - 19-11-2008 at 01:07

Hi there

Thank you for your help, after running Spybot and deleted the viruses the PC seems to run as normal with out rebooting it self.
I have downloaded the software you’ve recommended and I’m running it now I will post I will post the log when finished, I have scanned the registry and it seems to have a lot of problems.

Thank you.


abbs2002 - 19-11-2008 at 02:59

Hi

This is the log that was created;

ComboFix 08-11-18.03 - A EZZENAGUI 2008-11-19 2:22:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.342 [GMT 0:00]
Running from: c:documents and settingsA EZZENAGUIMy DocumentsVirus cleaning programesCombofix SoftwareComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsA EZZENAGUILocal SettingsTemporary Internet Filess65v213_w2kxp.zip

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 02:22 . 2008-11-19 02:22 <DIR> d--hs---- c:documents and settingsA EZZENAGUIPrivacIE
2008-11-19 01:26 . 2008-11-19 01:29 <DIR> d--h-c--- c:windowsie8
2008-11-19 00:41 . 2008-11-19 00:41 <DIR> d-------- c:documents and settingsA EZZENAGUIApplication DataMalwarebytes
2008-11-19 00:41 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys
2008-11-19 00:41 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys
2008-11-19 00:40 . 2008-11-19 00:41 <DIR> d-------- c:program filesMalwarebytes' Anti-Malware
2008-11-19 00:40 . 2008-11-19 00:40 <DIR> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-19 00:38 . 2008-11-19 01:57 <DIR> d-a------ c:documents and settingsAll UsersApplication DataTEMP
2008-11-12 20:42 . 2008-11-12 20:43 <DIR> d-------- C:1e472956ed2cf85675f706a5727eac
2008-11-12 20:37 . 2008-11-12 20:37 <DIR> d-------- c:program filesMSXML 4.0
2008-11-12 19:37 . 2008-10-24 11:21 455,296 -----c--- c:windowssystem32dllcachemrxsmb.sys
2008-11-12 19:36 . 2008-09-04 17:15 1,106,944 -----c--- c:windowssystem32dllcachemsxml3.dll
2008-11-05 12:18 . 2008-11-05 12:18 <DIR> d-------- c:documents and settingsLocalServiceApplication DataAVGTOOLBAR
2008-11-04 02:39 . 2008-11-04 02:39 <DIR> d-------- c:program filesCommon Filesxing shared
2008-11-03 21:02 . 2008-10-15 16:34 337,408 -----c--- c:windowssystem32dllcachenetapi32.dll
2008-10-28 20:21 . 2008-11-03 22:12 <DIR> d-------- c:documents and settingsAll UsersApplication DataYahoo! Companion
2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:documents and settingsAll UsersApplication DataTVU Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 01:34 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2008-11-19 01:26 --------- d-----w c:program filesSpybot - Search & Destroy
2008-11-18 23:21 --------- d-----w c:documents and settingsAll UsersApplication DataGoogle Updater
2008-11-18 01:29 33,876 ----a-w c:documents and settingsA EZZENAGUIApplication Datawklnhst.dat
2008-11-17 22:49 --------- d-----w c:documents and settingsA EZZENAGUIApplication DataRegClean
2008-11-11 00:48 --------- d-----w c:program fileslx_cats
2008-11-05 23:07 90,632 ----a-w c:windowssystem32driversavgtdix.sys
2008-11-05 12:16 --------- d-----w c:program filesmicrosoft money 2005
2008-11-04 02:38 --------- d-----w c:program filesCommon FilesReal
2008-11-03 21:28 --------- d-----w c:documents and settingsAll UsersApplication Datayahoo!
2008-11-03 20:51 98,440 ----a-w c:windowssystem32driversavgldx86.sys
2008-10-31 01:30 --------- d--h--w c:program filesInstallShield Installation Information
2008-10-31 01:30 --------- d-----w c:program filesVimicro
2008-10-24 11:21 455,296 ----a-w c:windowssystem32driversmrxsmb.sys
2008-10-20 19:39 --------- d-----w c:program filesTVUPlayer
2008-10-10 21:03 --------- d-----w c:program filesGoogle
2008-10-10 20:56 --------- d-----w c:documents and settingsAll UsersApplication DataLavasoft
2008-10-10 02:51 --------- d-----w c:program filesAres
2008-10-08 22:57 --------- d-----w c:program filesPicasa2
2008-10-08 17:14 --------- d-----w c:documents and settingsA EZZENAGUIApplication DataAVGTOOLBAR
2008-10-08 15:45 --------- d-----w c:program filesApple Software Update
2008-10-08 14:28 --------- d-----w c:documents and settingsA EZZENAGUIApplication DataTVU Networks
2008-10-05 01:10 --------- d-----w c:program filesSony Ericsson
