Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Issues. Nebuler S, Win32\kastem, Newmediacodec Ect Ect


  • Please log in to reply
21 replies to this topic

#1 LiLcOoKiE

LiLcOoKiE

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 08 September 2007 - 04:47 AM

On start up i get a lsass.exe file missing and a MSVCP71.dll file missing. Then come the pop ups of the win32\Kastem. Even with my connection unplugged there is something trying to use my internet.

I run constant scans with e-trust, avg anti-spyware, ad-aware and spybot. But none of the issues seem to dissapear. I have searched and searched for help but even when I spent hours trying to hardest to get rid of something. I restart and it comes back.

Please
help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:11 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.797\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
O2 - BHO: (no name) - {03F2FC29-4B31-40CD-9D29-4B4B7EB06F8F} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\pmnkhhf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WindXpUpdate32] WindXpUpdate
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [qhenarmz] rundll32.exe "C:\Program Files\lcrefklg\vyfylyra.dll",Init
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win14C.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [WindXpUpdate32] WindXpUpdate
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189168616843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: pmnkhhf - C:\WINDOWS\SYSTEM32\pmnkhhf.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8579 bytes

BC AdBot (Login to Remove)

 


#2 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 08 September 2007 - 07:19 AM

Ok with a little more tinkering alot of the silly win32\kastem.al warnings stopped coming up and all that my computer could find was the nebuler S thing which i removed for bout 20 minutes then it came back.

new hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:40 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
O2 - BHO: (no name) - {03F2FC29-4B31-40CD-9D29-4B4B7EB06F8F} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\pmnkhhf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WindXpUpdate32] WindXpUpdate
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [qhenarmz] rundll32.exe "C:\Program Files\lcrefklg\vyfylyra.dll",Init
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [WindXpUpdate32] WindXpUpdate
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189168616843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: pmnkhhf - C:\WINDOWS\SYSTEM32\pmnkhhf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8476 bytes

#3 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 10 September 2007 - 08:40 AM

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.

Please download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Now, run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

Old duck...


#4 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 11 September 2007 - 01:55 AM

