Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me: Attacked By New Win32 Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 ashzoomerintrack

ashzoomerintrack

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 19 September 2007 - 10:26 PM

Hi guys please help me I am attacked by New Win32 Virus since yesterday. When I done a virus scan with McAfee AV it showed me about 500 instances of infection. Most of them are form C:/windows/system32/dllcache & C:/windows/system32/ most of .exe files. Please help me. Also tell me how harmful this virus is & what are consequences.
Also posting HiJack This Log as under:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:48 AM, on 20/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Real Alternative\mpclauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\byxurrr.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SaveDate] C:\WINDOWS\SaveStartDate.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [E-Gold] C:\WINDOWS\TEMP\VRRA.tmp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewerWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A04DC2-B52F-4C09-BE4D-8B3BBBA1E64E}: NameServer = 218.248.240.208 218.248.255.193
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C52BFF1-6FF2-4187-9FC2-86AB091BA77E}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A04DC2-B52F-4C09-BE4D-8B3BBBA1E64E}: NameServer = 218.248.240.208 218.248.255.193
O20 - Winlogon Notify: byxurrr - C:\WINDOWS\SYSTEM32\byxurrr.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O24 - Desktop Component 1: WapsilOnDesktop - http://wapsilon.com/desktop.cgi?http://wapsilon.com/

--
End of file - 8336 bytes
HELP ME

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 20 September 2007 - 12:09 AM

Hi -

• Please download ComboFix from one of the following links:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
- and save it to the Desktop.

1. Double-click on combofix.exe and follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note: Do not mouse-click ComboFix's window while it is running. That may cause your system to stall/hang.

• Post back with ComboFix.txt and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 20 September 2007 - 10:16 AM

Hey waterfalls thanks for your generous help. So as per your direction i have completed all the processes and posting the logs as under:

ComboFix 07-09-20.1 - "Wadekar" 2007-09-20 20:12:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.20 [GMT 5.5:30]
* Created a new restore point
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byxurrr.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-20 20:07 62,464 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 09:25 6,456 ---hs---- C:\WINDOWS\system32\pqppo.bak1
2007-09-20 09:25 297,568 --a------ C:\WINDOWS\system32\oppqp.dll
2007-09-20 08:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-20 08:09 <DIR> d-------- C:\Program Files\Proantivirus Lab
2007-09-20 07:26 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-19 21:29 <DIR> d-------- C:\DOCUME~1\Wadekar\DoctorWeb
2007-09-17 23:56 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-17 23:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-16 01:00 <DIR> d-------- C:\WINDOWS\system32\Delta60
2007-09-16 01:00 <DIR> d-------- C:\Delta60
2007-09-16 00:39 <DIR> d-------- C:\Program Files\Adminsoft Accounts
2007-09-15 23:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-09-15 23:41 <DIR> d-------- C:\Program Files\Lastes
2007-09-15 22:06 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-09-15 22:06 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-09-15 17:00 <DIR> d-------- C:\Program Files\Elohai Accounting 3.0 (experimental release 1.0.1)
2007-09-15 16:47 <DIR> d-------- C:\elohai
2007-09-15 08:09 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\Yahoo!
2007-09-09 13:18 157,184 --a------ C:\WINDOWS\system32\xnrar.dll
2007-09-09 13:18 <DIR> d-------- C:\Program Files\Steinberg
2007-09-08 23:08 319 --a------ C:\update.exe
2007-09-08 23:04 <DIR> d-------- C:\Program Files\Rapidshare Unlimited
2007-09-08 22:30 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\RapidGet
2007-09-08 09:01 <DIR> d-------- C:\Program Files\Estimate Master
2007-09-08 09:01 <DIR> d-------- C:\Program Files\Common Files\Borland
2007-09-08 09:01 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\EMUData
2007-09-08 09:01 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\EMData
2007-09-08 00:03 24 --a------ C:\WINDOWS\essr3332.dll
2007-09-08 00:03 18 --a------ C:\WINDOWS\fspwd.dll
2007-09-08 00:03 18 --a------ C:\WINDOWS\essreg32.dll
2007-09-07 23:23 <DIR> d-------- C:\Program Files\DaySmart
2007-09-03 22:59 15 --a------ C:\WINDOWS\system32\se731.dat
2007-09-03 22:57 89,360 --a------ C:\WINDOWS\system32\vb5db.dll
2007-09-03 22:57 72,704 --a------ C:\WINDOWS\system32\odbctl32.dll
2007-09-03 22:57 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-09-03 22:57 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-09-03 22:57 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-09-03 22:57 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-09-03 22:57 <DIR> d-------- C:\Program Files\Scheduling Employees
2007-09-01 10:15 424,960 --a------ C:\WINDOWS\system32\C4dll.dll
2007-09-01 10:15 282,624 --a------ C:\WINDOWS\system32\Ssppg.dll
2007-09-01 10:15 <DIR> d-------- C:\Program Files\Basic Inventory Control
2007-09-01 09:59 <DIR> d-------- C:\Program Files\worldTVRT
2007-08-31 19:24 <DIR> d-------- C:\Program Files\DFX
2007-08-31 19:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX
2007-08-22 20:40 <DIR> d-------- C:\Program Files\Google Hacks
2007-08-20 23:01 <DIR> d-------- C:\Program Files\A9Tech
2007-08-20 22:57 <DIR> d-------- C:\Program Files\CIMCO
2007-08-20 19:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-20 19:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-20 19:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-08-20 18:57 210,653 --a------ C:\WINDOWS\Screen Calipers Uninstaller.exe
2007-08-20 18:57 <DIR> d-------- C:\Program Files\Screen Calipers 4.0
2007-08-20 18:57 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\Iconico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-13 19:52 --------- d-------- C:\Program Files\VSTPlugIns
2007-08-12 18:25 --------- d-------- C:\Program Files\SamplitudeFX
2007-08-12 09:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SRS Labs
2007-08-12 08:27 --------- d-------- C:\Program Files\clarisys
2007-08-12 08:26 --------- d-------- C:\Program Files\Borland
2007-08-12 00:13 --------- d-------- C:\Program Files\EAP Financial Solutions
2007-08-10 07:56 --------- d-------- C:\Program Files\Common Files\COWON
2007-08-09 22:56 --------- d-------- C:\Program Files\Google
2007-08-08 21:47 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-01 09:38 --------- d-------- C:\DOCUME~1\WADEKAR\APPLIC~1\Apple Computer
2007-08-01 09:26 --------- d-------- C:\Program Files\QuickTime
2007-08-01 09:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-01 09:23 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 09:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-06 22:12 67584 --a------ C:\WINDOWS\system32\xanalyze.dll
2007-07-06 22:12 286720 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-26 20:43 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 19:39 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
1999-07-04 18:30:00 81,961 --sh--w C:\WINDOWS\netconfig.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1914889-BFE7-435E-9EEC-31E8B20A4F58}]
2007-09-20 09:25 297568 --a------ C:\WINDOWS\system32\oppqp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-22 15:35]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 07:58]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52]
"SaveDate"="C:\WINDOWS\SaveStartDate.Exe" [2004-10-21 14:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 03:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 15:33]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Kaspersky Anti-Hacker.lnk - C:\WINDOWS\Installer\{75D46594-4DE1-4A90-AE74-38637D301EF2}\StartUpShortcut.exe [2006-07-27 22:53:19]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-07-28 09:06:40]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-16 11:40:00]

C:\DOCUME~1\WADEKAR\STARTM~1\PROGRAMS\STARTUP\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-25 18:43:04]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-24 02:47:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqp]
C:\WINDOWS\system32\oppqp.dll 2007-09-20 09:25 297568 C:\WINDOWS\system32\oppqp.dll