2008-10-01 22:58 --------- d-----w c:documents and settingsA EZZENAGUIApplication DataFaxCtr
2008-09-28 20:40 --------- d-----w c:program filesLexmark Toolbar
2008-09-28 20:35 --------- d-----w c:program filesLexmark Fax Solutions
2008-09-28 20:35 --------- d-----w c:program filesLexmark 3400 Series
2008-09-28 20:33 --------- d-----w c:documents and settingsAll UsersApplication DataFaxCtr
2008-09-28 20:31 --------- d-----w c:program filesAbbyy FineReader 6.0 Sprint
2008-09-28 20:15 --------- d-----w c:program filesiPod
2007-05-11 16:31 58,272 ----a-w c:documents and settingsA EZZENAGUIApplication DataGDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:program filesAheadNero BackItUpNBJ.exe" [2005-09-16 1961984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesAheadLibNMBgMonitor.exe" [2007-01-15 147456]
"H/PC Connection Agent"="c:program filesMicrosoft ActiveSyncWcescomm.exe" [2006-11-13 1289000]
"SweetIM"="c:program filesMacrogamingSweetIMSweetIM.exe" [2007-07-25 102512]
"msnmsgr"="c:program filesWindows LiveMessengerMsnMsgr.Exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="c:program filesYahoo!MessengerYahooMessenger.exe" [2008-10-16 4347120]
"RegistryMechanic"="c:program filesRegistry MechanicRegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"BigDogPath"="c:windowsVM_STI.EXE" [2003-01-21 40960]
"NeroFilterCheck"="c:program filesCommon FilesAheadLibNeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe" [2008-01-17 29744]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2006-10-31 7634944]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2006-10-31 86016]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2008-11-03 1235736]
"lxcymon.exe"="c:program filesLexmark 3400 Serieslxcymon.exe" [2006-01-25 286720]
"EzPrint"="c:program filesLexmark 3400 Seriesezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:program filesLexmark Fax Solutionsfm3032.exe" [2006-02-02 290816]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2008-11-04 185872]
"LXCYCATS"="c:windowsSystem32spoolDRIVERSW32X863LXCYtime.dll" [2005-12-01 65536]
"Dit"="Dit.exe" [2002-08-28 c:windowsDit.exe]
"nwiz"="nwiz.exe" [2006-10-31 c:windowssystem32nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:windowssoundman.exe]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2008-07-25 113664]
Microsoft Office.lnk - c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:program filesWinZipWZQKPICK.EXE [2008-09-11 118784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Ares\Ares.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:program filesMicrosoft ActiveSyncrapimgr.exe"= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:program filesMicrosoft ActiveSyncwcescomm.exe"= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:program filesMicrosoft ActiveSyncWCESMgr.exe"= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\WINDOWS\system32\rtcshare.exe"=
"c:\Program Files\NetMeeting\conf.exe"=
"c:\Program Files\AVG\AVG8\avgemc.exe"=
"c:\Program Files\AVG\AVG8\avgupd.exe"=
"c:\Program Files\AVG\AVG8\avgnsx.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"c:\Program Files\TVUPlayer\TVUPlayer.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:windowssystem32Driversavgrkx86.sys [2008-09-02 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32Driversavgldx86.sys [2008-09-02 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:windowssystem32Driversavgtdix.sys [2008-09-02 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:progra~1AVGAVG8avgemc.exe [2008-09-02 874776]
R2 avg8wd;AVG8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [2008-09-02 231704]
R3 lxcy_device;lxcy_device;c:windowssystem32


Pancake - 19-11-2008 at 07:30

You have your BBCode on but all looks fine.You should be fine now.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.



ComboFix /u

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


abbs2002 - 19-11-2008 at 12:06

Hi there

Thank you for your help, you are right everything is running smoothly now.

Many thanks…waveysmiley


Dreamweaver - 19-11-2008 at 12:11

Now this is sorted Abbs I will remove that scrolling text from your post :)


abbs2002 - 19-11-2008 at 12:14

Yes no problem mate, go ahead.