ComboFix 07-09-11.1 - "Owner" 2007-09-11 15:41:25.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.371 [GMT 10:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-11 11:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 22:56 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-10 22:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-09-10 22:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-10 22:56 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-10 22:56 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-10 22:56 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-10 22:56 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-09 19:42 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-09 18:21 94,208 --a------ C:\WINDOWS\system32\drvsun.dll
2007-09-09 18:21 15,360 --a------ C:\WINDOWS\system32\drvsunr.dll
2007-09-09 16:08 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-09-09 16:08 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-09-09 16:08 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-09 16:08 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 16:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-09-09 16:08 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-09-09 16:07 61,440 --a------ C:\WINDOWS\system32\dsnphv71.dll
2007-09-09 16:07 53,248 --a------ C:\WINDOWS\amcap.exe
2007-09-09 16:07 307,200 --a------ C:\WINDOWS\vidcap32.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\vsnphv71.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\system32\vsnphv71.dll
2007-09-09 16:07 220,928 --a------ C:\WINDOWS\system32\drivers\snphv71.sys
2007-09-09 16:07 20,480 --a------ C:\WINDOWS\dsnphv71.exe
2007-09-09 16:07 120,879 --a------ C:\WINDOWS\usnphv71.exe
2007-09-09 16:07 <DIR> d-------- C:\Program Files\Common Files\snphv71
2007-09-08 21:58 499,712 --a------ C:\WINDOWS\MSVCP71.DLL
2007-09-08 20:58 <DIR> d-------- C:\Program Files\Neopets
2007-09-08 20:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Neopets Toolbar
2007-09-08 19:37 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-08 19:37 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-08 19:37 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-08 19:36 <DIR> d-------- C:\Program Files\Sygate
2007-09-08 13:30 15,360 --a------ C:\WINDOWS\system32\drvfetr.dll
2007-09-07 23:19 93,696 --a------ C:\WINDOWS\system32\drvhut.dll
2007-09-07 23:19 15,360 --a------ C:\WINDOWS\system32\drvhutr.dll
2007-09-07 22:48 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-09-07 21:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-07 21:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-09-07 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-07 19:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-09-07 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-09-07 16:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 16:46 <DIR> d-------- C:\WTablet
2007-09-07 16:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-06 23:17 94,208 --a------ C:\WINDOWS\system32\drvdij.dll
2007-09-06 23:17 15,360 --a------ C:\WINDOWS\system32\drvdijr.dll
2007-09-06 22:36 94,208 --a------ C:\WINDOWS\system32\drvpar.dll
2007-09-06 22:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-06 22:36 15,360 --a------ C:\WINDOWS\system32\drvparr.dll
2007-09-06 22:35 23,552 --a------ C:\WINDOWS\system32\winxtx32.dll
2007-09-06 18:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-09-06 17:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-05 21:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Nokia
2007-09-05 21:01 <DIR> d-------- C:\Program Files\DIFX
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Suite
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-05 20:59 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-05 20:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-09-05 20:58 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 20:58 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-05 17:27 1,648,016 -r-h----- C:\WINDOWS\EditServAPI.exe
2007-09-05 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-05 15:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-09-05 13:24 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-09-05 13:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-09-05 13:18 <DIR> d-------- C:\Temp
2007-09-05 08:56 <DIR> d-------- C:\Program Files\Bonjour
2007-09-05 08:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-04 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-04 21:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Corel
2007-09-04 21:30 <DIR> d-------- C:\Program Files\Corel
2007-09-04 20:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-09-04 18:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\FrostWire
2007-09-04 18:25 <DIR> d-------- C:\Program Files\FrostWire
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent DNA
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-09-04 17:09 <DIR> d-------- C:\Program Files\mIRC
2007-09-04 17:09 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\mIRC
2007-09-04 16:58 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-09-04 16:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 16:55 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-04 16:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WTablet
2007-09-04 16:45 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-09-04 16:45 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-09-04 16:45 140,848 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-09-04 16:45 1,013,296 --a------ C:\WINDOWS\system32\Tablet.exe
2007-09-04 16:45 <DIR> d-------- C:\WINDOWS\system32\WTablet
2007-09-04 16:45 <DIR> d-------- C:\Program Files\Tablet
2007-09-04 16:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-09-04 16:19 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-09-04 16:19 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 19:35 1024 --a------ C:\WINDOWS\system32\drivers\513652D0-DB92-40F3-98AD-843EED9731AA.cxv
2007-09-04 13:20 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-09-04 13:20 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-09-03 21:02 99880 --a------ C:\WINDOWS\UnVet32.exe
2007-09-03 21:02 75304 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-09-03 21:02 21032 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-09-03 21:02 15736 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-09-03 21:02 15479 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-09-03 21:02 112168 --a------ C:\WINDOWS\AVShlExt.dll
2007-09-03 20:58 323870 --a------ C:\WINDOWS\system32\Benq Corporation.scr
2007-09-03 20:45 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-09-08 13:10 11776 --a------ C:\Program Files\44591875.exe
2003-09-08 13:09 11776 --a------ C:\Program Files\44509984.exe
2003-09-08 13:07 11776 --a------ C:\Program Files\44436359.exe
2003-09-08 13:06 11776 --a------ C:\Program Files\44362968.exe
2003-09-08 13:05 11776 --a------ C:\Program Files\44284656.exe
2003-09-08 13:04 11776 --a------ C:\Program Files\44207734.exe
2003-09-08 13:02 11776 --a------ C:\Program Files\44134109.exe
2003-09-08 13:01 11776 --a------ C:\Program Files\44063765.exe
2003-09-08 13:00 11776 --a------ C:\Program Files\43995687.exe
2003-09-08 01:03 76068 --a------ C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-09-04 15:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-04 17:11]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Service"=taskmgr1.exe
"WindXpUpdate32"=WindXpUpdate

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe
S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
S3 SNPHV71;PC Camera (602a VGA);C:\WINDOWS\system32\DRIVERS\snphv71.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B5C4767-D8DE-AB3B-7ED0-86C27EE5D2BE}]
C:\Documents and Settings\Owner\My Documents\Downloads\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 15:15:08 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 1 15 AM.job"
"2007-09-09 16:15:08 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 2 15 AM.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 15:44:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-11 15:45:42
C:\ComboFix-quarantined-files.txt ... 2007-09-11 15:45
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52, on 2007-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [WindXpUpdate32] WindXpUpdate
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189168616843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6134 bytes


i need a new anti virus since my other one is soon to expire. but so far hardly anything is being detected anymore which is great

#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 11 September 2007 - 08:24 AM

There are still some dubious files showing on the ComboFix report, and on the HijackThis log as well..

Please do the following:

Download SuperAntiSpyware
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

~~~~
Next, run ComboFix once again, but make sure it is not in Safe Mode.

~~~~
Please provide the SuperAntiSpyware log, as well as the new ComboFx.txt in your reply.


If you need an AntiVirus program, there are free programs available:

Grosoft's AVG: Anti-virus Free Edition

avast! 4 Home

AntiVir Personal Edition

Edited by Aaflac, 11 September 2007 - 08:36 AM.