R0 Klpf;Klpf;C:\WINDOWS\system32\Drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\Drivers\klpid.sys
R2 MSSQL$MSDE;MSSQL$MSDE;C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe -sMSDE
R3 SiS300i;SiS300i;C:\WINDOWS\system32\DRIVERS\sis300ip.sys
R3 US30Kbd;US30Kbd;C:\WINDOWS\system32\Drivers\US30Kbd2K.sys
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 SQLAgent$MSDE;SQLAgent$MSDE;C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlagent.EXE -i MSDE
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{281066IEA0-YUS3AT-D1KMW-F49T8-TVUW72RWM141}]
netconfig.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:45:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-09-17 18:33:06 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_RELIANCE-4B4D00_Wadekar.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-09-18 07:07:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 20:26:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-20 20:36:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 20:36
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:13 PM, on 20/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SaveDate] C:\WINDOWS\SaveStartDate.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewerWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C52BFF1-6FF2-4187-9FC2-86AB091BA77E}: NameServer = 61.1.96.69,61.1.96.71
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O24 - Desktop Component 1: WapsilOnDesktop - http://wapsilon.com/desktop.cgi?http://wapsilon.com/

--
End of file - 7160 bytes

Thanks again for your help and please guide me further

Edited by ashzoomerintrack, 20 September 2007 - 10:17 AM.


#4 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 20 September 2007 - 02:28 PM

Hi -

• Uninstall the following programs:
- Go to Start > Control Panel > Add/Remove Programs
- Select Megaupload > click Remove
- Select RapidShare Downloader > click Remove
- Select Downloader Accelerator (DAP) > click Remove
- Exit.

• Reboot your computer.

• Navigate to and delete the following folders if present:
C:\Program Files\Megaupload
C:\Program Files\RapidShare Downloader
C:\Program Files\Downloader Accelerator (DAP)

• Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log in your next reply.
• Post back with the log from Superantispyware and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 21 September 2007 - 12:18 PM

Completed all tasks as you have said and the logs are as follows:

HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:43 PM, on 21/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MSDE\Binn\sqlservr.exe
D:\Tally9.0\tallylicserver.exe
D:\Tally9.0\Tally9.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SM1MT2.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SaveDate] C:\WINDOWS\SaveStartDate.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [E-Gold] C:\WINDOWS\TEMP\VRRA.tmp
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\kdrxmxos.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewerWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C52BFF1-6FF2-4187-9FC2-86AB091BA77E}: NameServer = 61.1.96.69,61.1.96.71
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Tally License Server (NT) (Tally License Server) - Unknown owner - D:\Tally9.0\tallylicserver.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O24 - Desktop Component 1: WapsilOnDesktop - http://wapsilon.com/desktop.cgi?http://wapsilon.com/

--
End of file - 7515 bytes


SuperAnti Spyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2007 at 09:39 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 01:03:42

Memory items scanned : 406
Memory threats detected : 0
Registry items scanned : 730
Registry threats detected : 0
File items scanned : 24700
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\Wadekar\Cookies\wadekar@volkswagen.122.2o7[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@80135335[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ads.pointroll[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@cgi-bin[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@wpni.112.2o7[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@mediaplex[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@mb[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@15527479[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@as.casalemedia[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ad.yieldmanager[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@pornotube[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@kanoodle[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@valueclick[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@teenadvice.about[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ads.mediaturf[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@server.iad.liveperson[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@casalemedia[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@phg.hitbox[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@atdmt[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@yadro[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@hitbox[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@nextag[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@spylog[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@counter2.sextracker[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@specificclick[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@mb[4].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@as-us.falkag[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@4.adbrite[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@media.fastclick[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@partypoker[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@rambler[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@statse.webtrendslive[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@www2.mystats[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@tribalfusion[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ads.us.e-planning[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@clicksor[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@adbrite[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@fastclick[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@adinterax[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@click.netpondcash[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@apmebf[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@xiti[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@adtech[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@S0031-01-3-14-163158-60591[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@adserver.adreactor[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@overture[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@standard8media[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ads.tarrobads[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@trafficmp[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@gostats[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@partygaming.122.2o7[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@cs.sexcounter[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@tacoda[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@revsci[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@sextracker[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@realmedia[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@zedo[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@webstat[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@advertising[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@i[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@revenue[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@hotlog[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@doubleclick[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@toplist[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@ehg-gamespot.hitbox[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@statcounter[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@questionmarket[2].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@1071699511[1].txt
C:\Documents and Settings\Wadekar\Cookies\wadekar@counter.hitslink[1].txt

Trojan.Hoster
E:\WINAMP\PLUGINS\DSP_EAMP3.DLL
E:\INSTALLATION FILES\WINAMP\PLUGINS\DSP_EAMP3.DLL

Malware.AlertSpy
E:\INSTALLATION FILES\SPY ALERT\SETUP.EXE

Please guide me further............

