Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis- Gebcy.dll Got Infected


  • This topic is locked This topic is locked
8 replies to this topic

#1 djmathias

djmathias

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy,Texas
  • Local time:11:30 AM

Posted 25 July 2007 - 03:03 PM

I have run tons of scans, bitdefender,panda,spybot,spywareterminator,ad-aware,trend-micro. They cleaned alot of ifections, all of which i got from vcdquality.com. Please help i cant find any info on the web. thanks

Logfile of HijackThis v1.99.1
Scan saved at 14:58, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\XP Codec Pack\mpc\mplayerc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {095DE479-2AE2-46D6-A9FB-BE3D9C5B872E} - (no file)
O2 - BHO: (no name) - {151524E8-709D-4DE5-BAC4-D7DF056E65C0} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\efcyvvw.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: MightyFAX Controller.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: efcyvvw - C:\WINDOWS\SYSTEM32\efcyvvw.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

BC AdBot (Login to Remove)

 


#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:30 AM

Posted 25 July 2007 - 03:41 PM

Hello djmathias,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#3 djmathias

djmathias
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy,Texas
  • Local time:11:30 AM

Posted 25 July 2007 - 03:58 PM

Hello rip chain, thanks soo much 4 ur help...

"AdminMF" - 2007-07-25 15:45:50 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wylifsnb.exe
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\efcyvvw.dll
C:\WINDOWS\system32\efcyvvw.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\curity~1
C:\WINDOWS\system32\win


