Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

Important Announcement: We have a terrific contest still running on the site that I wanted all our members and guests to know about.

The chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here.

I suggest everyone submit an entry for them.

- BleepingComputer Management

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> Lots Of Tracking Cookies, Worms, Trojans Etc, Please help!
hookedforever
post Jul 4 2008, 04:19 AM
Post #1


Member
**

Group: Members
Posts: 36
Joined: 2-July 08
From: philippines
Member No.: 219,978



Hi!

I hope someone could help me with my computer problem. Everytime I open Mozilla an AVG

Resident Shield Alert pops up (Warning! Found Tracking Cookie...Detected on open.) When

I scan my system using AVG, a lot of tracking cookies, Win32/Heur, Worm/Generic.HMD etc

are found. The tracking cookies are considered as Threat so they couldn't be healed.

I read the rules before posting and it says that I should install the new Java Version

(Im actually using a very,very outdated Java) but I opted not to because I'm afraid

that my desktop would show BSOD again like what happened on my laptop

(http://www.bleepingcomputer.com/forums/topic155463.html).

Attached here is the DSS.
Hope someone could help.
Thanks in advance!



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-04 16:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-07-04 08:47:58 UTC - RP78 - Deckard's System Scanner Restore Point
18: 2008-07-04 01:02:04 UTC - RP77 - Avg8 Update
17: 2008-07-02 10:44:04 UTC - RP76 - Removed USB2.0 Capture Device
16: 2008-06-30 01:48:26 UTC - RP75 - Removed USB2.0 Capture Device
15: 2008-06-24 12:16:50 UTC - RP74 - System Checkpoint


-- First Restore Point --
1: 2008-05-24 02:15:40 UTC - RP60 - Installed YouTUBE ™ movie downloader


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:42 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhpf.co.uk/mypage.asp?OrgID=125218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8171 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - cmdfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - inffile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - inifile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.reg - regfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - VBSFile - shell\edit\command - C:\WINDOWS\system32\Notepad2.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
S3 StkAMini (Syntek STK1160) - c:\windows\system32\drivers\stkamini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver>
S3 StkScan (Syntek STK1160 Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 StkASSrv (Syntek STK1160 Service) - c:\windows\system32\stkasv2k.exe <Not Verified; Syntek America Inc.; Syntek Hardware Snapshot Launch Application Services>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 16:47:09 0 d-------- C:\Program Files\Trend Micro
2008-07-04 09:05:33 0 d--hs---- C:\Documents and Settings\Administrator\Recent
2008-06-12 15:12:12 66940 --a------ C:\WINDOWS\Sysvxd.exe
2008-06-10 14:57:58 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-10 14:57:04 0 d-------- C:\Program Files\Ant War
2008-06-09 22:55:32 39936 --a------ C:\WINDOWS\system32\drivers\svchost.exe
2008-06-09 12:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Super-Cow
2008-06-09 12:05:50 0 d-------- C:\Program Files\Kea
2008-06-08 01:45:56 0 d-------- C:\Program Files\Axialis
2008-06-06 17:44:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2008-07-04 16:37:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar
2008-07-02 18:54:10 0 d-------- C:\Program Files\Diner Dash
2008-07-02 01:01:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-01 14:58:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 10:03:54 0 d-------- C:\Program Files\Yahoo!
2008-06-15 18:51:44 0 d-------- C:\Program Files\DigiEffects AgedFilm Demo
2008-06-15 15:53:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2008-06-09 11:37:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-09 11:27:48 5455 --a------ C:\WINDOWS\mozver.dat
2008-06-05 11:29:46 0 d-------- C:\Program Files\NCBuy
2008-06-05 11:07:07 0 d-------- C:\Program Files\SkyPaint
2008-06-05 10:45:48 0 d-------- C:\Program Files\Sallys Salon
2008-06-04 13:16:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2008-06-03 15:32:40 0 d-------- C:\Program Files\Xvid
2008-06-02 20:50:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-06-02 20:49:25 0 d-------- C:\Program Files\Doggie Dash
2008-06-01 20:38:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-01 20:30:51 0 d-------- C:\Program Files\QuickFix
2008-05-30 15:39:58 0 d-------- C:\Program Files\ZakFromAnotherPlanet
2008-05-29 15:40:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-29 15:34:53 0 d-------- C:\Program Files\Common Files
2008-05-28 23:46:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:04:28 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-27 19:30:32 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 19:29:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2008-05-27 19:26:42 0 d-------- C:\Program Files\GameHouse
2008-05-24 17:41:13 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-05-24 13:58:20 0 d-------- C:\Program Files\uTorrent
2008-05-19 19:41:57 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-12 03:05:57 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-12 02:53:34 0 d-------- C:\Program Files\PopCap Games
2008-05-11 04:36:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\A2Soft Shared
2008-04-27 10:35:28 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 11:34:14 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-09 21:28:42 36 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/04/2008 09:00 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/04/2008 09:00 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [11/17/2002 10:36 AM]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" []
"Cmaudio"="cmicnfg.cpl" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/17/2007 10:25 PM]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [07/09/2001 06:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 09:00 AM]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [10/03/2005 11:23 AM]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [11/04/2005 03:05 PM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/05/2005 03:55 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" []
"SVCHOST.EXE"="C:\WINDOWS\system32\drivers\svchost.exe" [06/09/2008 10:55 PM]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [06/15/2008 02:37 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 1:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/16/2007 7:28:00 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f0e1c0-e80c-11dc-a692-000ae6f03ef5}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fa4f31-ae36-11dc-a5b5-101111111111}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91960270-abc8-11dc-a5ad-000ae6f03ef5}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2b4e71-e1c0-11dc-a676-000ae6f03ef5}]
Auto\command- F:\RECYCLER.exe
AutoRun\command- F:\RECYCLER.exe
explore\Command- vuts0e.cmd
open\Command- vuts0e.cmd




