Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde/winsoftware.winantiviruspro2006/systemdoctor2006 Infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 dubstar27

dubstar27

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 23 July 2007 - 10:30 PM

My computer is infected with a bunch of malware. It has grinded to a halt and I keep on getting pop-ups (with WinAntiVirus, 888.com, My Luv Crush and various other pop-ups).

My Norton AntiVirus will not go into auto-protect mode anymore either.

Here's the HiJackThis log. Any help would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:03 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\ndinh\MYDOCU~1\MANTEC~1\ntvdm.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\?icrosoft\n?pdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\pcapynuj.dll",forkonce
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hmuu] "C:\DOCUME~1\ndinh\MYDOCU~1\MANTEC~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Gxckp] "C:\Program Files\Common Files\?icrosoft\n?pdb.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Trust Agent EOU Daemon (CtaEoU) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
O23 - Service: Cisco Trust Agent Logger Daemon (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Cisco Posture Server Daemon (ctapsd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
O23 - Service: Cisco Systems, Inc. CTA Posture State Daemon (ctatransapt) - Unknown owner - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

--
End of file - 10240 bytes

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 24 July 2007 - 02:24 AM

Hi -

Please do the following in the order stated. You will need to print or copy these instructions because you will be working in Safe Mode without an Internet connection.

Download SDFix and save it to your Desktop.

Reboot into SAFE MODE
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.
  • In Safe Mode, choose your usual account
  • Right-click the SDFix.zip folder and choose Extract All
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt in your next reply

Download ComboFix from one of the following links:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
- and save it to the Desktop.

1. Double click on combo.exe and follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note: Do not mouse-click ComboFix's window while it is running. That may cause your system to stall/hang.

Post back with the report.txt, the ComboFix.txt and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 dubstar27

dubstar27
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 24 July 2007 - 05:41 PM

Just a quick question. The SDFix.zip file could not be found. Instead, there's an SDFix.exe. Are the 2 programs equivalent?

#4 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 24 July 2007 - 06:33 PM

Thanks for letting me know. Yes, it's okay. I just followed the link, and it's on the correct server. Just save it to your Desktop. Then reboot into Safe Mode and double-click onto SDFix.exe
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 dubstar27

dubstar27
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 24 July 2007 - 08:14 PM

Report.txt:


SDFix: Version 1.93

Run by ndinh on Tue 07/24/2007 at 08:40 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\ndinh\LOCALS~1\Temp\winC3.tmp.exe - Deleted
C:\DOCUME~1\ndinh\LOCALS~1\Temp\winC5.tmp.exe - Deleted
C:\WINDOWS\b122.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Cisco Systems\\CiscoTrustAgent\\CtaEoU.exe"="C:\\Program Files\\Cisco Systems\\CiscoTrustAgent\\CtaEoU.exe:*:Enabled:Cisco Trust Agent"
"F:\\Program Files\\Azureus\\Azureus.exe"="F:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\ndinh\NetHood\Share0 on wsp0app224.vmcanada.com\Desktop.ini
C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uinstrsc.dll
C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe
C:\Program Files\Common Files\?icrosoft\n?pdb.exe
C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp
C:\WINDOWS\system32\kjkmp.tmp

Finished

ComboFix.txt:

"ndinh" - 2007-07-24 21:02:58 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tgjwyvtp.dll
C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kjkmp.tmp
C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kjkmp.tmp
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\qomlmmk.dll
C:\WINDOWS\system32\qomlmmk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ndinh\MYDOCU~1.\mantec~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1\n?pdb.exe
C:\WINDOWS\system32\liegshvd.exe
C:\WINDOWS\system32\wnstssv32.exe


