Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Non Stop Pop Ups And Avsystem Care- Help?


  • Please log in to reply
4 replies to this topic

#1 Crave Disorder

Crave Disorder

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 27 July 2007 - 10:12 AM

For the past few days my computer seems to have become infected with something nasty. I seem to be inundated with pop ups from AVSystemcare, ukprizedraw,Win a Nintendo wII, lots of other clash media related stuff. I have dne online scans through Kaspersky, Trend and Panda. I amrunning AVG antivirus. I have ran latest definition spyware scans with Spybot S&D, AVG, Ad-Aware,SuperAntiSpyware, Rogue Dfender to mention a few. Thought I hd finally cured it but its back!!! The last thing installed was a tv webstreaming service called TVants and Sopcast, I suspectthis is something to do with it. PLease see my Hijack log and ANYHELP would be so appreciated!! Thanks anyone.



Logfile of HijackThis v1.99.1
Scan saved at 16:10:57, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\ccserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speedwaymasters.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F83D3A01-BFBF-48FA-9977-25A0A248D9C3}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sQusiStub.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Auto RAS dialer - Unknown owner - C:\unzipped\AutoRasDial\AutoRasDial.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: cc service (ccservice) - Unknown owner - C:\WINDOWS\System32\ccserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe

:thumbsup:

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 July 2007 - 12:47 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Crave Disorder :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

----------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Crave Disorder

Crave Disorder
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 27 July 2007 - 03:29 PM

Hi there, many thanks for the reply, very appreciated, here are the 2 logs that you requested. What are your suspicions? Has a virus changed the hosts?
Thanks




ComboFix 07-07-27.6 - "Derek" 2007-07-27 21:20:43.3 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-27 16:45 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 16:32 <DIR> d-------- C:\DOCUME~1\Derek\DoctorWeb
2007-07-26 21:26 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-07-26 21:12 <DIR> d----c--- C:\!KillBox
2007-07-26 19:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-26 17:41 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-26 17:40 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-25 14:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sQusi
2007-07-25 13:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-25 13:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-25 13:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 10:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-25 10:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-25 07:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-25 07:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 07:47 <DIR> d-------- C:\DOCUME~1\Derek\APPLIC~1\SUPERAntiSpyware.com
2007-07-21 10:22 <DIR> d-------- C:\Program Files\Common Files\Synacast
2007-07-16 15:43 <DIR> d----c--- C:\Gry
2007-07-15 15:15 <DIR> d-------- C:\DOCUME~1\Derek\APPLIC~1\Comodo
2007-07-15 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-15 15:11 <DIR> d-------- C:\Program Files\Comodo
2007-07-15 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-15 11:52 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-15 11:50 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-07-15 11:49 <DIR> d-------- C:\Program Files\SPAMfighter
2007-07-15 11:49 <DIR> d-------- C:\Program Files\Common Files\Application
2007-07-15 11:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-05 23:08 <DIR> d-------- C:\Program Files\SGGroup
2007-07-05 09:30 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-07-04 14:22 1,184,400 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-07-04 13:06 <DIR> d-------- C:\Program Files\Nero
2007-07-04 13:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-04 10:51 <DIR> d-------- C:\Program Files\SiSoftware
2007-06-28 06:47 <DIR> d-------- C:\DOCUME~1\Derek\APPLIC~1\K9


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 21:14 --------- d-------- C:\Program Files\SpywareBlaster
2007-07-26 21:13 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\Azureus
2007-07-26 14:47 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-25 21:36 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\Microsoft Games
2007-07-25 15:26 --------- d-------- C:\Program Files\QuickSFV
2007-07-25 15:25 --------- d-------- C:\Program Files\MSN Messenger
2007-07-25 15:20 --------- d-------- C:\Program Files\Messenger
2007-07-25 15:14 --------- d-------- C:\Program Files\Folder Security Personal 3.0
2007-07-25 14:51 --------- d-------- C:\Program Files\Advanced System Optimizer
2007-07-25 13:07 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-07-25 11:41 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-25 10:19 --------- d-------- C:\Program Files\Lavasoft
2007-07-25 10:19 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 10:19 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\Lavasoft
2007-07-25 09:52 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-07-24 11:17 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-07-16 18:51 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\Vso
2007-07-15 15:29 --------- d-------- C:\Program Files\All Sound Recorder XP
2007-07-15 11:50 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\SPAMfighter
2007-07-07 13:07 --------- d-------- C:\Program Files\Starry Night Backyard
2007-07-06 11:36 --------- d-------- C:\Program Files\SHMM
2007-07-05 09:46 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\CopyToDvd
2007-07-04 18:04 --------- d-------- C:\Program Files\RegistryFix
2007-07-04 18:00 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-04 18:00 --------- d-------- C:\Program Files\Ulead Systems
2007-07-04 17:52 --------- d-------- C:\Program Files\SlySoft
2007-07-04 17:47 --------- d-------- C:\Program Files\321Studios
2007-07-04 15:33 --------- d-------- C:\DOCUME~1\Derek\APPLIC~1\Ahead
2007-07-04 13:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-02 21:18 5018 --ahsc--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-29 20:13 --------- d-------- C:\Program Files\Common Files\Cloudmark
2007-06-25 15:48 --------- d-------- C:\Program Files\Common Files\Nokia
2007-06-19 20:42 --------- d-------- C:\Program Files\Acoustica MP3 CD Burner
2007-06-13 19:48 --------- d-------- C:\Program Files\Apple Software Update
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 11:22 --------- d-------- C:\Program Files\Smallvideosoft
2007-06-03 11:17 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-06-03 11:15 --------- d-------- C:\Program Files\Mobile Video Converter
2007-06-03 10:54 --------- d-------- C:\Program Files\iTunes
2007-06-03 10:54 --------- d-------- C:\Program Files\iPod
2007-06-03 10:52 --------- d-------- C:\Program Files\QuickTime
2007-06-03 10:47 --------- d-------- C:\Program Files\Replay Converter
2007-06-02 15:37 --------- d-------- C:\Program Files\eMule
2007-05-29 20:12 737280 --a------ C:\WINDOWS\iun6002.exe
2007-05-29 17:12 --------- d-------- C:\Program Files\Riva
2007-05-29 17:12 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-05-28 11:25 --------- d-------- C:\Program Files\V3105s Digital Camera
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-15 15:32 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys
2007-05-05 10:16 0 --a--c--- C:\WINDOWS\PowerReg.dat
2007-03-26 00:01 126096 --a--c--- C:\DOCUME~1\Derek\APPLIC~1\GDIPFONTCACHEV1.DAT
2006-11-20 13:04 81920 --a------ C:\DOCUME~1\Derek\APPLIC~1\ezpinst.exe
2006-11-20 13:04 47360 --a------ C:\DOCUME~1\Derek\APPLIC~1\pcouffin.sys
2005-11-13 21:24:27 80 --sh--r C:\WINDOWS\system32\16FF788235.dll
2006-02-01 00:12:27 104 -csh--r C:\WINDOWS\system32\16FF788235.sys
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-05 08:50]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-07-04 14:22]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=01000000
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sQusiStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE USB PC Camera 301P