#6 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 21 September 2007 - 10:08 PM

You've gotten reinfected.

• I see no software Firewall program present on your system. This will greatly help in preventing your system from being infected by malware. Please install a Firewall program because you really do need one.
Comodo is a good FREE software Firewall program.
See, Understanding and Using Firewalls

• Open HijackThis.
- Click on Open Misc Tools Section
- Click on Open Uninstall Manager
- Click Save list
- A window will open advising you where the list will be saved
- Click Save
- Post the uninstall_list.txt in your next reply.
- Exit HijackThis.

• Run ComboFix again.

• Post back with the Uninstall List, the new ComboFix log and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 22 September 2007 - 12:56 PM

Hi Waterfalls,
I tried to save uninstall list but the program is getting terminated. plz tell me what to do. Let me know if in any way i can post you the list. Furthermore am i reinfected???? Also should i run ComboFix or not????

#8 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 22 September 2007 - 01:51 PM

Yes and yes. You're reinfected which is why I want you to install a firewall program and then run ComboFix again. Post the new ComboFix log along with a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 24 September 2007 - 12:59 PM

Hi Waterfalls All Tasks completed and posting the logs, also i have one problem I am using comodo as said but when turn it on i cannot connect to internet or download pages. Why is this happening ?????

ComboFix 07-09-20.1 - "Wadekar" 2007-09-24 22:46:22.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.19 [GMT 5.5:30]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fbkgmoob.dll
C:\WINDOWS\system32\guapsxcm.dll
C:\WINDOWS\system32\imjtauit.dll
C:\WINDOWS\system32\tmeeqskx.ini
C:\WINDOWS\system32\xksqeemt.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.