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-24 21:03 66,112 --a------ C:\WINDOWS\system32\qassbvur.exe
2007-07-24 21:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 20:38 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-24 18:37 126,016 --a------ C:\WINDOWS\system32\vurikwtn.dll
2007-07-23 22:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-23 21:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-23 21:22 126,016 --a------ C:\WINDOWS\system32\pcapynuj.dll
2007-07-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-22 21:54 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-22 21:51 <DIR> d-------- C:\DOCUME~1\ndinh\.housecall6.6
2007-07-22 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-07-21 23:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-21 23:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-07-21 23:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 23:04 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-07-21 23:04 <DIR> d-------- C:\Program Files\NeoDJ PRO
2007-07-21 21:20 <DIR> d-------- C:\DOCUME~1\ndinh\APPLIC~1\ArcSoft
2007-07-21 21:12 <DIR> d-------- C:\DOCUME~1\ndinh\APPLIC~1\Canon
2007-07-21 21:07 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-21 21:05 <DIR> d-------- C:\DOCUME~1\ndinh\APPLIC~1\NewSoft
2007-07-21 16:04 94,208 --a------ C:\WINDOWS\system32\ippcv11.dll
2007-07-21 16:04 77,824 --a------ C:\WINDOWS\system32\ippsr11.dll
2007-07-21 16:04 65,536 --a------ C:\WINDOWS\system32\ippj11.dll
2007-07-21 16:04 466,944 --a------ C:\WINDOWS\system32\ippcvw711.dll
2007-07-21 16:04 40,960 --a------ C:\WINDOWS\system32\IPPCPUID.DLL
2007-07-21 16:04 266,240 --a------ C:\WINDOWS\system32\ippsrw711.dll
2007-07-21 16:04 225,280 --a------ C:\WINDOWS\system32\ippi11.dll
2007-07-21 16:04 2,592,768 --a------ C:\WINDOWS\system32\ippiw711.dll
2007-07-21 16:04 176,128 --a------ C:\WINDOWS\system32\ipps11.dll
2007-07-21 16:04 159,744 --a------ C:\WINDOWS\system32\ippjw711.dll
2007-07-21 16:04 1,589,248 --a------ C:\WINDOWS\system32\ippsw711.dll
2007-07-21 16:03 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2007-07-21 16:02 <DIR> d-------- C:\WINDOWS\system32\Color
2007-07-21 16:02 <DIR> d-------- C:\Program Files\NewSoft
2007-07-21 16:02 <DIR> d-------- C:\Program Files\Common Files\PDFView
2007-07-21 15:59 <DIR> d-------- C:\Program Files\ScanSoft
2007-07-21 15:59 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-21 15:59 <DIR> d-------- C:\DOCUME~1\ndinh\APPLIC~1\ScanSoft
2007-07-21 15:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
2007-07-21 15:54 <DIR> d-------- C:\Program Files\MosaicCreator
2007-07-21 15:54 <DIR> d-------- C:\MC2
2007-07-21 15:52 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-07-21 15:52 <DIR> d-------- C:\Program Files\ArcSoft
2007-07-21 15:50 <DIR> d-------- C:\Program Files\Common Files\CANON
2007-07-21 15:37 57,344 --a------ C:\WINDOWS\system32\CNQI4803.DLL
2007-07-21 15:37 229,376 --a------ C:\WINDOWS\system32\CNQL4803.DLL
2007-07-21 15:37 106,496 --a------ C:\WINDOWS\system32\cnqo4803.dll
2007-07-21 15:37 1,298,432 --a------ C:\WINDOWS\system32\CNQC4803.DLL
2007-07-21 15:37 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-07-21 15:37 <DIR> d--h----- C:\Program Files\CanonBJ
2007-07-21 15:36 <DIR> d-------- C:\Program Files\Canon
2007-07-16 10:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
2007-07-10 23:12 <DIR> d-------- C:\Program Files\Photodex Presenter
2007-07-10 23:12 <DIR> d-------- C:\Program Files\Photodex
2007-07-10 23:12 <DIR> d-------- C:\DOCUME~1\ndinh\APPLIC~1\Netscape
2007-07-05 22:42 <DIR> d-------- C:\Program Files\Vodei


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 01:17:35 -------- d-----w C:\DOCUME~1\ndinh\APPLIC~1\Azureus
2007-07-22 17:14:35 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-21 20:03:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 03:05:36 -------- d-----w C:\DOCUME~1\ndinh\APPLIC~1\LimeWire
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2004-03-11 18:27:22 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65354EAB-F44C-F5C1-4F67-8D8DBF24D5CA}]
C:\WINDOWS\system32\yofzitht.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 19:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 19:35]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 21:49]
"CellVision WLAN Monitor"="C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe" [2005-05-09 23:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 07:10]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 20:27]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 00:52]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 15:35]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Hmuu"="C:\DOCUME~1\ndinh\MYDOCU~1\MANTEC~1\ntvdm.exe" []
"Gxckp"="C:\Program Files\Common Files\?icrosoft\n?pdb.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-03-06 23:47:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PAStates]
PAStates.dll 2005-11-07 12:37 94208 C:\WINDOWS\system32\PAStates.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys
R2 ANIO;ANIO Service;\??\C:\WINDOWS\system32\ANIO.SYS
R2 CtaEoU;Cisco Trust Agent EOU Daemon;"C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe"
R2 ctalogd;Cisco Trust Agent Logger Daemon;"C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe"
R2 ctapsd;Cisco Posture Server Daemon;"C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe"
R2 ctatransapt;Cisco Systems, Inc. CTA Posture State Daemon;"C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe"
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 lanmanserver;Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 lanmanworkstation;Workstation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
R3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 N3AB;N3AB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\N3AB.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\C:\WINDOWS\system32\drivers\AWRTRD.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\HdAudio.sys
S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\system32\mnmsrvc.exe
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 Tomcat5;Apache Tomcat;"C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

