Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sohanad Worm, The Coolpics.net


  • Please log in to reply
2 replies to this topic

#1 malame3

malame3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 03 August 2007 - 01:16 PM

Moved to HJT forum from WinXP forum.
OT 08/03/2007



Hello all,

please help me i have been infected with the cool pics .net worm, and i dont know what to do.

the is the logfile from highjackthis....

thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:11:31 AM, on 8/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\system32\crypserv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Protector Plus\PPAVMon.exe
D:\Protector Plus\PPServ.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\WINDOWS\system\svchost.exe
D:\PROTEC~1\PPTbc.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROTEC~1\PPInupdt.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Pando Networks\Pando\Pando.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
D:\Protector Plus\POPSCAN.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\bobaz\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecoolpics.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Task Manager] D:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [reema] d:\program files\reemalam\csrss.exe
O4 - HKLM\..\Run: [Yahoo Messenger] D:\WINDOWS\system\svchost32.exe
O4 - HKLM\..\Run: [Protector Plus Taskbar Control] D:\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [Protector Plus InstaUpdate] D:\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [reema] d:\program files\reemalam\csrss.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Pando] "D:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{44A959C1-3644-40D6-9EB7-3E89F1D8FFDE}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Unknown owner - D:\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (UnRegistered) (ProtectorPlusService) - Unknown owner - D:\Protector Plus\PPServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by OldTimer, 03 August 2007 - 02:22 PM.


BC AdBot (Login to Remove)

 


m

#2 malame3

malame3
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 03 August 2007 - 02:16 PM

i have downloaded combofix and ran it... now i can change my IE homepage and the RUN has returned to my start menu... does this mean my problem is solved????

here is the combofix log file

ComboFix 07-08-03.4 - "bobaz" 2006-08-04 10:13:52.1 [GMT -7:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.True


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\autorun.inf
d:\autorun.inf
D:\WINDOWS\autorun.inf
D:\WINDOWS\system\svchost.exe
D:\WINDOWS\system\svchost32.exe


((((((((((((((((((((((((( Files Created from 2006-07-04 to 2006-08-04 )))))))))))))))))))))))))))))))


2006-08-07 16:02 534,208 --a------ D:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31,936 --a------ D:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28,352 --a------ D:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24,768 --a------ D:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195,776 --a------ D:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161,472 --a------ D:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110,784 --a------ D:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12,992 --a------ D:\WINDOWS\system32\drivers\symdns.sys
2006-08-04 10:12 51,200 --a------ D:\WINDOWS\nircmd.exe
2006-08-04 00:56 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2006-08-04 00:47 <DIR> d-------- D:\DOCUME~1\bobaz\.housecall6.6
2006-08-03 22:59 45,056 --a------ D:\WINDOWS\system32\_PPCXM_.DLL
2006-08-01 10:35 <DIR> d-------- D:\DOCUME~1\bobaz\APPLIC~1\dvdcss
2006-08-01 10:03 <DIR> d-------- D:\DOCUME~1\bobaz\APPLIC~1\AdobeUM
2006-07-31 09:21 <DIR> d-------- D:\Program Files\Pando Networks
2006-07-31 09:19 <DIR> d-------- D:\DOCUME~1\bobaz\APPLIC~1\Camfrog
2006-07-31 09:18 <DIR> d-------- D:\Program Files\Camfrog