Old duck...


#6 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 13 September 2007 - 12:36 AM

ComboFix 07-09-11.1 - "Owner" 2007-09-11 15:41:25.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.371 [GMT 10:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-11 11:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 22:56 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-10 22:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-09-10 22:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-10 22:56 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-10 22:56 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-10 22:56 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-10 22:56 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-09 19:42 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-09 18:21 94,208 --a------ C:\WINDOWS\system32\drvsun.dll
2007-09-09 18:21 15,360 --a------ C:\WINDOWS\system32\drvsunr.dll
2007-09-09 16:08 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-09-09 16:08 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-09-09 16:08 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-09 16:08 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 16:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-09-09 16:08 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-09-09 16:07 61,440 --a------ C:\WINDOWS\system32\dsnphv71.dll
2007-09-09 16:07 53,248 --a------ C:\WINDOWS\amcap.exe
2007-09-09 16:07 307,200 --a------ C:\WINDOWS\vidcap32.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\vsnphv71.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\system32\vsnphv71.dll
2007-09-09 16:07 220,928 --a------ C:\WINDOWS\system32\drivers\snphv71.sys
2007-09-09 16:07 20,480 --a------ C:\WINDOWS\dsnphv71.exe
2007-09-09 16:07 120,879 --a------ C:\WINDOWS\usnphv71.exe
2007-09-09 16:07 <DIR> d-------- C:\Program Files\Common Files\snphv71
2007-09-08 21:58 499,712 --a------ C:\WINDOWS\MSVCP71.DLL
2007-09-08 20:58 <DIR> d-------- C:\Program Files\Neopets
2007-09-08 20:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Neopets Toolbar
2007-09-08 19:37 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-08 19:37 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-08 19:37 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-08 19:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-08 19:36 <DIR> d-------- C:\Program Files\Sygate
2007-09-08 13:30 15,360 --a------ C:\WINDOWS\system32\drvfetr.dll
2007-09-07 23:19 93,696 --a------ C:\WINDOWS\system32\drvhut.dll
2007-09-07 23:19 15,360 --a------ C:\WINDOWS\system32\drvhutr.dll
2007-09-07 22:48 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-09-07 21:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-07 21:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-09-07 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-07 19:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-09-07 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-09-07 16:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 16:46 <DIR> d-------- C:\WTablet
2007-09-07 16:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-06 23:17 94,208 --a------ C:\WINDOWS\system32\drvdij.dll
2007-09-06 23:17 15,360 --a------ C:\WINDOWS\system32\drvdijr.dll
2007-09-06 22:36 94,208 --a------ C:\WINDOWS\system32\drvpar.dll
2007-09-06 22:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-06 22:36 15,360 --a------ C:\WINDOWS\system32\drvparr.dll
2007-09-06 22:35 23,552 --a------ C:\WINDOWS\system32\winxtx32.dll
2007-09-06 18:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-09-06 17:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-05 21:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Nokia
2007-09-05 21:01 <DIR> d-------- C:\Program Files\DIFX
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Suite
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-05 20:59 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-05 20:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-09-05 20:58 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 20:58 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-05 17:27 1,648,016 -r-h----- C:\WINDOWS\EditServAPI.exe
2007-09-05 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-05 15:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-09-05 13:24 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-09-05 13:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-09-05 13:18 <DIR> d-------- C:\Temp
2007-09-05 08:56 <DIR> d-------- C:\Program Files\Bonjour
2007-09-05 08:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-04 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-04 21:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Corel
2007-09-04 21:30 <DIR> d-------- C:\Program Files\Corel
2007-09-04 20:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-09-04 18:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\FrostWire
2007-09-04 18:25 <DIR> d-------- C:\Program Files\FrostWire
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent DNA
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-09-04 17:09 <DIR> d-------- C:\Program Files\mIRC
2007-09-04 17:09 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\mIRC
2007-09-04 16:58 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-09-04 16:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 16:55 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-04 16:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WTablet
2007-09-04 16:45 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-09-04 16:45 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-09-04 16:45 140,848 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-09-04 16:45 1,013,296 --a------ C:\WINDOWS\system32\Tablet.exe
2007-09-04 16:45 <DIR> d-------- C:\WINDOWS\system32\WTablet
2007-09-04 16:45 <DIR> d-------- C:\Program Files\Tablet
2007-09-04 16:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-09-04 16:19 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-09-04 16:19 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 19:35 1024 --a------ C:\WINDOWS\system32\drivers\513652D0-DB92-40F3-98AD-843EED9731AA.cxv
2007-09-04 13:20 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-09-04 13:20 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-09-03 21:02 99880 --a------ C:\WINDOWS\UnVet32.exe
2007-09-03 21:02 75304 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-09-03 21:02 21032 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-09-03 21:02 15736 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-09-03 21:02 15479 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-09-03 21:02 112168 --a------ C:\WINDOWS\AVShlExt.dll
2007-09-03 20:58 323870 --a------ C:\WINDOWS\system32\Benq Corporation.scr
2007-09-03 20:45 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-09-08 13:10 11776 --a------ C:\Program Files\44591875.exe
2003-09-08 13:09 11776 --a------ C:\Program Files\44509984.exe
2003-09-08 13:07 11776 --a------ C:\Program Files\44436359.exe
2003-09-08 13:06 11776 --a------ C:\Program Files\44362968.exe
2003-09-08 13:05 11776 --a------ C:\Program Files\44284656.exe
2003-09-08 13:04 11776 --a------ C:\Program Files\44207734.exe
2003-09-08 13:02 11776 --a------ C:\Program Files\44134109.exe
2003-09-08 13:01 11776 --a------ C:\Program Files\44063765.exe
2003-09-08 13:00 11776 --a------ C:\Program Files\43995687.exe
2003-09-08 01:03 76068 --a------ C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-09-04 15:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-04 17:11]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Service"=taskmgr1.exe
"WindXpUpdate32"=WindXpUpdate