-- End of Deckard's System Scanner: finished at 2008-07-04 16:53:48 ------------

Attached File  extra.txt ( 14.97k ) Number of downloads: 6





Go to the top of the page
 
+Quote Post
Buckeye_Sam
post Jul 4 2008, 10:07 AM
Post #2


Malware Expert
******

Group: HJT Team
Posts: 10,687
Joined: 23-December 04
From: Pickerington, Ohio
Member No.: 7,762



Hi again hookedforever! smile.gif

I see a few issues more troubling than just cookies. But let's see if we can get them all at once.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Also post a new log from DSS.


--------------------
If I have helped you in any way, please consider a donation to help me continue the fight against malware.
[ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ]
[ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]
Go to the top of the page
 
+Quote Post
hookedforever
post Jul 4 2008, 11:27 PM
Post #3


Member
**

Group: Members
Posts: 36
Joined: 2-July 08
From: philippines
Member No.: 219,978



Hello there Sam! I'm glad it's you again. smile.gif

Here is the SUPERAntiSpyware Scan Log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2008 at 11:50 AM

Application Version : 4.15.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 01:27:29

Memory items scanned : 337
Memory threats detected : 1
Registry items scanned : 4979
Registry threats detected : 20
File items scanned : 10917
File threats detected : 42

Trojan.Dropper/SVCHost-Fake
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
[SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-0EB47E31.pf

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
C:\PROGRA~1\DAP\SBSEARCH.DLL
HKU\S-1-5-21-746137067-1060284298-854245398-500\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\SearchHook.SrchHook.1
HKCR\SearchHook.SrchHook.1\CLSID
HKCR\SearchHook.SrchHook
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@www.123finder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@i.screensavers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.glispa[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rm.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@camtocamsex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.screensavers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072645447[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@youporn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultadworld[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1068202713[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1059866580[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@try.starware[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1055368616[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071917968[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.bestsexdatingsite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@h.starware[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.pornandsexvideo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@screensavers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adreactor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@livecams.youporn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaservices.myspace[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1055664782[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shareporno[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.chikka[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads-dev.youporn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad2.doublepimp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pool2.stolenpornpasswords[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vod.shareporno[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@123finder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1060917073[1].txt

