| Hi, I am having problems with what I think is a spyware problem. i have followed all the links and instruction as posted in "before you post" and have hopefully included the correct files in this report. I a bit about pc but not a lot. On a normal day I use a NTL package but have tried lots to remove this annoying programe.
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:59:25 02/12/2007
+ Scan result:
Nothing found.
::Report end
********************************* ROOTCHK-(25-11-07)-LOG, by ejvindh
02/12/2007 18:48:38.32
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-02 18:48:39 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
ComboFix 07-12-02.5 - Turner 2007-12-02 18:58:39.1 - NTFSx86
Running from: C:\Documents and Settings\Turner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\avifil3.dll
C:\WINDOWS\system32\drivers\arptexoa.dat
C:\WINDOWS\system32\drivers\yhyhlnue.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_XKIFZFGG
-------\xkifzfgg
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-02 13:35 . 2007-12-02 13:35 <DIR> d-------- C:\Documents and Settings\Turner\Application Data\Grisoft
2007-12-02 13:34 . 2007-12-02 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-02 13:34 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 13:12 . 2007-12-02 13:12 <DIR> d-------- C:\Program Files\CCleaner
2007-12-02 13:01 . 2004-06-18 08:52 233,557 -ra------ C:\WINDOWS\system32\VM31bPrp.Ax
2007-12-02 13:01 . 2002-08-22 08:34 147,456 -ra------ C:\WINDOWS\VMCap.exe
2007-12-02 13:01 . 2004-08-17 03:44 91,263 -ra------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-12-02 13:01 . 2003-05-15 09:17 61,440 -ra------ C:\WINDOWS\system32\VM31bSTI.dll
2007-12-02 13:01 . 2002-10-16 01:29 49,152 -ra------ C:\WINDOWS\amcap.exe
2007-12-02 13:01 . 2004-06-09 07:37 40,960 -ra------ C:\WINDOWS\VM_STI.EXE
2007-12-02 12:58 . 2007-12-02 12:58 <DIR> d-------- C:\Documents and Settings\Turner\Application Data\ErrorSmart
2007-12-02 12:57 . 2007-12-02 13:11 <DIR> d-------- C:\Program Files\ErrorSmart
2007-11-25 21:01 . 2007-11-25 21:01 <DIR> d-------- C:\WINDOWS\Sun
2007-11-18 21:44 . 2007-11-30 07:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 16:34 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-12 21:17 . 2007-11-13 07:30 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-11-12 20:26 . 2007-11-12 20:27 <DIR> d-------- C:\Program Files\Add Remove Pro
2007-11-09 07:49 . 2007-11-09 07:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-09 07:42 . 2004-08-03 22:56 93,696 --a------ C:\WINDOWS\system32\avifil3.1
2007-11-06 21:17 . 2007-12-02 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 20:28 . 2007-11-06 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-06 20:23 . 2007-11-06 20:35 <DIR> d-------- C:\Temp
2007-11-03 18:29 . 2007-11-03 18:29 <DIR> d-------- C:\Softpaq
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 18:49 --------- d-----w C:\Documents and Settings\Turner\Application Data\Skype
2007-12-01 09:25 --------- d-----w C:\Program Files\Common Files\Command Software
2007-11-30 07:55 --------- d-----w C:\Program Files\Google
2007-11-26 18:19 --------- d-----w C:\Program Files\Common Files\PestPatrol
2007-11-18 11:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 19:29 --------- d-----w C:\Program Files\LimeWire
2007-11-04 16:04 --------- d-----w C:\Documents and Settings\Turner\Application Data\LimeWire
2007-11-03 11:13 --------- d-----w C:\Program Files\DivX
2007-11-03 08:14 --------- d-----w C:\Program Files\Java
2007-11-01 20:12 --------- d-----w C:\Program Files\Picasa2
2007-11-01 12:28 --------- d-----w C:\Program Files\QuickTime
2007-11-01 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-01 12:15 --------- d-----w C:\Program Files\Apple Software Update
2007-11-01 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-31 14:46 --------- d-----w C:\Program Files\SmartDVDCreator
2007-10-31 09:27 --------- d-----w C:\Program Files\Common Files\Java
2001-11-19 12:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 14:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 17:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-11 12:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2002-04-16 07:12]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 07:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\Rps.exe" [2005-07-05 14:31]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 StkAMini;Syntek STK1150;C:\WINDOWS\system32\Drivers\StkAMini.sys
S3 StkScan;Syntek STK1150 Filter Driver;C:\WINDOWS\system32\Drivers\StkScan.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 20:41:00 C:\WINDOWS\Tasks\[u]0[/u]1-04-2007.job"
- C:\WINDOWS\system32\ntbackup.exe?backup
"2007-11-30 18:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-02 12:58:44 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Turner+Runs ErrorSmart to optimize your registry.
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-02 19:08:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-02 19:12:35 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:31, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ntl\ntl Netguard\Rps.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Turner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ntl Netguard] C:\Program Files\ntl\ntl Netguard\Rps.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148590225625O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) --
End of file - 6472 bytes
| 
|