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-25 14:50 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-25 11:30 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-25 11:03 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-25 11:03 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-25 11:02 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-25 11:02 <DIR> d-------- C:\Program Files\Sygate
2007-07-25 10:32 <DIR> d-------- C:\DOCUME~1\AdminMF\.housecall6.6
2007-07-25 10:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-25 10:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-25 10:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 09:59 126,016 --a------ C:\WINDOWS\system32\vdhenmtf.dll
2007-07-25 00:46 <DIR> d-------- C:\Program Files\Roguescanfix
2007-07-24 22:46 <DIR> d-------- C:\Rustbfix
2007-07-24 22:13 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-24 21:50 <DIR> d--hs---- C:\WINDOWS\QWRtaW5NRg
2007-07-24 11:26 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-07-19 17:06 <DIR> d-------- C:\!Temp
2007-07-18 16:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 15:33 1,334 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-18 13:04 1,106,352 -r-hs---- C:\WINDOWS\nljjmsrA.exe
2007-07-18 13:04 <DIR> d-------- C:\WINDOWS\system32\Z11
2007-07-18 13:04 <DIR> d-------- C:\WINDOWS\system32\driver
2007-07-18 13:02 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
2007-07-17 14:20 <DIR> d-------- C:\Program Files\FotoTagger
2007-07-12 12:07 <DIR> d-------- C:\Program Files\My BootDisk
2007-07-11 10:20 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2007-07-11 10:20 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2007-07-11 10:20 <DIR> d-------- C:\Program Files\Mightyfax
2007-07-10 13:47 <DIR> d-------- C:\Program Files\FLAC
2007-07-07 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-07 18:39 <DIR> d-------- C:\DOCUME~1\AdminMF\APPLIC~1\Comodo
2007-07-07 18:38 <DIR> d-------- C:\Program Files\Comodo
2007-07-01 14:52 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-06-30 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-06-30 10:09 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-30 10:01 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-06-30 10:01 <DIR> d-------- C:\Program Files\SureThing
2007-06-30 10:01 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-06-30 09:25 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-06-30 09:25 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-06-30 09:25 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-27 11:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-27 10:46 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-27 10:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-27 10:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-06-27 10:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-27 10:46 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-06-27 10:46 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-27 10:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-27 10:46 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-27 10:46 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-27 10:46 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-27 10:46 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-27 10:46 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-27 10:46 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-27 10:46 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-27 10:46 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-27 10:46 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-06-27 10:46 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-25 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 20:26:24 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\uTorrent
2007-07-25 19:58:59 3,979 ----a-w C:\Program Files\hijackthis.log
2007-07-25 18:00:15 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Spyware Terminator
2007-07-25 17:52:08 -------- d-----w C:\Program Files\WinClamAVShield
2007-07-25 17:52:06 -------- d-----w C:\Program Files\Spyware Terminator
2007-07-25 17:03:31 -------- d-----w C:\Program Files\backups
2007-07-25 16:52:48 -------- d-----w C:\Program Files\MagicISO
2007-07-25 03:28:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-18 21:09:46 -------- d-----w C:\Program Files\Messenger
2007-07-16 17:53:07 -------- d-----w C:\Program Files\VstPlugins
2007-07-16 17:53:07 -------- d-----w C:\Program Files\Native Instruments
2007-07-16 14:27:30 -------- d-----w C:\Program Files\Nokia
2007-07-15 15:14:34 -------- d-----w C:\Program Files\Xvid
2007-07-15 14:33:35 -------- d-----w C:\Program Files\Movie Maker
2007-07-07 23:43:15 233,900 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-07 23:43:15 17,228,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-07 23:43:15 106,340 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-07 23:43:15 1,100,576 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-07 20:47:46 512 ----a-w C:\ScanSectorLog.dat
2007-06-30 16:48:43 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Nokia
2007-06-30 05:24:26 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-06-25 17:04:49 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Ahead
2007-06-25 17:04:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-24 13:38:20 -------- d-----w C:\Program Files\Electronic Arts