2007-09-24 22:30 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\Comodo
2007-09-24 22:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-24 22:16 <DIR> d-------- C:\Program Files\Comodo
2007-09-24 08:57 11,840 --a------ C:\WINDOWS\system32\gcsgdfdc.dll
2007-09-22 22:06 11,840 --a------ C:\WINDOWS\system32\ityjeftd.dll
2007-09-21 22:06 11,840 --a------ C:\WINDOWS\system32\jpslnviq.dll
2007-09-21 22:05 834,037 ---hs---- C:\WINDOWS\system32\pqppo.bak2
2007-09-21 18:05 7,498 ---hs---- C:\WINDOWS\system32\pqppo.ini2
2007-09-21 18:01 <DIR> d--hs---- C:\FOUND.017
2007-09-21 08:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-21 08:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-21 08:31 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\SUPERAntiSpyware.com
2007-09-20 20:07 128,000 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 09:25 6,456 ---hs---- C:\WINDOWS\system32\pqppo.bak1
2007-09-20 09:25 297,568 --a------ C:\WINDOWS\system32\oppqp.dll
2007-09-20 08:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-20 08:09 <DIR> d-------- C:\Program Files\Proantivirus Lab
2007-09-20 07:26 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-19 21:29 <DIR> d-------- C:\DOCUME~1\Wadekar\DoctorWeb
2007-09-17 23:56 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-17 23:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-16 01:00 <DIR> d-------- C:\WINDOWS\system32\Delta60
2007-09-16 01:00 <DIR> d-------- C:\Delta60
2007-09-16 00:39 <DIR> d-------- C:\Program Files\Adminsoft Accounts
2007-09-15 23:41 <DIR> d-------- C:\Program Files\Lastes
2007-09-15 22:06 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-09-15 22:06 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-09-15 17:00 <DIR> d-------- C:\Program Files\Elohai Accounting 3.0 (experimental release 1.0.1)
2007-09-15 16:47 <DIR> d-------- C:\elohai
2007-09-15 08:09 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\Yahoo!
2007-09-09 13:18 157,184 --a------ C:\WINDOWS\system32\xnrar.dll
2007-09-09 13:18 <DIR> d-------- C:\Program Files\Steinberg
2007-09-08 23:08 319 --a------ C:\update.exe
2007-09-08 22:30 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\RapidGet
2007-09-08 09:01 <DIR> d-------- C:\Program Files\Estimate Master
2007-09-08 09:01 <DIR> d-------- C:\Program Files\Common Files\Borland
2007-09-08 09:01 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\EMUData
2007-09-08 09:01 <DIR> d-------- C:\DOCUME~1\Wadekar\APPLIC~1\EMData
2007-09-08 00:03 24 --a------ C:\WINDOWS\essr3332.dll
2007-09-08 00:03 18 --a------ C:\WINDOWS\fspwd.dll
2007-09-08 00:03 18 --a------ C:\WINDOWS\essreg32.dll
2007-09-07 23:23 <DIR> d-------- C:\Program Files\DaySmart
2007-09-03 22:59 15 --a------ C:\WINDOWS\system32\se731.dat
2007-09-03 22:57 89,360 --a------ C:\WINDOWS\system32\vb5db.dll
2007-09-03 22:57 72,704 --a------ C:\WINDOWS\system32\odbctl32.dll
2007-09-03 22:57 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-09-03 22:57 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-09-03 22:57 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-09-03 22:57 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-09-03 22:57 <DIR> d-------- C:\Program Files\Scheduling Employees
2007-09-01 10:15 424,960 --a------ C:\WINDOWS\system32\C4dll.dll
2007-09-01 10:15 282,624 --a------ C:\WINDOWS\system32\Ssppg.dll
2007-09-01 10:15 <DIR> d-------- C:\Program Files\Basic Inventory Control
2007-09-01 09:59 <DIR> d-------- C:\Program Files\worldTVRT
2007-08-31 19:24 <DIR> d-------- C:\Program Files\DFX
2007-08-31 19:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-22 20:40 --------- d-------- C:\Program Files\Google Hacks
2007-08-20 23:01 --------- d-------- C:\Program Files\A9Tech
2007-08-20 22:57 --------- d-------- C:\Program Files\CIMCO
2007-08-20 18:57 210653 --a------ C:\WINDOWS\Screen Calipers Uninstaller.exe
2007-08-20 18:57 --------- d-------- C:\Program Files\Screen Calipers 4.0
2007-08-20 18:57 --------- d-------- C:\DOCUME~1\WADEKAR\APPLIC~1\Iconico
2007-08-13 19:52 --------- d-------- C:\Program Files\VSTPlugIns
2007-08-12 18:25 --------- d-------- C:\Program Files\SamplitudeFX
2007-08-12 09:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SRS Labs
2007-08-12 08:27 --------- d-------- C:\Program Files\clarisys
2007-08-12 08:26 --------- d-------- C:\Program Files\Borland
2007-08-12 00:13 --------- d-------- C:\Program Files\EAP Financial Solutions
2007-08-10 07:56 --------- d-------- C:\Program Files\Common Files\COWON
2007-08-09 22:56 --------- d-------- C:\Program Files\Google
2007-08-08 21:47 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-01 09:38 --------- d-------- C:\DOCUME~1\WADEKAR\APPLIC~1\Apple Computer
2007-08-01 09:26 --------- d-------- C:\Program Files\QuickTime
2007-08-01 09:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-01 09:23 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 09:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-06 22:12 67584 --a------ C:\WINDOWS\system32\xanalyze.dll
2007-07-06 22:12 286720 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-26 20:43 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 19:39 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 11:38 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
1999-07-04 18:30:00 81,961 --sh--w C:\WINDOWS\netconfig.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_203400.94 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 144,509 2007-02-09 11:58:18 C:\WINDOWS\UninstallFirefox.exe
------w 56,832 2001-08-23 06:30:00 C:\WINDOWS\system32\drwtsn32.exe
----a-w 10,752 2007-09-24 14:13:42 C:\WINDOWS\system32\BASSMOD.dll
----a-w 864,008 2007-09-21 02:06:42 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 6,144 2001-08-24 02:00:00 C:\WINDOWS\system32\ftlx041e.dll
----a-w 359,424 2007-07-22 13:09:28 C:\WINDOWS\system32\swreg.exe
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdth0.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdth1.dll
----a-r 6,144 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdth2.dll
----a-r 6,144 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdth3.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdheb.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbda1.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbda2.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbda3.dll