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe
S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
S3 SNPHV71;PC Camera (602a VGA);C:\WINDOWS\system32\DRIVERS\snphv71.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B5C4767-D8DE-AB3B-7ED0-86C27EE5D2BE}]
C:\Documents and Settings\Owner\My Documents\Downloads\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 15:15:08 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 1 15 AM.job"
"2007-09-09 16:15:08 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 2 15 AM.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 15:44:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-11 15:45:42
C:\ComboFix-quarantined-files.txt ... 2007-09-11 15:45
.
--- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/12/2007 at 04:44 PM

Application Version : 3.9.1008

Core Rules Database Version : 3304
Trace Rules Database Version: 1310

Scan type : Complete Scan
Total Scan Time : 01:08:05

Memory items scanned : 407
Memory threats detected : 1
Registry items scanned : 4380
Registry threats detected : 11
File items scanned : 23870
File threats detected : 37

Trojan.Downloader-Gen/Suspicious
C:\PROGRAM FILES\BITTORRENT_DNA\DNA.EXE
[BitTorrent DNA] C:\PROGRAM FILES\BITTORRENT_DNA\DNA.EXE
C:\PROGRAM FILES\BITTORRENT_DNA\DNA.EXE

Neopets Toolbar
HKLM\Software\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ProgID
C:\PROGRA~1\NEOPETS\TOOLBAR\TOOLBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CD292324-974F-4224-D074-CACA427AA030}
HKCR\Toolbar.Neopets
HKCR\Toolbar.Neopets\Clsid

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@virginmobile.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.halstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt

Trojan.Downloader-Gen/HitItQuitIt
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\BACKUPS\BACKUP-20070908-223433-894.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\BACKUPS\BACKUP-20070908-223511-945.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{04446F66-4B31-44B4-9EB6-AE38AFF526CE}\RP2\A0000021.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{04446F66-4B31-44B4-9EB6-AE38AFF526CE}\RP2\A0000031.DLL
C:\WINDOWS\SYSTEM32\PMNKIJJ.DLL
C:\WINDOWS\SYSTEM32\QOMLIFG.DLL

Trojan.Downloader-DNSDoor
C:\WINDOWS\EDITSERVAPI.EXE

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\DDCCA.DLL

Trojan.Downloader-Gen/BigTkt
C:\WINDOWS\SYSTEM32\DRVDIJR.DLL
C:\WINDOWS\SYSTEM32\DRVFETR.DLL
C:\WINDOWS\SYSTEM32\DRVHUTR.DLL
C:\WINDOWS\SYSTEM32\DRVLALR.DLL
C:\WINDOWS\SYSTEM32\DRVPARR.DLL
C:\WINDOWS\SYSTEM32\DRVSUNR.DLL
C:\WINDOWS\SYSTEM32\DRVXUHR.DLL

Trojan.Net-NUSR
C:\WINDOWS\SYSTEM32\NUSRMGR.EXE

Trojan.Downloader-WinXTX32
C:\WINDOWS\SYSTEM32\WINXTX32.DLL

#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 13 September 2007 - 08:47 AM

Looks as if ComboFix was run in Safe Mode again...was that the case?

If not, let us know.

If it was run in Safe Mode, please run it normally in Windows.