2007-06-22 14:44:50 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\NCH Swift Sound
2007-06-20 20:33:29 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\RecordPad
2007-06-20 20:31:59 -------- d-----w C:\Program Files\Nero
2007-06-17 20:28:03 -------- d-----w C:\Program Files\Maketorrent 2
2007-06-14 23:30:17 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\vlc
2007-06-14 23:30:17 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Media Player Classic
2007-06-14 23:30:09 -------- d-----w C:\Program Files\XP Codec Pack
2007-06-14 23:30:07 -------- d-----w C:\Program Files\uTorrent
2007-06-14 23:30:04 -------- d-----w C:\Program Files\Real Alternative
2007-06-14 23:30:03 -------- d-----w C:\Program Files\QuickTime
2007-06-14 23:29:55 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-14 23:29:55 -------- d-----w C:\Program Files\Media Player Classic
2007-06-14 23:29:39 -------- d-----w C:\Program Files\Guitar Pro 5
2007-06-14 23:29:36 -------- d-----w C:\Program Files\BearShare
2007-06-14 17:01:22 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-12 19:16:00 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Sonic Foundry
2007-06-12 19:15:05 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-12 19:13:51 -------- d-----w C:\Program Files\Sonic Foundry Setup
2007-06-11 18:20:58 44,891 ----a-w C:\WINDOWS\system32\unins000.dat
2007-06-11 18:19:34 673,782 ----a-w C:\WINDOWS\system32\unins000.exe
2007-06-11 01:03:16 97,280 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2007-06-11 01:03:16 8,192 ----a-w C:\WINDOWS\system32\FLT_ffdshow.dll
2007-06-11 01:03:16 79,872 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2007-06-11 01:03:16 741,376 ----a-w C:\WINDOWS\system32\audxlib.dll
2007-06-11 01:03:16 661,504 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-06-11 01:03:16 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-06-11 01:03:16 6,656 ----a-w C:\WINDOWS\system32\ffavisynth.dll
2007-06-11 01:03:16 509,952 ----a-w C:\WINDOWS\system32\ff_x264.dll
2007-06-11 01:03:16 403,968 ----a-w C:\WINDOWS\system32\libmplayer.dll
2007-06-11 01:03:16 40,960 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2007-06-11 01:03:16 38,400 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2007-06-11 01:03:16 3,142,144 ----a-w C:\WINDOWS\system32\libavcodec.dll
2007-06-11 01:03:16 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2007-06-11 01:03:16 245,760 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2007-06-11 01:03:16 225,280 ----a-w C:\WINDOWS\system32\ff_kernelDeint.dll
2007-06-11 01:03:16 200,704 ----a-w C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-11 01:03:16 155,648 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2007-06-11 01:03:16 143,360 ----a-w C:\WINDOWS\system32\ff_theora.dll
2007-06-11 01:03:16 122,880 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2007-06-11 01:03:16 118,784 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2007-06-11 01:03:16 114,688 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-11 01:03:16 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-06-09 22:57:00 138,368 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-09 16:56:42 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\AdobeUM
2007-06-09 16:27:50 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\PC Suite
2007-06-09 16:27:09 -------- d-----w C:\Program Files\DIFX
2007-06-08 02:24:20 -------- d-----w C:\Program Files\Common Files\Digidesign
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 19:34:37 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Publish Providers
2007-06-04 19:34:26 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Sony
2007-06-04 19:32:16 -------- d-----w C:\Program Files\Sony
2007-06-03 18:48:51 -------- d-----w C:\Program Files\Sony Setup
2007-05-31 19:50:16 -------- d-----w C:\Program Files\Windows NT
2007-05-31 01:24:08 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-29 13:18:34 -------- d-----w C:\Program Files\Yahoo!
2007-05-29 13:18:32 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-27 17:30:48 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Apple Computer
2007-05-26 22:53:56 -------- d-----w C:\Program Files\MSI
2007-05-26 22:52:56 -------- d-----w C:\Program Files\Setup Files
2007-05-26 22:18:01 -------- d-----w C:\Program Files\Image-Line
2007-05-26 21:53:09 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-05-26 21:40:23 -------- d--h--r C:\DOCUME~1\AdminMF\APPLIC~1\SecuROM
2007-05-26 21:40:22 98,304 ----a-w C:\WINDOWS\System32CmdLineExt.dll
2007-05-26 21:23:16 -------- d-----w C:\Program Files\Belkin
2007-05-26 17:01:55 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-26 17:01:03 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\InterTrust
2007-05-26 03:50:29 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Real
2007-05-26 03:03:03 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-26 03:00:03 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\WinRAR
2007-05-26 01:14:26 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-05-26 00:11:24 -------- d-----w C:\Program Files\VideoLAN
2007-05-25 23:46:00 -------- d-----w C:\Program Files\Intel
2007-05-25 23:40:45 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Help
2007-05-25 23:39:05 -------- d-----w C:\Program Files\ATI Technologies


