Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Www.miaminews365.net And More....


  • Please log in to reply
5 replies to this topic

#1 The_Lucky_Kaiser

The_Lucky_Kaiser

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 20 August 2007 - 01:46 AM

Recently I've been having trouble visiting certain pages and am redirected to the above mentioned site and more over if I click a link from a google search I am brought right back to google (which is my homepage).....here is my hijackthis log....please help......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:38 AM, on 8/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\winnt\temp\adware\fsg_4104.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINNT\system32\CDFVIEWv.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINNT\inetloader.dll
O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINNT\se_spoof.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Trickler] "c:\winnt\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183335411078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F479C210-0D99-4988-BCD3-EF29F99F24FE}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--
End of file - 5506 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 20 August 2007 - 06:29 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum The_Lucky_Kaiser :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Click Start/Control Panel/Add or Remove Programs and remove/uninstall the following if present:
TrustIn Contextual
RXToolBar

Restart your pc if you removed either of them.

------------------------------------------

You've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

------------------------------------------

You've also no firewall installed.
Download/install one of the following freeware firewalls:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

-----------------------------------------

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 The_Lucky_Kaiser

The_Lucky_Kaiser
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 20 August 2007 - 10:45 AM

thank you, I took it upon myself to download and install Avira last night after reading some other topics on this forum, I did a scan and found 12 hits, I deleted them all. I seem to be running in good shape now, but here's the logs anyway just in case.....

ComboFix 07-08-17.2 - "Administrator" 08/20/2007 4:40:06.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.139 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\TrustIn Contextual
C:\WINNT\se_spoof.dll


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-20 04:44 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3d0.dat
2007-08-20 04:33 <DIR> d-------- C:\Program Files\CCleaner
2007-08-20 03:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-20 02:43 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-17 13:50 <DIR> d-------- C:\Program Files\3DGroove
2007-08-16 23:06 <DIR> d-------- C:\Program Files\Disney
2007-08-16 23:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-16 03:51 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-08-14 00:31 <DIR> d--hs---- C:\WINNT\ftpcache
2007-08-12 21:30 <DIR> d--hs---- C:\Program Files\HTV
2007-08-09 20:26 444,776 --a------ C:\WINNT\system32\d3dx10_35.dll
2007-08-09 20:26 443,752 --a------ C:\WINNT\system32\d3dx10_34.dll
2007-08-09 20:26 443,752 --a------ C:\WINNT\system32\d3dx10_33.dll
2007-08-09 20:26 3,727,720 --a------ C:\WINNT\system32\d3dx9_35.dll
2007-08-09 20:26 3,497,832 --a------ C:\WINNT\system32\d3dx9_34.dll
2007-08-09 20:26 3,495,784 --a------ C:\WINNT\system32\d3dx9_33.dll
2007-08-09 20:26 3,426,072 --a------ C:\WINNT\system32\d3dx9_32.dll
2007-08-09 20:26 2,414,360 --a------ C:\WINNT\system32\d3dx9_31.dll
2007-08-09 20:26 1,358,192 --a------ C:\WINNT\system32\D3DCompiler_35.dll
2007-08-09 20:26 1,124,720 --a------ C:\WINNT\system32\D3DCompiler_34.dll
2007-08-09 20:26 1,123,696 --a------ C:\WINNT\system32\D3DCompiler_33.dll
2007-08-09 20:25 2,297,552 --a------ C:\WINNT\system32\d3dx9_26.dll
2007-08-09 20:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-09 20:08 664 --a------ C:\WINNT\system32\d3d9caps.dat
2007-08-09 20:01 208,896 --a------ C:\WINNT\system32\nvudisp.exe
2007-08-09 20:01 <DIR> d-------- C:\WINNT\nview
2007-08-09 20:00 208,896 --a------ C:\WINNT\system32\NVUNINST.EXE
2007-08-09 20:00 <DIR> d-------- C:\NVIDIA
2007-08-01 13:14 <DIR> d-------- C:\Program Files\Nick Jr. Arcade
2007-07-31 10:52 <DIR> d--hs---- C:\RECYCLER
2007-07-26 18:18 306,688 --a------ C:\WINNT\IsUninst.exe
2007-07-26 16:12 8,384 -ra------ C:\WINNT\system\QTHNDLR.DLL
2007-07-26 16:12 73,456 -ra------ C:\WINNT\system\QTOLE.DLL
2007-07-26 16:12 61,024 -ra------ C:\WINNT\PLAYER.EXE
2007-07-26 16:12 47,776 -ra------ C:\WINNT\VIEWER.EXE
2007-07-26 16:12 4,160 -ra------ C:\WINNT\system\QTNOTIFY.EXE
2007-07-26 16:12 358,192 -ra------ C:\WINNT\system\QTIM.DLL
2007-07-26 16:12 3,920 -ra------ C:\WINNT\system\MCIQTENU.DLL
2007-07-26 16:12 17,536 -ra------ C:\WINNT\VIEWENU.DLL
2007-07-26 16:12 16,912 -ra------ C:\WINNT\PLAYENU.DLL
2007-07-26 16:12 141,206 -ra------ C:\WINNT\README.EXE
2007-07-26 16:12 14,400 -ra------ C:\WINNT\system\QTIMCMGR.DLL
2007-07-26 11:56 <DIR> d-------- C:\hegames
2007-07-26 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-26 00:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-07-25 22:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-25 17:00 <DIR> d-------- C:\Program Files\Virtools


