Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log... Virus Unkown


  • This topic is locked This topic is locked
3 replies to this topic

#1 StonetheCrow77

StonetheCrow77

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 17 October 2007 - 02:00 PM

I get a pop up that says I have Spyware and it wans to download it's software... I'm not doing that, obviously... my PC is much slower... and I can't get to my Control Panel, now for some reason... I ran NOD32 and Spyware Doctor... it found some things and fixed them... but, didn't fix everything... the WinAvXX.exe... I don't know what it is, but I don't like the looks of it...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\DOCUME~1\JERAMY~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJack This\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 5187 bytes

BC AdBot (Login to Remove)

 


#2 StonetheCrow77

StonetheCrow77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 17 October 2007 - 02:30 PM

ComboFix 07-10-17.8 - Jeramy Hall 2007-10-17 14:12:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.115 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\MANTEC~1
C:\Documents and Settings\Administrator\Application Data\MCROSO~1.NET
C:\Documents and Settings\Administrator\Application Data\SMANTE~1
C:\Documents and Settings\Administrator\Application Data\SMANTE~1\w?crtupd.exe
C:\Documents and Settings\Administrator\Application Data\SSTEM3~1
C:\Documents and Settings\Administrator\Application Data\SSTEM3~1\m?config.exe
C:\Documents and Settings\Administrator\My Documents\CROSOF~1
C:\Documents and Settings\Administrator\My Documents\SKS~1
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Jeramy Hall\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\system.exe
C:\Program Files\ecurit~1
C:\Program Files\stem32~1
C:\Program Files\ymbols~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\smante~1
C:\WINDOWS\smante~1\S?mantec\
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\ymante~1
C:\wsusupd.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 14:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 13:52 <DIR> d-------- C:\HiJack This
2007-10-17 01:18 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 01:18 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 01:18 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-17 01:18 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-17 01:18 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 01:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-17 01:17 <DIR> d-------- C:\Documents and Settings\Jeramy Hall\Application Data\PC Tools
2007-10-17 01:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-17 01:17 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-17 01:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-16 23:50 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 23:46 <DIR> d-------- C:\WINDOWS\pss
2007-10-16 11:52 <DIR> d-------- C:\Documents and Settings\Jeramy Hall\Application Data\Microsoft Web Folders
2007-10-14 03:42 152,064 --a------ C:\WINDOWS\snap.dat
2007-10-14 02:17 <DIR> d-------- C:\Documents and Settings\Jeramy Hall\Application Data\Camfrog
2007-10-14 02:16 <DIR> d-------- C:\Program Files\Camfrog
2007-10-14 02:06 <DIR> d-------- C:\WINDOWS\Setup2K
2007-10-14 02:06 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-14 02:06 <DIR> d-------- C:\Program Files\DSC Driver
2007-10-14 02:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-14 02:06 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2007-10-14 02:06 53,248 --a------ C:\WINDOWS\ap561.exe
2007-10-13 09:31 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-13 09:31 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-13 09:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-13 09:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-13 09:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-13 09:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-13 09:30 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-13 03:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-13 02:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-13 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-12 16:16 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-12 16:15 <DIR> d-------- C:\Program Files\MP4 Player
2007-10-12 15:35 <DIR> d-------- C:\Program Files\DivX
2007-10-12 15:20 <DIR> d---s---- C:\Documents and Settings\Jeramy Hall\UserData
2007-10-12 11:11 <DIR> d-------- C:\Documents and Settings\Jeramy Hall\Incomplete
2007-10-12 11:11 <DIR> d-------- C:\Documents and Settings\Jeramy Hall\Application Data\LimeWire
2007-10-12 10:42 <DIR> d-------- C:\Program Files\LimeWire
2007-10-12 08:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-10-12 08:15 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-12 08:15 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-12 08:15 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-12 08:01 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-10-12 07:58 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-10-12 07:54 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-12 03:49 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-12 03:49 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-12 03:49 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-12 03:49 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-12 03:45 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-10-12 03:37 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-10-12 03:37 <DIR> d-------- C:\WINDOWS\Provisioning
2007-10-12 03:37 <DIR> d-------- C:\WINDOWS\PeerNet
2007-10-12 03:37 <DIR> d-------- C:\WINDOWS\ehome
2007-10-11 21:21 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2007-10-11 21:21 <DIR> d-------- C:\Program Files\Memorex External DVD Win98SE USB 2 Drivers - All
2007-10-11 21:18 <DIR> d-------- C:\Program Files\Nero
2007-10-11 21:15 <DIR> d-------- C:\WINDOWS\InCD
2007-10-11 21:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-11 21:06 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-11 21:06 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-11 21:06 <DIR> d-------- C:\Program Files\Ahead
2007-10-11 20:38 <DIR> d-------- C:\Program Files\MagicISO
2007-10-11 10:31 <DIR> d-------- C:\Program Files\Java
2007-10-08 12:21 <DIR> d--h----- C:\WINDOWS\ShellNew
2007-10-07 12:51 <DIR> d---s---- C:\Documents and Settings\Administrator.JERAMY-G5T71LZB\UserData
2007-10-06 23:36 172,032 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2007-10-06 23:36 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2007-10-06 23:36 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2007-10-06 23:36 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2007-10-06 23:36 49,152 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2007-10-06 23:36 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2007-10-06 23:36 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2007-10-04 00:07 <DIR> d-------- C:\WINDOWS\Sun
2007-10-04 00:04 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-03 17:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-30 21:45 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-30 19:58 <DIR> d-------- C:\Program Files\PowerISO
2007-09-30 19:55 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-30 19:49 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-09-30 19:20 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-09-30 18:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-09-30 15:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-09-30 15:59 <DIR> d-------- C:\WINDOWS\system32\Com
2007-09-30 15:59 <DIR> d-------- C:\WINDOWS\Application Compatibility Scripts
2007-09-28 11:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 11:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 11:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-09-28 11:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-09-28 11:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 06:07 --------- d-----w C:\Program Files\BitComet
2007-09-28 16:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-28 16:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-12 08:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 08:00]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 01:22]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-10-08 03:54]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Icatch(VI) SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2007-10-14 02:06:51]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 14:18:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 14:21:58
.
--- E O F ---

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:02 PM

Posted 25 October 2007 - 11:54 PM

Hello StonetheCrow77,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
**************************

You have a suspicious file we need to check.

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\printer.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

**************************


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log and virus total log.

Edited by SifuMike, 26 October 2007 - 12:03 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:02 PM

Posted 30 October 2007 - 04:16 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users