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{095DE479-2AE2-46D6-A9FB-BE3D9C5B872E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 16:12 C:\WINDOWS\SOUNDMAN.EXE]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-09 17:56]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-06 13:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
----a-w 682 2007-07-11 15:20:55 C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\MightyFAX Controller.lnk.disabled

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AdminMF^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\AdminMF\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nljjmsrA]
C:\WINDOWS\nljjmsrA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.7.8\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"ERSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RecordPadRun"="C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
"VRSRun"="C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 15:52:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgfilter]
"ImagePath"="\??\C:\Program Files\PeerGuardian2\pgfilter.sys"

Completion time: 2007-07-25 15:53:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 15:53

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 3:54:32 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {095DE479-2AE2-46D6-A9FB-BE3D9C5B872E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: MightyFAX Controller.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:30 AM

Posted 26 July 2007 - 04:39 PM

Hello dathiasjm,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {095DE479-2AE2-46D6-A9FB-BE3D9C5B872E} - (no file)
O2 - BHO: (no name) - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\vdhenmtf.dll
C:\WINDOWS\nljjmsrA.exe
C:\WINDOWS\system32\Z11
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\b02FdUe
C:\Program Files\Web Buying
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\nljjmsrA.exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#5 djmathias

djmathias
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy,Texas
  • Local time:11:30 AM

Posted 26 July 2007 - 07:03 PM

yeah igot infected today again and am following ur instructions. Any idea why my anti-everything programs r missing things?

oooops i just rebooted and found im infected again

rebooted again, still the same crap. I ran the moveit but after I rebooted i figured that i need you to tell me which files to copy-n-paste. Heres where i stand as of 8:30 july,26.

