 Unknown Virus/Malware/Trojan, Unable to use tools to scan/remove spyware. IE, FF, Chrome crash |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Dec 25 2008, 03:53 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 25-December 08 Member No.: 273,807  |
I've been hit with something and it's reeking havoc on my pc.
A few things i've notice in a the 24 hrs (since this all started). 1. I cannot run any browsers (IE,Firefox and Chrome all crash after about 15 seconds of loading) 2. Cannot run spybot search and destroy (both in normal and safe mode). When I double click on the icon, nothing happens. The process shows up in the running processes but no window is displayed. 3. Cannot run MalwareBytes antimalware (same as #2) 4. My hosts file was modified and had thousands of entries in there routing back to 127.0.0.1. I manually changed the file back to normal however it seems like those entries are persistant (noticed this while trying to install spybot, as it tries to update but was trying to reach 127.0.0.1 for an update). 5. hijackthis also crashes and complains about not being able to access the host file (no entries in the host file except 127.0.0.1 localhost) 6. MS Antispyware 2009 pop ups 7. SmitFraudFix will not run normal and safe mode 8. ComboFix will not run normal and safe mode =========== HIJACKTHIS LOG =========== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:01:38 AM, on 25/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svch?st.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\TEMP\winloggn.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ITE\Smart Guardian\ITESmart.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\MSTMON_Y.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Documents and Settings\Soprano\Application Data\gadcom\gadcom.exe C:\WINDOWS\system32\Updater.exe C:\Documents and Settings\Soprano\Application Data\SpeedRunner\SpeedRunner.exe C:\Documents and Settings\Soprano\Application Data\Microsoft\Windows\gvxyidy.exe C:\WINDOWS\TEMP\a.exe C:\DOCUME~1\Soprano\LOCALS~1\Temp\csrssc.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Soprano\LOCALS~1\Temp\~tmpc.exe C:\WINDOWS\TEMP\~tmpb.exe C:\Program Files\Launchy\Launchy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe J:\SpywareTools\HijackThis.exe C:\Program Files\Notepad++\notepad++.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [jsf8j34rgfght] C:\WINDOWS\TEMP\winloggn.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svch?st.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\system32\MSTMON_Y.EXE STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cc6916d8] rundll32.exe "C:\WINDOWS\system32\mqyqwuqg.dll",b O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Soprano\Application Data\gadcom\gadcom.exe" 61A847B5BBF728133A9D30466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [jsf8j34rgfght] C:\WINDOWS\TEMP\winloggn.exe O4 - HKCU\..\Run: [Windows Update] "C:\WINDOWS\system32\Updater.exe" O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Soprano\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Soprano\Application Data\Microsoft\Windows\gvxyidy.exe O4 - HKCU\..\Run: [MSFox] C:\WINDOWS\TEMP\a.exe O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Soprano\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soprano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cognac] C:\WINDOWS\TEMP\~tmpb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1215996760359 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215993198562 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 12336 bytes ====== DDS.TXT ====== DDS (Version 1.1.0) - NTFSx86 Run by Prince at 3:25:26.95 on 25/12/2008 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.879 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\TEMP\winloggn.