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 05:46 --------- d-------- D:\DOCUME~1\bobaz\APPLIC~1\iMesh
2007-07-24 09:39 --------- d-------- D:\Program Files\iMesh Applications
2007-07-24 09:35 --------- d-------- D:\Program Files\MSN Messenger
2007-07-24 07:08 --------- d-------- D:\DOCUME~1\bobaz\APPLIC~1\Google
2007-07-24 07:04 --------- d-------- D:\DOCUME~1\bobaz\APPLIC~1\vlc
2007-07-24 06:54 --------- d-------- D:\DOCUME~1\bobaz\APPLIC~1\Yahoo!
2007-07-24 06:53 --------- d-------- D:\Program Files\Messenger
2007-07-23 10:42 1908 --a------ D:\WINDOWS\checkip.dat
2007-07-20 00:15 --------- d-------- D:\Program Files\Concise Beam V4.2
2007-06-03 01:01 --------- d-------- D:\Program Files\Google
2007-05-05 16:44 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-04-04 22:07 --------- d-------- D:\Program Files\Common Files\Adobe Systems Shared
2007-03-23 10:38 --------- d-------- D:\Program Files\Windows Live Toolbar
2007-03-23 10:38 --------- d-------- D:\Program Files\Real
2007-03-19 10:37 --------- d-------- D:\Program Files\Yahoo!
2007-03-06 05:20 --------- d-------- D:\Program Files\LEAP Software
2007-03-06 05:20 --------- d-------- D:\Program Files\Common Files\InstallShield
2007-03-01 09:08 --------- d-------- D:\Program Files\VideoLAN
2007-01-28 15:31 606848 --a------ D:\WINDOWS\flashax.exe
2007-01-28 15:31 12288 --a------ D:\WINDOWS\impborl.dll
2007-01-19 12:53 51056 --a------ D:\WINDOWS\system32\sirenacm.dll
2007-01-14 09:19 --------- d-------- D:\Program Files\activePDF
2007-01-06 15:20 --------- d-------- D:\Program Files\Common Files\Autodesk Shared
2007-01-06 15:14 54784 --a------ D:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-01-06 15:14 12464 --a------ D:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-01-06 15:14 --------- d-------- D:\Program Files\Common Files\Macrovision Shared
2007-01-06 15:14 --------- d-------- D:\Program Files\Autodesk
2007-01-06 15:13 --------- d-------- D:\Program Files\AnswerWorks 4.0
2007-01-03 17:22 --------- d-------- D:\Program Files\Snapshot Viewer
2007-01-03 17:17 --------- d-------- D:\Program Files\microsoft frontpage
2007-01-03 16:36 --------- d-------- D:\Program Files\Intel
2007-01-03 16:35 --------- d-------- D:\Program Files\Texas Instruments Inc
2007-01-03 16:33 --------- d-------- D:\Program Files\Analog Devices
2007-01-03 15:50 --------- d--h----- D:\Program Files\WindowsUpdate
2007-01-03 15:43 --------- d-------- D:\Program Files\Online Services
2007-01-03 15:42 --------- d-------- D:\Program Files\Movie Maker
2007-01-03 15:41 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-01-03 15:41 --------- d-------- D:\Program Files\Common Files\MSSoap
2007-01-03 15:40 --------- d-------- D:\Program Files\Windows NT
2007-01-03 15:40 --------- d-------- D:\Program Files\MSN Gaming Zone
2007-01-03 07:23 --------- d-------- D:\Program Files\Common Files\SpeechEngines
2007-01-03 07:23 --------- d-------- D:\Program Files\Common Files\ODBC
2006-09-27 20:35 83752 --a------ D:\WINDOWS\system32\pds.dll
2006-09-27 20:35 83752 --a------ D:\WINDOWS\system32\nts.dll
2006-09-27 20:35 83696 --a------ D:\WINDOWS\system32\loc32vc0.dll
2006-09-27 20:35 46896 --a------ D:\WINDOWS\system32\msgsys.dll
2006-09-27 20:35 34600 --a------ D:\WINDOWS\system32\cba.dll
2006-09-27 20:33 43760 --a------ D:\WINDOWS\system32\NavLogon.dll
2006-09-22 05:34 --------- d--h----- D:\Program Files\Reemalam
2006-09-18 17:55 48816 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2006-09-18 17:55 109744 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-31 10:46 176235 --a------ D:\WINDOWS\system32\Primomonnt.dll
2006-08-07 15:42 20 --a------ D:\WINDOWS\system32\drivers\SymRedir.cat
2006-08-07 15:42 1133 --a------ D:\WINDOWS\system32\drivers\SymRedir.inf
2006-08-04 09:04 --------- d-------- D:\Program Files\Symantec AntiVirus
2006-08-03 22:58 29352 --a------ D:\WINDOWS\_SETUPD_.EXE
2006-07-06 14:44 168448 --a------ D:\WINDOWS\system32\drivers\tifm21.sys
2006-06-25 23:06 --------- d-------- D:\Program Files\Symantec
2006-06-25 23:06 --------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-05-09 18:19 241664 --a------ D:\WINDOWS\system32\hppapr04.DLL
1998-12-08 19:53 99840 --a------ D:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 19:53 70144 --a------ D:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 19:53 48640 --a------ D:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 19:53 31744 --a------ D:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 19:53 186368 --a------ D:\Program Files\Common Files\IRAREG.DLL
1998-12-08 19:53 17920 --a------ D:\Program Files\Common Files\IRASRIAL.DLL