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\xjxwfuful\smss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
"VOBRegCheck"=C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide

R0 secdir;Folder Security Personal;C:\WINDOWS\system32\secdir.sys
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
R0 TPkd;TPkd;C:\WINDOWS\system32\drivers\TPkd.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 Udfreadr_xp;Udfreadr_xp;C:\WINDOWS\system32\drivers\Udfreadr_xp.sys
R2 cc_nt4;cc_nt4;\??\C:\WINDOWS\System32\Drivers\cc_nt4.sys
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys
R3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 dvd43llh;dvd43llh;C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
S2 Auto RAS dialer;Auto RAS dialer;C:\unzipped\AutoRasDial\AutoRasDial.exe
S2 ccservice;cc service;C:\WINDOWS\System32\ccserv.exe
S3 AdfuUd;USB 2.0 (FS) ADFU Device;C:\WINDOWS\system32\Drivers\AdfuUd.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
S3 csaudio;AVerDVD EZMaker USB Audio Device Driver;C:\WINDOWS\system32\DRIVERS\CsAud.sys
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;C:\WINDOWS\system32\Drivers\CsMini20.sys
S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 ggsemc;Sony Ericsson USB Flash Driver;C:\WINDOWS\system32\DRIVERS\ggsemc.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 SQTECH9160;CAMERA;C:\WINDOWS\system32\Drivers\Capt9160.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 Usb20Scan;USB 2.0 Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys
S3 wandrv;WAN Network Driver;C:\WINDOWS\system32\DRIVERS\wandrv.sys
S3 ZSMC301b;USB PC Camera 301P;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2005-01-16 18:18:54 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~SHADOWMAN Derek.job
2007-07-27 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-01-16 18:18:54 C:\WINDOWS\tasks\2 Copernic Daily ~SHADOWMAN Derek.job
2005-01-16 18:18:54 C:\WINDOWS\tasks\3 Copernic Weekly ~SHADOWMAN Derek.job
2005-01-16 18:18:54 C:\WINDOWS\tasks\4 Copernic Monthly ~SHADOWMAN Derek.job
2007-07-25 18:06:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-27 16:03:34 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 21:22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\XP\23]
"DisplayName"="\x3e98\23\x40d0\23"
"DeviceDesc"="\x3e98\23\x40d0\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x5058\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"nf\cx_08346.inf"

scanning hidden files ...

C:\WINDOWS\winafn.dat
C:\WINDOWS\winamp.ini
C:\WINDOWS\Windows Update Setup Files
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winmail1.dat
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr8.prx
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\wrt.dat
C:\WINDOWS\WRUninstall.dll
C:\WINDOWS\XGMixer.ini
C:\WINDOWS\xmd.ico
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\zipinst.exe
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
C:\WINDOWS\winzipme.ini
C:\WINDOWS\system32\$SETINI$.DAT
C:\WINDOWS\system32\FLOCKER.ACL
C:\WINDOWS\system32\Flocker.USR

scan completed successfully
hidden files: 29

**************************************************************************

Completion time: 2007-07-27 21:23:50
C:\ComboFix-quarantined-files.txt ... 2007-07-27 21:23
C:\ComboFix2.txt ... 2007-07-27 21:16
C:\ComboFix3.txt ... 2007-07-27 17:04

--- E O F ---







Logfile of HijackThis v1.99.1
Scan saved at 21:26:33, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speedwaymasters.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F83D3A01-BFBF-48FA-9977-25A0A248D9C3}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sQusiStub.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Auto RAS dialer - Unknown owner - C:\unzipped\AutoRasDial\AutoRasDial.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: cc service (ccservice) - Unknown owner - C:\WINDOWS\System32\ccserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 July 2007 - 04:09 PM

I now need you to do the following if you will:

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\xjxwfuful\smss.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\xjxwfuful\smss.exe
Then click on 'Send File'.
Post the results into your next reply.

Then do exactly the same with:
C:\WINDOWS\system32\16FF788235.dll
C:\WINDOWS\system32\16FF788235.sys
Post all three sets of results into your next reply please.
Posted Image
Posted Image

#5 Crave Disorder

Crave Disorder
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 28 July 2007 - 04:26 AM

Hi there
have done a search and cannot find any of the 3 files that you mention?
Used search function showing hidden files, looked myself in Explorer but they dont appear to be there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users