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ITE\Smart Guardian\ITESmart.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\MSTMON_Y.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Documents and Settings\Soprano\Application Data\gadcom\gadcom.exe C:\WINDOWS\system32\Updater.exe C:\Documents and Settings\Soprano\Application Data\SpeedRunner\SpeedRunner.exe C:\Documents and Settings\Soprano\Application Data\Microsoft\Windows\gvxyidy.exe C:\WINDOWS\TEMP\a.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Soprano\LOCALS~1\Temp\~tmpc.exe C:\WINDOWS\TEMP\~tmpb.exe C:\Program Files\Launchy\Launchy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Notepad++\notepad++.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\VMware\VMware Workstation\vmware.exe C:\DOCUME~1\Soprano\LOCALS~1\Temp\csrssc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\VMware\VMware Workstation\bin\vmware-vmx.exe C:\Documents and Settings\Soprano\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: System=c:\windows\system32\svch?st.exe, BHO: {1c15a5dc-7bee-4377-a28c-dff7e52ff7a1} - c:\windows\system32\ddcDvSji.dll BHO: {3ccdf8ce-c339-4dd6-ad4f-ca7230c7e2f2} - c:\windows\system32\ssqpMgfE.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: {a335cdc1-3b07-db29-e964-7cbfb223144c}: {c441322b-fbc7-469e-92bd-70b31cdc533a} - c:\windows\system32\btccsn.dll BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll uRun: [gadcom] "c:\documents and settings\Soprano\application data\gadcom\gadcom.exe" 61A847B5BBF728133A9D30466188719AB689201522886B092CBD44BD8689220221DD3257 uRun: [jsf8j34rgfght] c:\windows\temp\winloggn.exe uRun: [Windows Update] "c:\windows\system32\Updater.exe" uRun: [SpeedRunner] c:\documents and settings\Soprano\application data\speedrunner\SpeedRunner.exe uRun: [SfKg6wIP] c:\documents and settings\Soprano\application data\microsoft\windows\gvxyidy.exe uRun: [MSFox] c:\windows\temp\a.exe uRun: [Jnskdfmf9eldfd] c:\docume~1\Soprano\locals~1\temp\csrssc.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [Google Update] "c:\documents and settings\Soprano\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Executor] "c:\program files\executor\executor.exe" -s uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Cognac] c:\windows\temp\~tmpb.exe mRun: [jsf8j34rgfght] c:\windows\temp\winloggn.exe mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe" mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [svchost.exe] c:\windows\system32\svch?st.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [SoundMan] SOUNDMAN.EXE mRun: [SmartGuardian] c:\program files\ite\smart guardian\ITESmart.exe mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [KONICA MINOLTA PagePro 1400W STD] c:\windows\system32\MSTMON_Y.EXE STARTUP mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [cc6916d8] rundll32.exe "c:\windows\system32\mqyqwuqg.dll",b mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{176130bc-99a1-41fe-a78b-56045e33ad70}\Icon3E5562ED7.ico uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-explorer: NoFolderOptions = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Notify: Antiwpa - antiwpa.dll Notify: LMIinit - LMIinit.dll Notify: ssqpMgfE - ssqpMgfE.dll AppInit_DLLs: btccsn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {3ccdf8ce-c339-4dd6-ad4f-ca7230c7e2f2} - c:\windows\system32\ssqpMgfE.dll LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\ddcDvSji ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\Soprano\applic~1\mozilla\firefox\profiles\t10bi7vf.default\ FF - component: c:\documents and settings\Soprano\application data\mozilla\firefox\profiles\t10bi7vf.default\extensions\jssh@extensions.mozilla.org\components\jssh.dll FF - component: c:\program files\mozilla firefox\components\iamfamous.dll FF - component: c:\program files\mozilla firefox\components\srff.dll FF - plugin: c:\documents and settings\Soprano\application data\mozilla\firefox\profiles\t10bi7vf.