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE





Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-05 12:03:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:38 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhpf.co.uk/mypage.asp?OrgID=125218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8135 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 10:13:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 10:13:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 10:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-05 10:12:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 21:35:26 0 d--hs---- C:\Documents and Settings\Administrator\Recent
2008-07-04 16:47:09 0 d-------- C:\Program Files\Trend Micro
2008-06-12 15:12:12 0 --a------ C:\WINDOWS\Sysvxd.exe
2008-06-10 14:57:58 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-10 14:57:04 0 d-------- C:\Program Files\Ant War
2008-06-09 12:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Super-Cow
2008-06-09 12:05:50 0 d-------- C:\Program Files\Kea
2008-06-08 01:45:56 0 d-------- C:\Program Files\Axialis
2008-06-06 17:44:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2008-07-05 12:01:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar
2008-07-05 10:12:15 0 d-------- C:\Program Files\Common Files
2008-07-02 18:54:10 0 d-------- C:\Program Files\Diner Dash
2008-07-02 01:01:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-01 14:58:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 10:03:54 0 d-------- C:\Program Files\Yahoo!
2008-06-15 18:51:44 0 d-------- C:\Program Files\DigiEffects AgedFilm Demo
2008-06-15 15:53:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2008-06-09 11:37:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-09 11:27:48 5455 --a------ C:\WINDOWS\mozver.dat
2008-06-05 11:29:46 0 d-------- C:\Program Files\NCBuy
2008-06-05 11:07:07 0 d-------- C:\Program Files\SkyPaint
2008-06-05 10:45:48 0 d-------- C:\Program Files\Sallys Salon
2008-06-04 13:16:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2008-06-03 15:32:40 0 d-------- C:\Program Files\Xvid
2008-06-02 20:50:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-06-02 20:49:25 0 d-------- C:\Program Files\Doggie Dash
2008-06-01 20:38:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-01 20:30:51 0 d-------- C:\Program Files\QuickFix
2008-05-30 15:39:58 0 d-------- C:\Program Files\ZakFromAnotherPlanet
2008-05-29 15:40:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 23:46:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 11:04:28 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-27 19:30:32 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 19:29:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2008-05-27 19:26:42 0 d-------- C:\Program Files\GameHouse
2008-05-24 17:41:13 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-05-24 13:58:20 0 d-------- C:\Program Files\uTorrent
2008-05-19 19:41:57 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-12 03:05:57 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-12 02:53:34 0 d-------- C:\Program Files\PopCap Games
2008-05-11 04:36:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\A2Soft Shared
2008-04-27 10:35:28 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 11:34:14 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-09 21:28:42 36 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/04/2008 09:00 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/04/2008 09:00 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [11/17/2002 10:36 AM]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" []
"Cmaudio"="cmicnfg.cpl" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/17/2007 10:25 PM]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [07/09/2001 06:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 09:00 AM]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [10/03/2005 11:23 AM]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [11/04/2005 03:05 PM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/05/2005 03:55 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" []
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [06/15/2008 02:37 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 1:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/16/2007 7:28:00 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f0e1c0-e80c-11dc-a692-000ae6f03ef5}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fa4f31-ae36-11dc-a5b5-101111111111}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91960270-abc8-11dc-a5ad-000ae6f03ef5}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2b4e71-e1c0-11dc-a676-000ae6f03ef5}]
Auto\command- F:\RECYCLER.exe
AutoRun\command- F:\RECYCLER.exe
explore\Command- vuts0e.cmd
open\Command- vuts0e.cmd




-- End of Deckard's System Scanner: finished at 2008-07-05 12:04:21 ------------

This post has been edited by hookedforever: Jul 5 2008, 04:09 AM
Go to the top of the page
 
+Quote Post
Buckeye_Sam
post Jul 5 2008, 07:58 AM
Post #4


Malware Expert
******

Group: HJT Team
Posts: 10,687
Joined: 23-December 04
From: Pickerington, Ohio
Member No.: 7,762



Let's clean up your log a bit and then we need to check on a few suspicious files.

Fix these lines with Hijackthis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZKfox000



Please visit the online Jotti Virus Scanner
  • Click on button.
  • Copy and paste the following filepath in the box:


    C:\WINDOWS\Sysvxd.exe


  • Click on the button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.


If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html


Also submit this file.

C:\Windows\System32\syssetub.dll


--------------------
If I have helped you in any way, please consider a donation to help me continue the fight against malware.
[ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ]
[ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]
Go to the top of the page
 
+Quote Post
hookedforever
post Jul 5 2008, 11:54 AM
Post #5


Member
**

Group: Members
Posts: 36
Joined: 2-July 08
From: philippines
Member No.: 219,978



Hi there!

I ran AVG a while ago and I'm glad that there weren't any threats detected (not even 1! tongue.gif ) thumbup.gif

Anyway, I'll do the next step you posted early in the morning. It's actually midnight here and I can't go to my desktop or my mother would know that I'm still awake.. laugh.gif (I'll just deal with my laptop's issues first..)

I'll get back here with the results. smile.gif
Go to the top of the page
 
+Quote Post
Buckeye_Sam
post Jul 5 2008, 11:59 AM
Post #6


Malware Expert
******

Group: HJT Team
Posts: 10,687
Joined: 23-December 04
From: Pickerington, Ohio
Member No.: 7,762



Despite the all clear from AVG, you do have some issues that we'll still have to deal with.
But I'll catch up with you after a good night's sleep. smile.gif


--------------------
If I have helped you in any way, please consider a donation to help me continue the fight against malware.
[ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ]
[ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]
Go to the top of the page
 
+Quote Post
hookedforever
post Jul 5 2008, 11:22 PM
Post #7


Member
**

Group: Members
Posts: 36
Joined: 2-July 08
From: philippines
Member No.: 219,978



Hi! Here are the results.


C:\WINDOWS\Sysvxd.exe

>Jotti

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

>Virustotal

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\Sysvxd.exe

Filenot found by both scanners.
Go to the top of the page
 
+Quote Post
Buckeye_Sam