----a-w 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdusa.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdfa.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdurdu.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbddiv1.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbddiv2.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdsyr1.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdsyr2.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdvntc.dll
----a-w 10,752 2001-08-24 02:00:00 C:\WINDOWS\system32\c_iscii.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdindev.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdintam.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdinmar.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdinhin.dll
----a-r 6,144 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdinpun.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdinguj.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdintel.dll
----a-r 5,632 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdinkan.dll
----a-r 5,120 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdgeo.dll
----a-r 5,120 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdarme.dll
----a-r 5,120 2001-08-24 02:00:00 C:\WINDOWS\system32\kbdarmw.dll
----a-w 185,344 2001-08-24 02:00:00 C:\WINDOWS\system32\Thawbrkr.dll
----a-w 32,768 2007-09-24 17:25:32 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-24 17:25:32 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 12,288 2007-09-23 04:48:38 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YFSBKFWZ\adv735[1].exe
----a-w 16,384 2007-09-24 17:25:32 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 51,328 2007-09-24 16:46:14 C:\WINDOWS\system32\drivers\inspect.sys
----a-w 75,520 2007-09-24 16:46:14 C:\WINDOWS\system32\drivers\cmdmon.sys
----a-w 178,688 2004-06-23 18:02:00 C:\WINDOWS\system32\spool\drivers\w32x86\E_SM1RN2.EXE
----a-w 90,112 2006-07-14 07:34:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 19,456 2001-08-24 02:00:00 C:\WINDOWS\msagent\intl\agt040d.dll
----a-w 19,456 2001-08-24 02:00:00 C:\WINDOWS\msagent\intl\agt0401.dll
----a-w 16,384 2007-09-24 17:30:26 C:\WINDOWS\Temp\Perflib_Perfdata_480.dat
----a-w 200,192 2004-08-03 17:26:54 C:\WINDOWS\mui\muisetup.exe
----a-r 30,208 2007-09-21 03:01:48 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r 73,728 2007-09-21 03:01:48 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r 76,288 2007-09-21 03:01:48 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
----a-w 40,262 2007-09-24 16:59:14 C:\WINDOWS\SysOri\SetReg.dll
----a-w 108,032 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
----a-w 115,200 2004-08-03 17:26:52 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
----a-w 58,368 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
----a-w 50,176 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
----a-w 118,784 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
----a-w 167,936 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
----a-w 1,069,056 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
----a-w 73,728 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
----a-w 303,104 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
----a-w 86,016 2004-08-03 22:56:58 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
----a-w 831,488 2004-08-03 22:56:52 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
----a-w 286,720 2004-08-03 17:26:58 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
----a-w 897,024 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
----a-w 786,432 2004-08-03 22:56:58 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
----a-w 178,176 2007-09-17 09:55:02 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 178,176 2007-09-17 09:55:02 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 178,176 2007-03-13 05:27:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
----a-w 99,965 2007-02-09 11:58:18 C:\WINDOWS\UninstallFirefox.exe
----a-w 56,832 2001-08-23 06:30:00 C:\WINDOWS\system32\drwtsn32.exe
----a-w 10,752 2007-08-11 17:14:18 C:\WINDOWS\system32\BASSMOD.dll
----a-w 804,304 2007-09-20 01:45:24 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 424,960 2007-09-20 14:37:52 C:\WINDOWS\system32\swreg.exe
----a-w 32,768 2007-09-20 14:53:58 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-20 14:53:58 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 16,384 2007-09-20 14:53:58 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 145,920 2004-06-23 18:02:00 C:\WINDOWS\system32\spool\drivers\w32x86\E_SM1RN2.EXE
----a-w 57,344 2006-07-14 07:34:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 167,424 2004-08-03 17:26:54 C:\WINDOWS\mui\muisetup.exe
----a-w 40,262 2007-09-20 14:57:28 C:\WINDOWS\SysOri\SetReg.dll
----a-w 96,768 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
----a-w 103,936 2004-08-03 17:26:52 C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
----a-w 47,104 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
----a-w 38,912 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
----a-w 73,728 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
----a-w 122,880 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
----a-w 991,232 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
----a-w 28,672 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
----a-w 192,512 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
----a-w 73,728 2004-08-03 22:56:58 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
----a-w 786,432 2004-08-03 22:56:52 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
----a-w 208,896 2004-08-03 17:26:58 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
----a-w 819,200 2005-01-28 08:14:28 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
----a-w 774,144 2004-08-03 22:56:58 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
----a-w 163,328 2007-09-17 09:55:02 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 163,328 2007-09-17 09:55:02 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5CCC246-B5CA-4CD2-9431-2190E5A9E137}]
2007-09-20 09:25 297568 --a------ C:\WINDOWS\system32\oppqp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-22 15:35]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 07:58]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52]
"SaveDate"="C:\WINDOWS\SaveStartDate.Exe" [2004-10-21 14:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 03:52]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-24 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 15:33]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-07-28 09:06:40]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-16 11:40:00]