Contents of the 'Scheduled Tasks' folder
2007-07-13 02:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 21:08:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000086

scanning hidden files ...

C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\WININIT.INI
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 16

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"

Completion time: 2007-07-24 21:10:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:10

--- E O F ---

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:00 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65354EAB-F44C-F5C1-4F67-8D8DBF24D5CA} - C:\WINDOWS\system32\yofzitht.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hmuu] "C:\DOCUME~1\ndinh\MYDOCU~1\MANTEC~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Gxckp] "C:\Program Files\Common Files\?icrosoft\n?pdb.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: PAStates - C:\WINDOWS\SYSTEM32\PAStates.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Trust Agent EOU Daemon (CtaEoU) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
O23 - Service: Cisco Trust Agent Logger Daemon (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Cisco Posture Server Daemon (ctapsd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
O23 - Service: Cisco Systems, Inc. CTA Posture State Daemon (ctatransapt) - Unknown owner - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

--
End of file - 11005 bytes

#6 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 25 July 2007 - 04:14 AM

Hi -

Start HijackThis, click System Scan Only and place a checkmark next to the following items:
O2 - BHO: (no name) - {65354EAB-F44C-F5C1-4F67-8D8DBF24D5CA} - C:\WINDOWS\system32\yofzitht.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Gxckp] "C:\Program Files\Common Files\?icrosoft\n?pdb.exe"
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)


If you did NOT set IE's start page to about:blank, then check this as well:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

Open Notepad and copy and paste the text inside the codebox into Notepad exactly as shown:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hmuu"=-

- Save this as fix.reg > choose to save as *all files > and place it on your desktop.
- It should look like this: Posted Image
- Double-click on it and, when you are asked if you want to merge the contents to the registry, click YES/OK.

Reboot your computer.

You have an outdated version of Java which, because of security reasons, needs to be updated. To update Java:
- Download the latest version of Java Runtime Environment (JRE) 6u2 from HERE
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel > Add/Remove Programs and remove ALL older versions of Java by checking any item, one at a time, with Java Runtime Environment (JRE or J2SE) in the name. It should have this icon Posted Image next to it.
- For each item that you check, click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove ALL of the Java versions.
- REBOOT your computer once ALL Java components are removed.
- Then from your Desktop, double-click on the newly-downloaded Java file to install the newest version.

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log in your next reply.
Post back with the log from Superantispyware and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 dubstar27

dubstar27
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 26 July 2007 - 06:39 AM

Hi:

Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2007 at 01:29 AM

Application Version : 3.9.1008

Core Rules Database Version : 3274
Trace Rules Database Version: 1285

Scan type : Complete Scan
Total Scan Time : 02:23:37

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 5944
Registry threats detected : 0
File items scanned : 80112
File threats detected : 153