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

99-12-07 00:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-07-26 15:58 --------- d-------- C:\Program Files\Common Files\InstallShield
07-07-09 21:37 --------- d-------- C:\Program Files\MySpace
07-07-09 21:37 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MySpace
07-07-07 20:33 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
07-07-07 18:36 --------- d-------- C:\Program Files\Common Files\Ahead
07-07-07 18:32 --------- d-------- C:\Program Files\Nero
07-07-07 13:04 --------- d-------- C:\Program Files\Winamp
07-07-07 12:47 --------- d-------- C:\Program Files\FREE Hi-Q Recorder
07-07-03 19:10 132904 --a------ C:\WINNT\system32\drivers\imagesrv.sys
07-07-03 19:10 11304 --a------ C:\WINNT\system32\drivers\imagedrv.sys
07-07-01 21:43 58000 --a------ C:\WINNT\system32\drivers\cdr4_2K.sys
07-07-01 21:43 57344 --a------ C:\WINNT\uneng.exe
07-07-01 21:43 49152 --a------ C:\WINNT\system32\cdrtc.dll
07-07-01 21:43 45056 --a------ C:\WINNT\system32\cdral.dll
07-07-01 21:43 401462 --a------ C:\WINNT\system32\Msvcp60.dll
07-07-01 21:43 23420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
07-07-01 21:43 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
07-07-01 20:13 --------- d-ah----- C:\Program Files\WindowsUpdate
07-07-01 20:09 --------- d-------- C:\Program Files\Windows NT
07-07-01 19:47 --------- d-------- C:\Program Files\EuroTool
07-06-30 23:30 --------- d-------- C:\Program Files\EPSON
07-06-27 19:05 972072 --a------ C:\WINNT\UNNeroMediaHome.exe
07-06-26 14:12 972072 --a------ C:\WINNT\UNNeroVision.exe
07-06-26 05:57 235280 --a------ C:\WINNT\system32\GDI32.DLL
07-06-25 18:38 --------- d-------- C:\Program Files\INSTAFINK
07-06-25 18:38 --------- d-------- C:\Program Files\Altnet
07-06-25 18:30 10 --a------ C:\WINNT\smdat32m.sys
07-06-25 18:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-06-25 18:25 0 --a------ C:\WINNT\smdat32a.sys
07-06-25 18:20 --------- d-------- C:\Program Files\WinAce
07-06-23 04:13 --------- d-------- C:\Program Files\microsoft frontpage
07-06-23 04:12 0 -rahs---- C:\MSDOS.SYS
07-06-23 04:12 0 -rahs---- C:\IO.SYS
07-06-23 04:12 0 ---h----- C:\CONFIG.SYS
07-06-23 04:12 0 ---h----- C:\AUTOEXEC.BAT
07-06-23 04:10 271 ---h----- C:\Program Files\desktop.ini
07-06-23 04:10 21952 ---h----- C:\Program Files\folder.htt
07-06-23 00:08 --------- d-------- C:\Program Files\Accessories
07-06-22 23:38 --------- d-a------ C:\Program Files\Common Files\ODBC
07-06-07 02:50 1119232 --a------ C:\WINNT\system32\msxml3.dll
07-05-29 21:19 50176 --a------ C:\WINNT\system32\reg.exe
2000-01-05 19:10:50 143,632 -csha-r C:\WINNT\system32\dllcache\asycfilt.dll.tmp
2000-02-11 17:33:56 1,495,312 -csha-r C:\WINNT\system32\dllcache\msjet40.dll.tmp
2000-01-05 19:10:50 164,112 -csha-r C:\WINNT\system32\dllcache\olepro32.dll.tmp
2000-01-31 12:55:00 449,296 -csha-r C:\WINNT\system32\dllcache\wab32.dll.tmp