"AdminMF" - 2007-07-26 20:24:09 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-26 17:33 <DIR> d-------- C:\Program Files\Total Video Converter
2007-07-26 17:20 <DIR> d-------- C:\Program Files\Plato Video Converter
2007-07-26 17:16 <DIR> d-------- C:\Program Files\Witcobber
2007-07-26 17:11 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2007-07-26 17:11 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2007-07-26 17:10 <DIR> d-------- C:\Program Files\Ultra Video Converter
2007-07-26 16:22 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-26 16:22 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-26 16:22 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-26 16:22 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-26 16:22 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-26 16:22 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-26 16:10 <DIR> d-------- C:\speed_converter
2007-07-26 16:10 <DIR> d-------- C:\Program Files\Speed Video Converter
2007-07-26 16:01 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-26 16:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-07-26 16:01 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-26 16:01 <DIR> d-------- C:\Program Files\Color7 Video Converter
2007-07-26 12:49 <DIR> d-------- C:\DOCUME~1\AdminMF\APPLIC~1\dvdcss
2007-07-26 12:20 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-07-26 12:20 86,016 --a------ C:\WINDOWS\system32\AddiTunes.exe
2007-07-26 12:20 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-07-26 12:20 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-07-26 12:20 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-07-26 12:20 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-07-26 12:20 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-07-26 12:20 61,440 --a------ C:\WINDOWS\system32\cygz.dll
2007-07-26 12:20 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-07-26 12:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-07-26 12:20 4,755,968 --a------ C:\WINDOWS\system32\apexconverter.exe
2007-07-26 12:20 398,798 --a------ C:\WINDOWS\system32\apexpmp.exe
2007-07-26 12:20 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-07-26 12:20 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-07-26 12:20 3,138,048 --a------ C:\WINDOWS\system32\apexxbox.exe
2007-07-26 12:20 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-07-26 12:20 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-07-26 12:20 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-07-26 12:20 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-07-26 12:20 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-07-26 12:20 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-07-26 12:20 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-07-26 12:20 120,320 --a------ C:\WINDOWS\system32\apexchanger.exe
2007-07-26 12:20 109,568 --a------ C:\WINDOWS\system32\apex3gp.exe
2007-07-26 12:20 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-07-26 12:20 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll
2007-07-26 12:20 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-07-26 12:20 <DIR> d-------- C:\Program Files\Apex
2007-07-26 12:13 <DIR> d-------- C:\Program Files\NO1 Video Converter
2007-07-26 10:44 <DIR> d-------- C:\Apollo Temp Folder
2007-07-26 10:37 <DIR> d-------- C:\Program Files\Apollo DVD Creator
2007-07-26 10:31 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-07-26 10:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-26 10:30 <DIR> d-------- C:\Program Files\Windows Media Components
2007-07-25 20:15 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-25 19:57 <DIR> d-------- C:\Program Files\EULAlyzer
2007-07-25 19:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 19:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-25 19:34 <DIR> d-------- C:\DOCUME~1\AdminMF\APPLIC~1\SUPERAntiSpyware.com
2007-07-25 14:50 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-25 11:03 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-25 11:03 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-07-25 11:03 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-25 11:02 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-25 11:02 <DIR> d-------- C:\Program Files\Sygate
2007-07-25 10:32 <DIR> d-------- C:\DOCUME~1\AdminMF\.housecall6.6
2007-07-25 10:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-25 10:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-25 10:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 00:46 <DIR> d-------- C:\Program Files\Roguescanfix
2007-07-24 22:46 <DIR> d-------- C:\Rustbfix
2007-07-24 22:13 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-24 21:50 <DIR> d--hs---- C:\WINDOWS\QWRtaW5NRg
2007-07-24 11:26 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-07-19 17:06 <DIR> d-------- C:\!Temp
2007-07-18 16:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 15:33 1,334 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-17 14:20 <DIR> d-------- C:\Program Files\FotoTagger
2007-07-12 12:07 <DIR> d-------- C:\Program Files\My BootDisk
2007-07-11 10:20 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2007-07-11 10:20 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2007-07-11 10:20 <DIR> d-------- C:\Program Files\Mightyfax
2007-07-10 13:47 <DIR> d-------- C:\Program Files\FLAC
2007-07-07 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-07 18:39 <DIR> d-------- C:\DOCUME~1\AdminMF\APPLIC~1\Comodo
2007-07-07 18:38 <DIR> d-------- C:\Program Files\Comodo
2007-07-01 14:52 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-06-30 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-06-30 10:09 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-30 10:01 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-06-30 10:01 <DIR> d-------- C:\Program Files\SureThing
2007-06-30 10:01 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-06-30 09:25 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-06-30 09:25 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-06-30 09:25 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-27 11:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-27 10:46 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-27 10:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 01:06:45 -------- d-----w C:\Program Files\backups
2007-07-27 00:15:17 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Spyware Terminator
2007-07-26 23:10:32 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\uTorrent
2007-07-26 22:16:46 -------- d-----w C:\Program Files\Spyware Terminator
2007-07-26 21:56:41 96,132 ----a-w C:\WINDOWS\system32\unins000.dat
2007-07-26 21:56:39 -------- d-----w C:\Program Files\VstPlugins
2007-07-26 21:53:58 684,549 ----a-w C:\WINDOWS\system32\unins000.exe
2007-07-26 17:21:03 -------- d-----w C:\Program Files\Xvid
2007-07-25 20:54:32 3,159 ----a-w C:\Program Files\hijackthis.log
2007-07-25 17:52:08 -------- d-----w C:\Program Files\WinClamAVShield
2007-07-25 16:52:48 -------- d-----w C:\Program Files\MagicISO
2007-07-25 03:28:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-22 16:32:00 97,280 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2007-07-22 16:32:00 8,192 ----a-w C:\WINDOWS\system32\FLT_ffdshow.dll
2007-07-22 16:32:00 79,872 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2007-07-22 16:32:00 741,376 ----a-w C:\WINDOWS\system32\audxlib.dll
2007-07-22 16:32:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-07-22 16:32:00 661,504 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-07-22 16:32:00 6,656 ----a-w C:\WINDOWS\system32\ffavisynth.dll
2007-07-22 16:32:00 510,976 ----a-w C:\WINDOWS\system32\ff_x264.dll
2007-07-22 16:32:00 403,968 ----a-w C:\WINDOWS\system32\libmplayer.dll
2007-07-22 16:32:00 40,960 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2007-07-22 16:32:00 38,400 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2007-07-22 16:32:00 3,165,184 ----a-w C:\WINDOWS\system32\libavcodec.dll