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll ============= SERVICES / DRIVERS =============== R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2008-2-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-14 47640] R3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys [2008-7-13 3680] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-2-28 12192] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2005-1-26 280344] S4 LMIRfsClientNP;LMIRfsClientNP; [] =============== Created Last 30 ================ 2008-12-25 02:21 103,424 a------- c:\windows\system32\mldqavxx.dll 2008-12-25 02:21 103,424 a------- c:\windows\system32\btccsn.dll 2008-12-24 23:45 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-12-24 23:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-24 23:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 23:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2008-12-24 20:02 <DIR> --d----- c:\windows\pss 2008-12-24 15:16 <DIR> --d----- c:\docume~1\Soprano\applic~1\SpeedRunner 2008-12-24 15:06 <DIR> --d----- c:\program files\Webtools 2008-12-24 15:01 <DIR> --d----- c:\program files\Mjcore 2008-12-24 15:01 1,668,120 ---sh--- c:\windows\system32\gquwqyqm.ini 2008-12-24 15:01 68,608 a------- c:\windows\system32\mqyqwuqg.dll 2008-12-24 02:21 103,424 a------- c:\windows\system32\iqfxuk.dll 2008-12-24 02:21 103,424 a------- c:\windows\system32\hhhyttap.dll 2008-12-24 02:20 610,059 a--sh--- c:\windows\system32\ijSvDcdd.ini2 2008-12-24 02:20 610,059 a--sh--- c:\windows\system32\ijSvDcdd.ini 2008-12-24 02:20 236,032 a------- c:\windows\system32\ddcDvSji.dll 2008-12-24 02:18 75,776 a------- c:\windows\system32\drivers\msqpdxserv.sys 2008-12-24 02:18 <DIR> --dshr-- C:\resycled 2008-12-24 02:18 255 ---shr-- C:\autorun.inf 2008-12-24 02:17 15,000 a------- c:\windows\system32\tyshb36rfjdf.dll 2008-12-24 02:17 138,244 a------- c:\windows\system32\msxml71.dll 2008-12-24 02:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd 2008-12-24 02:17 49,152 a------- c:\windows\system32\svch?st.exe 2008-12-24 02:16 <DIR> --d----- c:\docume~1\Soprano\applic~1\gadcom 2008-12-24 02:16 108,336 a------- c:\windows\system32\mswinsck.ocx 2008-12-24 02:16 <DIR> --d----- c:\windows\new 2008-12-24 02:15 35,328 a------- c:\windows\system32\ssqpMgfE.dll 2008-12-24 02:15 35,328 a------- c:\windows\system32\ddcYsSKd.dll 2008-12-24 01:52 3,144 ac------ c:\windows\system32\dllcache\srgb.icm 2008-12-24 01:48 <DIR> --d----- c:\program files\common files\Macrovision Shared 2008-12-24 01:01 <DIR> --d----- c:\program files\WinDirStat 2008-12-24 01:01 645,729 a------- c:\temp\windirstat1_1_2_setup.exe 2008-12-23 02:04 <DIR> --d----- c:\temp\quickpwn 2008-12-23 01:53 <DIR> --d----- c:\program files\iPod 2008-12-23 01:53 <DIR> --d----- c:\program files\iTunes 2008-12-23 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-23 00:47 <DIR> --d----- c:\temp\Tomato 2008-12-21 18:29 <DIR> --d----- c:\docume~1\Soprano\applic~1\Songbird2 2008-12-21 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC 2008-12-21 18:28 <DIR> --d----- c:\program files\Songbird 2008-12-13 17:26 8 a------- c:\windows\system32\nvModes.dat 2008-12-13 17:21 201,157 a------- c:\windows\system32\nvapps.nvb 2008-12-13 17:21 453,152 a------- c:\windows\system32\nvudisp.exe 2008-12-13 17:21 195,368 a------- c:\windows\system32\nvapps.xml 2008-12-13 17:21 18,477 a------- c:\windows\system32\nvdisp.nvu 2008-12-13 17:21 <DIR> --d----- c:\windows\nview 2008-12-13 17:21 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-12-11 14:56 <DIR> --d-h--- c:\windows\system32\GroupPolicy 