Old duck...


#8 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 13 September 2007 - 10:56 PM

ComboFix 07-09-11.1 - "Owner" 2007-09-14 13:37:37.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.153 [GMT 10:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-13 21:52 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-13 21:52 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-13 21:52 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-13 21:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-13 21:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-13 21:52 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-13 21:51 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-09-13 21:51 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-13 21:51 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-12 17:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-12 16:43 52,224 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2007-09-12 16:43 356,352 --a------ C:\WINDOWS\system32\MSSCP.dll
2007-09-12 16:43 27,136 --a------ C:\WINDOWS\system32\WMDMLOG.dll
2007-09-12 16:43 245,760 --a------ C:\WINDOWS\system32\MSWMDM.dll
2007-09-12 16:43 23,552 --a------ C:\WINDOWS\system32\WMDMPS.dll
2007-09-12 16:43 201,728 --a------ C:\WINDOWS\system32\MsPMSP.dll
2007-09-12 16:43 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-09-12 16:40 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-09-12 16:40 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-09-12 16:40 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-09-12 16:40 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-09-12 16:39 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2007-09-12 16:39 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-09-12 16:39 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2007-09-12 16:39 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2007-09-12 16:39 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-09-12 16:32 <DIR> dr------- C:\Program Files\Winamp
2007-09-12 16:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CyberLink
2007-09-12 15:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-12 15:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-09-12 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 18:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-09-11 18:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-09-11 18:49 <DIR> d-------- C:\Program Files\Wedding Dash
2007-09-11 17:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-09-11 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-11 16:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-11 11:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 19:42 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-09 18:21 94,208 --a------ C:\WINDOWS\system32\drvsun.dll
2007-09-09 16:08 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-09-09 16:08 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-09-09 16:08 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-09 16:08 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 16:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-09-09 16:08 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-09-09 16:07 61,440 --a------ C:\WINDOWS\system32\dsnphv71.dll
2007-09-09 16:07 53,248 --a------ C:\WINDOWS\amcap.exe
2007-09-09 16:07 307,200 --a------ C:\WINDOWS\vidcap32.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\vsnphv71.exe
2007-09-09 16:07 28,672 --a------ C:\WINDOWS\system32\vsnphv71.dll
2007-09-09 16:07 220,928 --a------ C:\WINDOWS\system32\drivers\snphv71.sys
2007-09-09 16:07 20,480 --a------ C:\WINDOWS\dsnphv71.exe
2007-09-09 16:07 120,879 --a------ C:\WINDOWS\usnphv71.exe
2007-09-09 16:07 <DIR> d-------- C:\Program Files\Common Files\snphv71
2007-09-08 21:58 499,712 --a------ C:\WINDOWS\MSVCP71.DLL
2007-09-08 20:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Neopets Toolbar
2007-09-07 23:19 93,696 --a------ C:\WINDOWS\system32\drvhut.dll
2007-09-07 22:48 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-09-07 21:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-07 21:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-09-07 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-07 19:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-09-07 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-09-07 16:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 16:46 <DIR> d-------- C:\WTablet
2007-09-07 16:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-06 23:17 94,208 --a------ C:\WINDOWS\system32\drvdij.dll
2007-09-06 22:36 94,208 --a------ C:\WINDOWS\system32\drvpar.dll
2007-09-06 22:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-06 18:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-09-06 17:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-05 21:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Nokia
2007-09-05 21:01 <DIR> d-------- C:\Program Files\DIFX
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Suite
2007-09-05 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-05 20:59 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-05 20:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-09-05 20:58 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 17:27 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-05 15:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-09-05 13:24 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-09-05 13:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-09-05 13:18 <DIR> d-------- C:\Temp
2007-09-05 08:56 <DIR> d-------- C:\Program Files\Bonjour
2007-09-05 08:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-04 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-04 21:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Corel
2007-09-04 21:30 <DIR> d-------- C:\Program Files\Corel
2007-09-04 20:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Shared
2007-09-04 18:28 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
2007-09-04 18:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\FrostWire
2007-09-04 18:25 <DIR> d-------- C:\Program Files\FrostWire
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-04 17:11 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent DNA
2007-09-04 17:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-09-04 17:09 <DIR> d-------- C:\Program Files\mIRC
2007-09-04 17:09 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 15:32 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-07 19:35 1024 --a------ C:\WINDOWS\system32\drivers\513652D0-DB92-40F3-98AD-843EED9731AA.cxv
2007-09-04 13:20 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-09-04 13:20 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-09-03 21:02 99880 --a------ C:\WINDOWS\UnVet32.exe
2007-09-03 21:02 75304 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-09-03 21:02 21032 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-09-03 21:02 15736 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-09-03 21:02 15479 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-09-03 21:02 112168 --a------ C:\WINDOWS\AVShlExt.dll
2007-09-03 20:58 323870 --a------ C:\WINDOWS\system32\Benq Corporation.scr
2007-09-03 20:45 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2003-09-08 13:10 11776 --a------ C:\Program Files\44591875.exe
2003-09-08 13:09 11776 --a------ C:\Program Files\44509984.exe
2003-09-08 13:07 11776 --a------ C:\Program Files\44436359.exe
2003-09-08 13:06 11776 --a------ C:\Program Files\44362968.exe
2003-09-08 13:05 11776 --a------ C:\Program Files\44284656.exe
2003-09-08 13:04 11776 --a------ C:\Program Files\44207734.exe
2003-09-08 13:02 11776 --a------ C:\Program Files\44134109.exe
2003-09-08 13:01 11776 --a------ C:\Program Files\44063765.exe
2003-09-08 13:00 11776 --a------ C:\Program Files\43995687.exe
2003-09-08 01:03 76068 --a------ C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-11_154438.62 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 382,344 2007-04-12 16:14:52 C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
----a-w 304,544 2007-02-22 13:41:12 C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
----a-r 10,134 2007-09-13 11:52:31 C:\WINDOWS\Installer\{0D80391C-0A72-43BB-9BC2-143F63CC111D}\ARPPRODUCTICON.exe
----a-r 15,086 2007-09-13 11:55:02 C:\WINDOWS\Installer\{531317A5-586A-4E36-87C1-CA823447B375}\ARPPRODUCTICON.exe
----a-r 3,262 2007-09-13 11:52:04 C:\WINDOWS\Installer\{6882DD11-33B8-4DEA-8305-7E765BF74BD3}\ARPPRODUCTICON.exe
----a-r 32,768 2007-09-11 06:59:49 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-r 29,696 2007-09-12 05:33:20 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 18,944 2007-09-12 05:33:20 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 65,024 2007-09-12 05:33:20 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-w 164,864 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
----a-w 25,088 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
----a-w 173,568 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
----a-w 364,784 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
----a-w 315,904 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
----a-w 28,160 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