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [05-10-19 08:59 ]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [05-10-19 08:59 ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06-01-30 15:13 ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [07-03-01 15:57 ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-05-11 03:06 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [06-10-22 12:22 ]
"nwiz"="nwiz.exe" [06-10-22 12:22 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [06-10-22 12:22 ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [07-04-02 10:35 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07-06-27 19:03 ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [07-05-29 21:34 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINNT\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINNT\system32\DRIVERS\ssmdrv.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 bcm4sbe5;Broadcom 440x 10/100 Integrated Controller Driver;C:\WINNT\system32\DRIVERS\bcm4sbe5.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 04:45:30
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-20 4:48:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-20 04:47

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:12 AM, on 8/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183335411078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F479C210-0D99-4988-BCD3-EF29F99F24FE}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--
End of file - 5143 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 20 August 2007 - 01:24 PM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Find and delete:
C:\WINNT\smdat32a.sys

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 The_Lucky_Kaiser

The_Lucky_Kaiser
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 20 August 2007 - 05:05 PM

Thanks, my pc seems to be running nice and smooth now. OK, here's the logs requested:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2007 at 05:15 PM

Application Version : 3.9.1008

Core Rules Database Version : 3289
Trace Rules Database Version: 1300

Scan type : Complete Scan
Total Scan Time : 00:25:00

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 4615
Registry threats detected : 216
File items scanned : 19212
File threats detected : 38

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.mtvnservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnetinteractive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.thewheelof[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cluster01.oasis.zmh.zope[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-meevee.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt

Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart
HKLM\Software\Gator.com\Gator\dyn\GCH
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#206-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#206-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#208-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#208-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#214-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#214-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#221-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#221-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#223-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#223-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#225-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#225-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#226-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#226-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#227-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#227-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#228-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#228-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#230-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#230-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#231-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#231-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#175-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#175-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#178-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#178-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#179-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#179-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#180-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#180-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#181-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#181-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#182-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#182-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#183-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#183-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#184-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#184-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#185-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#185-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#186-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#186-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#187-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#187-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#188-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#188-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#189-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#189-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#190-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#190-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#191-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#191-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#192-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#192-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#193-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#193-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#194-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#194-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#195-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#195-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#196-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#196-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#197-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#197-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#198-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#198-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#200-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#200-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#201-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#201-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#202-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#202-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#203-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#203-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#204-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#204-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#205-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#205-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#201-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#201-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#202-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#202-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#203-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#203-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#204-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#204-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#205-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#205-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#206-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#206-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#207-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#207-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#208-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#208-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#209-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#209-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#210-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#210-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#210-2
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#211-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#211-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#212-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#212-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#213-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#213-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#214-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#214-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#215-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#215-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#216-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#216-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#217-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#217-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#218-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#218-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#219-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#219-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#220-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#220-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#221-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#221-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#223-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#223-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#224-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#224-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#225-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#225-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#226-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#226-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#227-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#227-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#228-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#228-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#229-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#229-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#230-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#230-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#231-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#231-bytes
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat#Guid
HKLM\Software\Gator.com\Gator\stat#MID
HKLM\Software\Gator.com\GInternet
HKLM\Software\Gator.com\GInternet\Proxy
HKLM\Software\Gator.com\GInternet\Proxy#Enabled
HKLM\Software\Gator.com\Trickler
HKLM\Software\Gator.com\Trickler#AppPath
HKLM\Software\Gator.com\Trickler#FirstStartValue
HKLM\Software\Gator.com\Trickler#StartTime
HKLM\Software\Gator.com\Trickler#FirstStartSent
HKLM\Software\Gator.com\Trickler#Deleting
HKLM\Software\Gator.com\Trickler\Files
HKLM\Software\Gator.com\Trickler\Files\Bundle
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\OemResDll
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\SilentSetup
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\TricklerInf
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Attempts
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Errors
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#FileDones

Adware.TrustInCash
HKCR\Se_spoof.SpoofBHO.1
HKCR\Se_spoof.SpoofBHO.1\CLSID



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:26 PM, on 8/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183335411078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F479C210-0D99-4988-BCD3-EF29F99F24FE}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--
End of file - 5267 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 20 August 2007 - 05:46 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Click on Start/Run,type cleanmgr into the 'Open:' space,then press Ok.
Let it scan your system for files to remove.
Make sure these 3 are checked and nothing else,then press Ok.

* Temporary Files
* Temporary Internet Files
* Recycle Bin


* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users