2008-12-10 23:37 <DIR> --d----- c:\program files\RivaTuner v2.20 2008-12-07 21:10 <DIR> --d----- c:\docume~1\Soprano\applic~1\Sibelius Software 2008-12-07 21:09 <DIR> --d----- c:\program files\Sibelius Software 2008-12-06 16:25 12 a------- c:\windows\bthservsdp.dat 2008-12-06 15:11 374,576 a------- c:\temp\GPU-Z.0.3.0.exe 2008-12-06 14:53 72,308,256 a------- c:\temp\180.84_geforce_winxp_32bit_english_beta.exe 2008-12-04 22:59 <DIR> --d----- c:\program files\Microsoft 2008-12-03 16:56 507,400 a------- c:\windows\system32\XAudio2_1.dll 2008-12-03 16:56 65,032 a------- c:\windows\system32\XAPOFX1_0.dll 2008-12-03 16:56 3,850,760 a------- c:\windows\system32\D3DX9_38.dll 2008-12-03 16:56 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll 2008-12-03 16:56 467,984 a------- c:\windows\system32\d3dx10_38.dll 2008-12-03 16:56 238,088 a------- c:\windows\system32\xactengine3_1.dll 2008-12-03 16:56 25,608 a------- c:\windows\system32\X3DAudio1_4.dll 2008-12-03 16:56 <DIR> --d----- c:\windows\Logs 2008-12-03 16:54 <DIR> --d----- c:\windows\system32\xlive 2008-12-03 16:54 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE 2008-12-03 16:02 <DIR> --d----- c:\windows\system32\XPSViewer 2008-12-03 16:02 14,048 a------- c:\windows\system32\spmsg2.dll 2008-12-02 23:11 1,253,376 a------- c:\windows\system32\NvPVEnc.ax 2008-11-30 08:14 376 a------- c:\windows\ODBC.INI 2008-11-30 08:14 17,920 a------- c:\windows\system32\mdimon.dll 2008-11-30 08:13 <DIR> --d----- c:\program files\common files\L&H 2008-11-30 08:13 <DIR> --d----- c:\program files\Microsoft ActiveSync 2008-11-30 08:12 <DIR> --d----- c:\windows\SHELLNEW 2008-11-28 20:02 <DIR> --d----- c:\documents and settings\Soprano\.gem 2008-11-28 19:58 <DIR> --d----- C:\ruby 2008-11-27 00:30 <DIR> --d----- c:\program files\Fraps ==================== Find3M ==================== 2008-12-11 00:02 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys 2008-12-11 00:02 183,112 a------- c:\windows\system32\PnkBstrB.exe 2008-12-03 22:00 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-11-29 01:16 66,872 a------- c:\windows\system32\PnkBstrA.exe 2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr 2008-10-30 09:30 75,788 a------- c:\windows\luxe.exe 2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll 2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll 2008-10-25 11:51 167,936 a------- c:\windows\system32\Updater.exe 2008-10-25 11:26 63,504 a------- c:\windows\system32\win.exe 2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-19 09:16 22,328 a------- c:\docume~1\Soprano\applic~1\PnkBstrK.sys 2008-10-19 09:16 669,184 a------- c:\windows\system32\pbsvc.exe 2008-10-17 17:42 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll 2008-10-17 17:42 87,352 a------- c:\windows\system32\LMIinit.dll 2008-10-17 17:42 28,984 a------- c:\windows\system32\LMIport.dll 2008-10-17 17:42 23,736 a------- c:\windows\system32\lmimirr.dll 2008-10-17 17:42 10,040 a------- c:\windows\system32\lmimirr2.dll 2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll 2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll ============= FINISH: 3:26:36.34 =============== Any help that can be provided would greatly be appreciated. Thanks!
Attached File(s)
|
 |
 
|
Posts in this topic
XLbuster Unknown Virus/Malware/Trojan Dec 25 2008, 03:53 AM
XLbuster I also ran the RootKitRevealer by sysinternals. Th... Dec 25 2008, 01:04 PM XLbuster Quick update.. I was able to get AVG running on my... Dec 26 2008, 10:24 PM fenzodahl512 Please download Malwarebytes' Anti-Malware fro... Jan 5 2009, 09:26 AM
fenzodahl512 Due to the lack of feedback this Topic is closed.
... Jan 12 2009, 03:05 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 11:02 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.