----a-w 33,792 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
----a-w 159,232 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
----a-w 52,224 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
----a-w 201,728 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
----a-w 356,352 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
----a-w 245,760 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
----a-w 27,136 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
----a-w 23,552 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
----a-w 47,104 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
----a-w 15,872 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
----a-w 38,912 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
----a-w 61,952 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
----a-w 114,176 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
----a-w 331,776 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
----a-w 66,560 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
----a-w 331,264 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
----a-w 10,752 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
----a-w 18,944 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
----a-w 38,912 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
----a-w 396,528 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
----a-w 774,904 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
----a-w 413,944 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
----a-w 1,218,808 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
----a-w 895,736 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
----a-w 408,064 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
----a-w 759,296 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
----a-w 484,864 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
----a-w 809,984 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
----a-w 6,656 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
----a-w 96,768 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
----a-w 221,184 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
----a-w 716,288 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
----a-w 224,768 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
----a-w 335,872 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
----a-w 290,816 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
----a-w 150,016 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
----a-w 1,027,072 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
----a-w 1,119,744 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
----a-w 940,544 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
----a-w 1,512,448 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
----a-w 2,370,296 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
----a-w 1,003,008 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
----a-w 6,656 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\laprxy.dll
----a-w 103,936 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\logagent.exe
----a-w 237,568 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\qasf.dll
----a-w 670,720 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmadmoe.dll
----a-w 230,400 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmasf.dll
----a-w 151,552 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmidx.dll
----a-w 1,050,624 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmnetmgr.dll
----a-w 1,119,744 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmsdmoe2.dll
----a-w 896,512 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmspdmoe.dll
----a-w 2,174,976 2006-12-07 07:02:24 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmvcore.dll
----a-w 1,001,472 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmvdmoe2.dll
----a-w 294,912 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
----a-w 258,296 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
----a-w 96,768 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
----a-w 502,272 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
----a-w 142,336 2005-01-28 03:44:28 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
----a-w 286,208 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
----a-w 299,520 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
----a-w 87,040 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
----a-w 695,296 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
----a-w 259,072 2006-02-28 12:00:00 C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 1,275,392 2007-05-08 05:03:04 C:\WINDOWS\system32\msxml4.dll
-c----w 286,208 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\blackbox.dll
-c----w 159,232 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\cewmdm.dll
-c--a-w 258,296 2005-01-28 03:44:28 C:\WINDOWS\system32\dllcache\drmclien.dll
-c----w 87,040 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\drmstor.dll
-c----w 695,296 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\drmv2clt.dll
-c----w 6,656 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\laprxy.dll
-c----w 103,936 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\logagent.exe
-c----w 259,072 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\msnetobj.dll
-c----w 52,224 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mspmsnsv.dll
-c----w 201,728 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mspmsp.dll
-c----w 356,352 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\msscp.dll
-c----w 245,760 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mswmdm.dll
-c----w 237,568 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\qasf.dll
-c--a-w 396,528 2005-01-28 03:44:28 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c----w 670,720 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmadmoe.dll
-c----w 27,136 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmdmlog.dll
-c----w 23,552 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmdmps.dll
-c----w 1,050,624 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmnetmgr.dll
-c----w 759,296 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmsdmod.dll
-c----w 1,119,744 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
-c----w 484,864 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmspdmod.dll
-c----w 896,512 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmspdmoe.dll
-c----w 809,984 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmvdmod.dll
-c----w 1,001,472 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
----a-w 82,432 2007-04-18 00:36:40 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,275,392 2007-05-08 05:06:44 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
----a-r 10,134 2007-09-10 12:56:34 C:\WINDOWS\Installer\{0D80391C-0A72-43BB-9BC2-143F63CC111D}\ARPPRODUCTICON.exe
----a-r 15,086 2007-09-10 12:58:58 C:\WINDOWS\Installer\{531317A5-586A-4E36-87C1-CA823447B375}\ARPPRODUCTICON.exe
----a-r 3,262 2007-09-10 12:56:06 C:\WINDOWS\Installer\{6882DD11-33B8-4DEA-8305-7E765BF74BD3}\ARPPRODUCTICON.exe
----a-w 16,789,464 2007-08-02 11:34:12 C:\WINDOWS\system32\MRT.exe
----a-w 1,233,920 2003-04-18 06:46:22 C:\WINDOWS\system32\msxml4.dll
-c--a-w 286,208 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\blackbox.dll
-c--a-w 159,232 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\cewmdm.dll
-c--a-w 299,520 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\drmclien.dll
-c--a-w 87,040 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\drmstor.dll
-c--a-w 695,296 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\drmv2clt.dll
-c--a-w 6,656 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\laprxy.dll
-c--a-w 103,936 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\logagent.exe
-c--a-w 259,072 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\msnetobj.dll
-c--a-w 52,224 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mspmsnsv.dll
-c--a-w 201,728 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mspmsp.dll
-c--a-w 356,352 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\msscp.dll
-c--a-w 245,760 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mswmdm.dll
-c--a-w 237,568 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\qasf.dll
-c--a-w 408,064 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c--a-w 670,720 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmadmoe.dll
-c--a-w 27,136 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmdmlog.dll
-c--a-w 23,552 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmdmps.dll
-c--a-w 1,050,624 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmnetmgr.dll
-c--a-w 759,296 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmsdmod.dll
-c--a-w 1,119,744 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
-c--a-w 484,864 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmspdmod.dll
-c--a-w 896,512 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmspdmoe.dll
-c--a-w 809,984 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmvdmod.dll
-c--a-w 1,001,472 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-09-04 15:02]
"QOELOADER"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe" [2007-09-03 21:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Service"=taskmgr1.exe
"WindXpUpdate32"=WindXpUpdate