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="D:\WINDOWS\System32\igfxtray.exe" [2004-10-08 09:31]
"HotKeysCmds"="D:\WINDOWS\System32\hkcmd.exe" [2004-10-08 09:27]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 14:48]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 09:27]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Task Manager"="D:\WINDOWS\system\svchost.exe" []
"reema"="d:\program files\reemalam\csrss.exe" [2006-11-24 09:01]
"Yahoo Messenger"="D:\WINDOWS\system\svchost32.exe" []
"Protector Plus Taskbar Control"="D:\PROTEC~1\PPTbc.EXE" [2006-08-03 22:58]
"Protector Plus InstaUpdate"="D:\PROTEC~1\PPInupdt.exe" [2006-08-03 22:58]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2006-08-04 01:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 06:47]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"reema"="d:\program files\reemalam\csrss.exe" [2006-11-24 09:01]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 16:22]
"Pando"="D:\Program Files\Pando Networks\Pando\Pando.exe" [2007-06-27 16:22]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-04 22:07:19]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]
Symantec Fax Starter Edition Port.lnk - D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 14:51:54]

R1 NetworkX;NetworkX;D:\WINDOWS\System32\ckldrv.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;D:\WINDOWS\System32\DRIVERS\wmiacpi.sys
R2 CdaC15BA;CdaC15BA;\??\D:\WINDOWS\System32\drivers\CDAC15BA.SYS
R2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service;"D:\Protector Plus\PPAVMon.exe"
R2 ProtectorPlusService;Protector Plus Service (UnRegistered);"D:\Protector Plus\PPServ.exe"
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 PPDrv;Protector Plus Driver (UnRegistered);\??\D:\Protector Plus\PPDrv.sys
R3 PPEMSCAN;Protector Plus Email Scan Driver;\??\D:\Protector Plus\PPEMSCAN.sys
R3 senfilt;senfilt;D:\WINDOWS\System32\drivers\senfilt.sys
R3 tifm21;tifm21;D:\WINDOWS\System32\drivers\tifm21.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;D:\WINDOWS\System32\DRIVERS\w29n51.sys
S3 MidiSyn;MidiSyn;D:\WINDOWS\System32\drivers\MidiSyn.sys


Contents of the 'Scheduled Tasks' folder
2007-07-30 18:28:05 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-08-04 10:15:40
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2006-08-04 10:16:24
D:\ComboFix-quarantined-files.txt ... 2006-08-04 10:16

--- E O F ---

#3 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:02:05 AM

Posted 15 August 2007 - 09:54 PM

Hello malame3, and welcome to BleepingComputer.

My apologies for the delay; we are all busy.

If you still are experiencing problems, please do the following:

I see that you are using an outdated version of HijackThis.

Delete the old version of HijackThis first.

Please download the current version of HijackThis from here.

download the file double-click on the saved file. When it runs it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis. If you would like to extract it to another location you can change the directory. When it is done install, HijackThis will automatically launch. When the license agreement appears, select I accept and then click on the Do a system scan only button. When the scan is complete, click on the Save Log button to create a log of your information.

Please post the new fresh log! Thanks.


~pomp

Edited by pomp, 15 August 2007 - 09:55 PM.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users