Adware.Tracking Cookie
C:\Documents and Settings\ndinh\Cookies\ndinh@www.adultsins[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@drivecleaner[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@888[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@stats1.reliablestats[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-ctv.hitbox[4].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@tribalfusion[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.yieldmanager[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@winantivirus[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@www.amaena[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ads.monster[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@click.nba[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cassava[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@casalemedia[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adinterax[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ads.ak.facebook[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cgi-bin[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adrevolver[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adultsins[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@atdmt[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adcentriconline[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@statcounter[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@pch.122.2o7[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cpvfeed[4].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@www.popundersupply[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@trafficmp[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@advertising[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.outerinfo[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@a.websponsors[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@mediaplex[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@interclick[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@doubleclick[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@clicksor[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@4.adbrite[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.iconadserver[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.reduxmedia[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.scanmedios[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad.yieldx[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ad1.clickhype[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adbrite[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adcentriconline[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adopt.euroclick[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adrevolver[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ads.as4x.tmcs[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ads.realtechnetwork[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adserver[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adserving.cpxinteractive[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@adsrevenue[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@advertising[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@amazonsearsca.122.2o7[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@atdmt[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cassava[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@click.netpondcash[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@clicktorrent[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cpvfeed[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@cpvfeed[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@directtrack[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@divx.112.2o7[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@divx.adbureau[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@dnsstuff.adbureau[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@drivecleaner[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@eas.apm.emediate[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-bmwna.hitbox[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-ctv.hitbox[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-mybc.hitbox[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-spherion.hitbox[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-trader.hitbox[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@ehg-yellowpages.hitbox[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@empornium[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@imedia.foxsports[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@millnicmedia.directtrack[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@reduxads.valuead[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@roiservice[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@sportsad.adbureau[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@statse.webtrendslive[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@toplist[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@tremor.adbureau[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@usenext[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@videoegg.adbureau[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@workopolis.122.2o7[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@www.clicktorrent[2].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@www.popundersupply[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@www.popundersupply[3].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@xiti[1].txt
C:\Documents and Settings\ndinh\Cookies\ndinh@yadro[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@247realmedia[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ad.yieldmanager[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@adbrite[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@adcentriconline[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@adknowledge[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@adopt.specificclick[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ads.pointroll[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@adultfriendfinder[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@advertising[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@apmebf[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@atwola[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@brightcove.112.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@bs.serving-sys[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@casalemedia[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@cbs.112.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@clickthesky[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@counter.hitslink[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@cs.sexcounter[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@devart.adbureau[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@e-2dj6wakosgazsbo.stats.esomniture[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-bestbuy.hitbox[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-ctv.hitbox[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-nfusiongroup.hitbox[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-nokiafin.hitbox[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@fastclick[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@hitbox[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@image.masterstats[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@msninvite.112.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@msnportal.112.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@paypal.112.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@porn.naughtyfiles[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@questionmarket[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@reduxads.valuead[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@revsci[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@sales.liveperson[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@serving-sys[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@statcounter[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@tacoda[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@targetnet[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@toplist[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@toseeka[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@tradedoubler[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@trafficmp[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@tribalfusion[2].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@workopolis.122.2o7[1].txt
F:\Documents and Settings\Nicolas\Cookies\nicolas@zedo[2].txt
F:\Documents and Settings\Nicolas\Local Settings\Temp\Cookies\nicolas@adcentriconline[2].txt
F:\Documents and Settings\Nicolas\Local Settings\Temp\Cookies\nicolas@atdmt[2].txt
F:\Documents and Settings\Nicolas\Local Settings\Temp\Cookies\nicolas@doubleclick[1].txt
F:\Documents and Settings\Nicolas\Local Settings\Temp\Cookies\nicolas@ehg-ctv.hitbox[2].txt
F:\Documents and Settings\Nicolas\Local Settings\Temp\Cookies\nicolas@hitbox[2].txt

Adware.ClickSpring
C:\QooBox\Quarantine\C\Program Files\Common Files\ICROSO~1\NPDBEX~1.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP110\A0013382.EXE

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QOMLMMK.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP110\A0013387.DLL

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV32.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP110\A0012289.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP110\A0013380.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP109\A0012267.DLL

Adware.ClickSpring/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCFAB89C-C4E7-42B1-8F81-C05D034CAA49}\RP110\A0012339.DLL

Trace.Known Threat Sources
C:\Documents and Settings\ndinh\Local Settings\Temporary Internet Files\Content.IE5\8TOD4X4N\favicon[2].ico

HiJackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:29 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PAStates - C:\WINDOWS\SYSTEM32\PAStates.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Trust Agent EOU Daemon (CtaEoU) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
O23 - Service: Cisco Trust Agent Logger Daemon (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Cisco Posture Server Daemon (ctapsd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
O23 - Service: Cisco Systems, Inc. CTA Posture State Daemon (ctatransapt) - Unknown owner - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

--
End of file - 10669 bytes

#8 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 26 July 2007 - 09:48 PM

Hi -

Good job - looks much better. Got rid of a lot of malware.

Download and scan with CCleaner.
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
3. Then select the items you wish to clean up.