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R2 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys
S3 SNPHV71;PC Camera (602a VGA);C:\WINDOWS\system32\DRIVERS\snphv71.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B5C4767-D8DE-AB3B-7ED0-86C27EE5D2BE}]
C:\Documents and Settings\Owner\My Documents\Downloads\Adobe Photoshop CS3 Crack+Keygen\Keygen.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 15:15:11 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 1 15 AM.job"
- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppv5consumercl.exe
"2007-09-13 16:15:10 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 2 15 AM.job"
- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppv5consumercl.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 13:41:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-14 13:45:04
C:\ComboFix-quarantined-files.txt ... 2007-09-14 13:45
C:\ComboFix2.txt ... 2007-09-13 08:41
C:\ComboFix3.txt ... 2007-09-11 15:45
.
--- E O F ---

#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 15 September 2007 - 08:04 PM

Please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

KILLALL::

File::
C:\WINDOWS\System32\taskmgr1.exe
C:\WINDOWS\system32\WindXpUpdate
C:\WINDOWS\system32\drvdij.dll
C:\WINDOWS\system32\drvpar.dll
C:\WINDOWS\system32\bdod.bin
C:\Program Files\44591875.exe
C:\Program Files\44509984.exe
C:\Program Files\44436359.exe
C:\Program Files\44362968.exe
C:\Program Files\44284656.exe
C:\Program Files\44207734.exe
C:\Program Files\44134109.exe
C:\Program Files\44063765.exe
C:\Program Files\43995687.exe
C:\Program Files\setup.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Service"=-
"WindXpUpdate32"=-


Save as CFScript.txt <-Important!!
Change the Save as type to: All Files
Save it to the Desktop.