C:\DOCUME~1\WADEKAR\STARTM~1\PROGRAMS\STARTUP\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-25 18:43:04]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-24 02:47:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqp]
C:\WINDOWS\system32\oppqp.dll 2007-09-20 09:25 297568 C:\WINDOWS\system32\oppqp.dll

R3 SiS300i;SiS300i;C:\WINDOWS\system32\DRIVERS\sis300ip.sys
R3 US30Kbd;US30Kbd;C:\WINDOWS\system32\Drivers\US30Kbd2K.sys
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{281066IEA0-YUS3AT-D1KMW-F49T8-TVUW72RWM141}]
netconfig.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:45:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-09-21 18:33:02 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_RELIANCE-4B4D00_Wadekar.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-09-18 07:07:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 23:01:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-24 23:11:35 - machine was rebooted
C:\ComboFix2.txt ... 2007-09-20 20:36
C:\ComboFix-quarantined-files.txt ... 2007-09-24 23:11
.
--- E O F ---


HiJack This Log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:58 PM, on 24/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SaveDate] C:\WINDOWS\SaveStartDate.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Wadekar\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewerWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C52BFF1-6FF2-4187-9FC2-86AB091BA77E}: NameServer = 61.1.96.69,61.1.96.71
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O24 - Desktop Component 1: WapsilOnDesktop - http://wapsilon.com/desktop.cgi?http://wapsilon.com/

--
End of file - 7230 bytes


Please guide further..............

#10 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 September 2007 - 04:14 PM

Hi -

To setup Comodo, see here:
http://www.wilderssecurity.com/showthread.php?t=145704

I see that you have run Panda Online Scan before. Kindly scan your computer there.

Post back with the results of the Panda Online Scan and a new HijackThis log. Also, let me know how your computer is running now.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 ashzoomerintrack

ashzoomerintrack
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 05 October 2007 - 02:53 AM

Hey waterfalls plz guide me which is the best anti virus software i should use?????

#12 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 05 October 2007 - 12:46 PM

Hi -

I will be glad to answer your question. However, as I previously requested, please scan your computer with Panda Online Scanner and post back with the results along with a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#13 waterfalls

waterfalls

    Malware Exorcist


  • Staff Emeritus
  • 621 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 08 October 2007 - 11:15 AM

Due to a lack of response ... this topic is closed.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users