| Hello Touch,
I followed your "before posting" instructions--thank you for your help. I think it's almost gone. Im getting the following message upon rebooting. "Retrieval "THotkey" failed. Error code - 0X00031402, 0X000000002". Can you please check my logs?
********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
Fri 06/15/2007 21:23:25.87
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-06-15 21:23:27 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
Logfile of HijackThis v1.99.1
Scan saved at 11:29:06 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
E:\installers\drweb-cureit.exe
C:\DOCUME~1\mc\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\mc\LOCALS~1\Temp\RarSFX0\cureit.exe
E:\installers\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutjazz.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20 O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .rip: C:\Program Files\Internet Explorer\PLUGINS\nptmpt32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172149841482O17 - HKLM\System\CCS\Services\Tcpip\..\{DBF0B329-1700-4827-BC1A-BA2FC3A19950}: NameServer = 80.58.61.250,80.58.61.254 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ComboFix 07-06-13.3 - C:\Documents and Settings\mc\My Documents\Installers\ComboFix.exe
"mc" - 2007-06-15 22:44:40 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\rqono.dll
C:\WINDOWS\system32\fccbcbc.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\installer\5e2ca.msi
((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))
2007-06-15 22:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 22:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-15 16:59 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-15 16:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb
2007-06-15 16:25 258,159 --a------ C:\WINDOWS\system32\urspm.dll
2007-06-15 10:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-14 17:58 261,063 --a------ C:\WINDOWS\system32\khhfd.dll
2007-06-14 16:27 <DIR> d-------- C:\Program Files\CCleaner
2007-06-14 15:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-06-14 13:28 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-14 13:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-14 13:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-14 13:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
2007-06-14 13:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Drag'n Drop CD
2007-06-14 11:25 247,995 --a------ C:\WINDOWS\system32\ljhec.dll
2007-06-14 11:23 261,063 --a------ C:\WINDOWS\system32\xxwuu.dll
2007-06-14 10:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-06-14 09:48 <DIR> d-------- C:\Program Files\vso
2007-06-14 09:33 87,608 --a------ C:\DOCUME~1\mc\APPLIC~1\inst.exe
2007-06-14 09:33 47,360 --a------ C:\DOCUME~1\mc\APPLIC~1\pcouffin.sys
2007-06-13 23:44 <DIR> d-------- C:\DOCUME~1\mc\APPLIC~1\Vso
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-15 18:41:58 -------- d-----w C:\Program Files\Symantec_Client_Security
2007-06-15 17:01:48 -------- d-----w C:\Program Files\Symantec
2007-06-15 16:59:27 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-14 06:57:32 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-11 19:57:56 -------- d-----w C:\DOCUME~1\mc\APPLIC~1\EndNote
2007-06-07 07:18:00 -------- d-----w C:\Program Files\eMule
2007-05-21 08:34:00 -------- d-----w C:\DOCUME~1\mc\APPLIC~1\Skype
2007-05-20 13:35:37 -------- d-----w C:\DOCUME~1\mc\APPLIC~1\SopCast
2007-05-14 21:39:11 -------- d-----w C:\Program Files\Ahead
2007-05-14 21:38:46 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-25 19:12:54 -------- d-----w C:\Program Files\SopCast
2007-04-24 23:08:41 -------- d-----w C:\Program Files\Viewpoint
2007-04-24 22:47:04 -------- d-----w C:\Program Files\QuickTime
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-02-24 21:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [2002-04-05 23:44]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 05:38 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-07-31 20:41]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28]
"TFNF5"="TFNF5.exe" [2001-08-04 02:08 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 17:27]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2001-11-14 11:37]
"nwiz"="nwiz.exe" [2002-04-19 23:13 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-16 09:41]
"000StTHK"="000StTHK.exe" [2001-06-24 05:28 C:\WINDOWS\system32\000StTHK.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
Contents of the 'Scheduled Tasks' folder
2007-04-21 17:29:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2003-04-23 19:57:07 C:\WINDOWS\tasks\Symantec NetDetect.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-06-15 23:02:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-15 23:07:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-15 23:07
--- E O F ---
Thanks in advance,
red daisy | 
|