Posted Image


Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the new ComboFix log , and the new HijackThis log in your reply.

Old duck...


#10 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 18 September 2007 - 08:30 PM

I tried doing what you said about 4 times and everytime my computer would go all weird and id get a blue screen talking about a system dump and that something went wrong and avast anti virus would pop up saying something about an infection just before hand

#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 19 September 2007 - 08:31 AM

Try one more time, but this time use the following Script:

Copy/ paste the blue text below to Notepad:


File::
C:\WINDOWS\System32\taskmgr1.exe
C:\WINDOWS\system32\WindXpUpdate
C:\WINDOWS\system32\drvdij.dll
C:\WINDOWS\system32\drvpar.dll
C:\WINDOWS\system32\bdod.bin
C:\Program Files\44591875.exe
C:\Program Files\44509984.exe
C:\Program Files\44436359.exe
C:\Program Files\44362968.exe
C:\Program Files\44284656.exe
C:\Program Files\44207734.exe
C:\Program Files\44134109.exe
C:\Program Files\44063765.exe
C:\Program Files\43995687.exe
C:\Program Files\setup.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft System Service"=-
"WindXpUpdate32"=-

Old duck...


#12 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 20 September 2007 - 01:29 AM

That still didnt work.

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 20 September 2007 - 08:52 AM

Please run HijackThis, Scan
Check box for:

O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\RunServices: [WindXpUpdate32] WindXpUpdate

Select: Fix checked

~~~~
Next, download OTMoveIt by OldTimer.
Save it to the Desktop
Double-click OTMoveIt.exe to run it.
Copy the file path below (blue) by highlighting all of them, right-clicking and choosing Copy:


C:\WINDOWS\System32\taskmgr1.exe
C:\WINDOWS\system32\WindXpUpdate
C:\WINDOWS\system32\drvdij.dll
C:\WINDOWS\system32\drvpar.dll
C:\WINDOWS\system32\bdod.bin
C:\Program Files\44591875.exe
C:\Program Files\44509984.exe
C:\Program Files\44436359.exe
C:\Program Files\44362968.exe
C:\Program Files\44284656.exe
C:\Program Files\44207734.exe
C:\Program Files\44134109.exe
C:\Program Files\44063765.exe
C:\Program Files\43995687.exe
C:\Program Files\setup.exe


Return to OTMoveIt, right click Paste List of Files/Folders to be moved and choose Paste.
Click the red Moveit! button.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes

Copy the text on the Results window to post in your reply.

The log from OTMoveIt located at:

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date the tool was run.

Close OTMoveIt

~~~~
If not asked to restart the computer, please do so now.

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please post the OTMoveIt results, and the new HijackThis log in your reply.

Edited by Aaflac, 20 September 2007 - 10:29 AM.

Old duck...


#14 LiLcOoKiE

LiLcOoKiE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 24 September 2007 - 07:45 AM

Moveit results:
File/Folder C:\WINDOWS\System32\taskmgr1.exe not found.
File/Folder C:\WINDOWS\system32\WindXpUpdate not found.
File/Folder C:\WINDOWS\system32\drvdij.dll not found.
File/Folder C:\WINDOWS\system32\drvpar.dll not found.
File/Folder C:\WINDOWS\system32\bdod.bin not found.
File/Folder C:\Program Files\44591875.exe not found.
File/Folder C:\Program Files\44509984.exe not found.
File/Folder C:\Program Files\44436359.exe not found.
File/Folder C:\Program Files\44362968.exe not found.
File/Folder C:\Program Files\44284656.exe not found.
File/Folder C:\Program Files\44207734.exe not found.
File/Folder C:\Program Files\44134109.exe not found.
File/Folder C:\Program Files\44063765.exe not found.
File/Folder C:\Program Files\43995687.exe not found.
File/Folder C:\Program Files\setup.exe not found.

Created on 09-21-2007 00:32:28

hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09, on 2007-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189168616843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 6434 bytes

#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:13 AM

Posted 24 September 2007 - 09:08 PM

Please remove the version of ComboFix you downloaded, and download this one: ComboFix.exe
(This program is updated quite often.)

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

Please post the ComboFix.txt in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users