2007-07-22 16:32:00 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2007-07-22 16:32:00 245,760 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2007-07-22 16:32:00 221,184 ----a-w C:\WINDOWS\system32\ff_kernelDeint.dll
2007-07-22 16:32:00 200,704 ----a-w C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-07-22 16:32:00 155,648 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2007-07-22 16:32:00 143,360 ----a-w C:\WINDOWS\system32\ff_theora.dll
2007-07-22 16:32:00 122,880 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2007-07-22 16:32:00 118,784 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2007-07-22 16:32:00 114,688 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2007-07-18 21:09:46 -------- d-----w C:\Program Files\Messenger
2007-07-16 17:53:07 -------- d-----w C:\Program Files\Native Instruments
2007-07-16 14:27:30 -------- d-----w C:\Program Files\Nokia
2007-07-15 14:33:35 -------- d-----w C:\Program Files\Movie Maker
2007-07-07 23:43:15 233,900 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-07 23:43:15 17,228,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-07 23:43:15 106,340 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-07 23:43:15 1,100,576 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-07 20:47:46 512 ----a-w C:\ScanSectorLog.dat
2007-06-30 16:48:43 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Nokia
2007-06-30 05:24:26 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-06-25 17:04:49 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Ahead
2007-06-25 17:04:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-24 13:38:20 -------- d-----w C:\Program Files\Electronic Arts
2007-06-22 14:44:50 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\NCH Swift Sound
2007-06-20 20:33:29 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\RecordPad
2007-06-20 20:31:59 -------- d-----w C:\Program Files\Nero
2007-06-17 20:28:03 -------- d-----w C:\Program Files\Maketorrent 2
2007-06-14 23:30:17 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\vlc
2007-06-14 23:30:17 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Media Player Classic
2007-06-14 23:30:09 -------- d-----w C:\Program Files\XP Codec Pack
2007-06-14 23:30:07 -------- d-----w C:\Program Files\uTorrent
2007-06-14 23:30:04 -------- d-----w C:\Program Files\Real Alternative
2007-06-14 23:30:03 -------- d-----w C:\Program Files\QuickTime
2007-06-14 23:29:55 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-14 23:29:55 -------- d-----w C:\Program Files\Media Player Classic
2007-06-14 23:29:39 -------- d-----w C:\Program Files\Guitar Pro 5
2007-06-14 23:29:36 -------- d-----w C:\Program Files\BearShare
2007-06-14 17:01:22 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-12 19:16:00 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Sonic Foundry
2007-06-12 19:15:05 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-12 19:13:51 -------- d-----w C:\Program Files\Sonic Foundry Setup
2007-06-11 01:03:16 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-06-09 22:57:00 138,368 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-09 16:56:42 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\AdobeUM
2007-06-09 16:27:50 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\PC Suite
2007-06-09 16:27:09 -------- d-----w C:\Program Files\DIFX
2007-06-08 02:24:20 -------- d-----w C:\Program Files\Common Files\Digidesign
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 19:34:37 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Publish Providers
2007-06-04 19:34:26 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Sony
2007-06-04 19:32:16 -------- d-----w C:\Program Files\Sony
2007-06-03 18:48:51 -------- d-----w C:\Program Files\Sony Setup
2007-05-31 19:50:16 -------- d-----w C:\Program Files\Windows NT
2007-05-31 01:24:08 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-29 13:18:34 -------- d-----w C:\Program Files\Yahoo!
2007-05-29 13:18:32 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-27 17:30:48 -------- d-----w C:\DOCUME~1\AdminMF\APPLIC~1\Apple Computer
2007-05-26 21:40:22 98,304 ----a-w C:\WINDOWS\System32CmdLineExt.dll
2007-05-26 17:01:55 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-26 01:14:26 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-05-25 23:30:46 0 --sha-r C:\MSDOS.SYS
2007-05-25 23:30:46 0 --sha-r C:\IO.SYS
2007-05-25 23:28:16 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2006-02-08 08:02:44 73,728 ----a-w C:\Program Files\KillBox.exe
2005-02-16 16:06:16 218,112 ----a-w C:\Program Files\HijackThis.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{095DE479-2AE2-46D6-A9FB-BE3D9C5B872E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD159FBD-D1FF-4D79-8F59-BAA80785A9EA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 16:12 C:\WINDOWS\SOUNDMAN.EXE]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-09 17:56]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-06 13:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MightyFAX Controller.lnk.disabled [2007-07-11 10:20:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvvw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AdminMF^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\AdminMF\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nljjmsrA]
C:\WINDOWS\nljjmsrA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.7.8\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"ERSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RecordPadRun"="C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
"VRSRun"="C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys
R2 wg4n;SyGate for NT, wg4n;C:\WINDOWS\system32\Drivers\wg4n.sys
R2 wg5n;SyGate for NT, wg5n;C:\WINDOWS\system32\Drivers\wg5n.sys
R2 wg6n;SyGate for NT, wg6n;C:\WINDOWS\system32\Drivers\wg6n.sys
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHMODEM;Bluetooth Modem Communications Driver;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\AdminMF\LOCALS~1\Temp\tni51.tmp
S3 TSP;TSP;\??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 20:25:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 20:25:59
C:\ComboFix-quarantined-files.txt ... 2007-07-26 20:25
C:\ComboFix2.txt ... 2007-07-26 20:13
C:\ComboFix3.txt ... 2007-07-26 19:19

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 8:28:08 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {095DE479-2AE2-46D6-A9FB-BE3D9C5B872E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: (no name) - {FD159FBD-D1FF-4D79-8F59-BAA80785A9EA} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: MightyFAX Controller.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcyvvw - C:\WINDOWS\
O20 - Winlogon Notify: gebcy - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Edited by djmathias, 26 July 2007 - 08:32 PM.


#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:30 AM

Posted 27 July 2007 - 09:59 PM

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Posted Image

#7 djmathias

djmathias
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy,Texas
  • Local time:11:30 AM

Posted 29 July 2007 - 05:04 PM

Hello, I just added a new 70 gig sata drive and decided to load a fresh copy onto it and use my 200gig as storage. Could you tell me the best picks of anti-virus and anti spyware that will protect me in the future from even getting infected? thanks alot for your help!!

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:30 AM

Posted 29 July 2007 - 10:59 PM

I would use some of the items listed below for your protection items.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Posted Image

#9 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:30 AM

Posted 06 September 2007 - 12:29 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users