In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.
In the Applications Tab:
  • Clean all entries in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
3. Click the "Run Cleaner" button.
4. A pop-up box will appear advising this process will permanently delete files from your system.
5. Click "OK" and it will scan and clean your system.
6. Click "exit" when done.

Perform an onlinescan with Panda Online. ActiveScan does not remove adware/spyware but will autoclean for viruses and worms.
You have to use Internet Explorer for this scan.
- Once you are on the Panda site click the Scan your PC button
- A new window will open
- Fill in your registration and click the Check Now button
- If it wants to install an ActiveX component, allow it
- A new window will appear asking "Do you want to install this software?"" Name: asinst.cab
- Click Install
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.

Post back with the Panda log and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 dubstar27

dubstar27
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 27 July 2007 - 06:53 AM

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:06 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\calc.exe
C:\Program Files\iTunes\iTunes.exe
F:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PAStates - C:\WINDOWS\SYSTEM32\PAStates.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Trust Agent EOU Daemon (CtaEoU) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
O23 - Service: Cisco Trust Agent Logger Daemon (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Cisco Posture Server Daemon (ctapsd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
O23 - Service: Cisco Systems, Inc. CTA Posture State Daemon (ctatransapt) - Unknown owner - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe

--
End of file - 11169 bytes


Panda:



Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ndinh\Cookies\ndinh@tribalfusion[1].txt
Virus:Generic Trojan Disinfected C:\Documents and Settings\ndinh\Desktop\ComboFix.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ndinh\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Adware:Adware/SaveNow Not disinfected C:\downloads\xvid\bsplayer142.833.exe[SetupInst.exe]
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\liegshvd.exe.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Adware:Adware/Winpopup Not disinfected C:\SDFix\backups\backups.zip[backups/b122.exe]
Dialer:Dialer.KLZ Not disinfected C:\SDFix\backups\backups.zip[backups/winC3.tmp.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\qassbvur.exe
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Go Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.go.com/]
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[c5.zedo.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[server.iad.liveperson.net/hc/34292599]
Spyware:Cookie/Server.iad.Liveperson Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Hitbox Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Adrevolver Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitslink Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Apmebf Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Winantivirus Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Toplist Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/cs.sexcounter Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Searchportal Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Adtech Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.adtech.de/]
Spyware:Cookie/MediaTickets Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Yadro Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/888 Not disinfected F:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ruv9mc8b.default\cookies.txt[.888.com/]
Spyware:Cookie/Ccbill Not disinfected F:\Documents and Settings\Nicolas\Cookies\nicolas@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\Nicolas\Cookies\nicolas@com[1].txt
Spyware:Cookie/Go Not disinfected F:\Documents and Settings\Nicolas\Cookies\nicolas@go[1].txt

#10 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 28 July 2007 - 02:36 AM

Hi -

Sorry for the delay. My area kept having thunderstorms pass through, so I was offline.

Your log looks clean. Delete the ComboFix.exe file; the C:\ComboFix folder; the C:\QooBox folder; the C:\ComboFix-quarantined-files.txt and the C:\combofix.txt log that were created.
Also delete all the SDFix related files and folders from your Desktop.

If your version of Symantec does not have a firewall component, I suggest that you install one. It will greatly help in preventing your system from being infected by malware.
Comodo -or- Jetico are good FREE software Firewall programs and are the two top programs in the ratings.
See, Understanding and Using Firewalls

If you have not done so, please empty your Recycle Bin.

Create a new Restore Point:
- Go to Start > All Programs > Accessories > System Tools > System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

Delete the old Restore Points:
- Go to Start > All Programs > Accessories > System Tools > Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer.

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

Install IE-SPYAD puts over 20,000 sites in your restricted zone, so you will be protected when you visit innocent-looking sites that are not actually innocent at all.

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

Let your anti-virus and anti-spyware scanners scan frequently and don't forget to update before scanning.

I suggest you perform an online virus-scan once in a while (Housecall and/or Bitdefender) because what one virus-scanner can't find, another one maybe can.

Make sure your Windows has the latest updates by going here.

More information on how to prevent malware can be found at So how did I get infected in the first place? (by Tony Klein) and Malware Prevention: Prevent Re-infection.

Happy surfing again! :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 dubstar27

dubstar27
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 July 2007 - 07:08 AM

Great... thanks for your help!

#12 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 28 July 2007 - 11:20 AM

You're welcome - glad I could help. :thumbsup:

Since this issue appears resolved ... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a new topic.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users